Re: An application, script, or AD Saved query that ...
- From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
- Date: Wed, 30 Aug 2006 22:30:38 +0100
This isn't straight forward. You need to do this with script or code. One
way of doing this is to pull all the groups that a given user is a member
of, and then check each group to see if it is mail-enabled, or
mailbox-enabled.
The problem here is getting the complete list of group membership. This
isn't a trivial task if you fancy pulling member of and then chasing any
nestings. It's probably going to be easier to pull tokenGroups, convert the
SIDs into groups, and then check the groups.
There's probably also a couple of ways of finding whether or a group is mail
or mailbox enabled. You can't use sAMAccountType as Exchange will make
Distribution Groups Security groups if someone uses the group as part of an
ACL, and you can't just check for a mailbox as mail enabled groups don't
have mailboxes (only mailbox enabled groups) therefore you're probably best
off checking for an e-mail address.
The above isn't trivial, but can be done with a variety of languages. You
can do this with VB Script. There should be examples for each of the steps
available. You'll have to put it all together and add error handling and
output, etc.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- Prev by Date: Re: sys vol check
- Next by Date: Re: DNS Reverse Lookup and forwarding requests
- Previous by thread: Re: DNS Reverse Lookup and forwarding requests
- Next by thread: Re: An application, script, or AD Saved query that ...
- Index(es):
Relevant Pages
|
