An interesting way to do this. Thanks again Joe. Mike Newell Information Systems Manager OSI Systems
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, May 06, 2004 5:41 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Simple LDAP Query Nope. RUS is not using the query. It is interpreting it internally which is why you can see queries that work perfectly in ESM when you have it test the query but blow up in very odd ways when the RUS gets a hold of it. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Newell Sent: Thursday, May 06, 2004 1:38 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] Simple LDAP Query Hey, Just curious but would indexing the custom attribute included in the AL speed things up? More asking than posting a solution. Thanks, Mike. ________________________________ From: [EMAIL PROTECTED] on behalf of Mulnick, Al Sent: Wed 5/5/2004 1:30 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Simple LDAP Query It's probably that last option that will be your best option for a hosting scenario. It's why that kb is there in the first place and would like provide the best results in your situation. Al ________________________________ From: joe [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 05, 2004 11:59 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Simple LDAP Query I haven't tried it but one of the things I was looking at previously is prepopulating the attribute that has the lists an object is part of. I think that attribute is showInAddressBook? It should have the DN of the list that the object is a member of. Here is one article on the AL stuff - http://support.microsoft.com/default.aspx?scid=kb;EN-US;304516 Here is another talking about how RUS does the ALs - http://support.microsoft.com/default.aspx?scid=kb;EN-US;253828 You could look at http://support.microsoft.com/default.aspx?scid=kb;EN-US;253770 and possibly consider if you could get away from using the RUS by beefing up your provisioning system. joe ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, May 05, 2004 10:40 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Simple LDAP Query We do Exchange hosting, and as a service it has taken off. Each company has it's own OU and then objects (users, groups, and contacts) within that OU. Each company has 3 address list objects (an "All Address Lists", a "Global Address List", and an "Offline Address List"). Each address list is dedicated to that company. Only mail-enabled objects for that company are present in the address list (mail=*) and searching for (extensionattribute10=some-unique-tag) limits the A/L to that company. Each server hosts a relatively small number of companies and is the address list server for the companies whose mailbox is on that server. Each server is also a "scaled-out" server. It's not a hefty box. Client churn is a big deal. On some servers the store maintenance doesn't finish in the standard timeframe. Logging indicates that it is due to A/L rebuilds. So... I was looking to improve my A/L queries. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, May 05, 2004 10:06 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Simple LDAP Query Why do you need both attributes? And if you're trying to build an AL, why is the speed such a big concern? How many objects are we talking about? What's the big picture of the solution? ________________________________ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 05, 2004 9:31 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Simple LDAP Query I'm using an extensionattribute and the mail attribute right now, to do precisely this. But it's dog slow and it complicates provisioning. If it just can't be done, well it can't be done. I'll live with what I've got -- I just wanted to improve my current process. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, May 05, 2004 9:13 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Simple LDAP Query Trying to figure out exactly what you want to accomplish. You cannot use an OU as the criteria for Address books as previously mentioned, you can however use an attribute, a group (as mentioned), etc. to make this work. You could tag each object in the particular OU with criteria such as "my criteria for OU1". That would allow you to have a particular OU built into an AL in effect. As for searching, why not just figure if it's mail-enabled or mailbox-enabled, it fits your match and you'll take it? ________________________________ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 9:39 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Simple LDAP Query The problem is with contacts and public folders. I already do the crawl. But contacts within the OU's are a particular pain. Perhaps I'm wrong, but I figure that there HAS to be a way. :-P (Hope springs eternal...) ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Tuesday, May 04, 2004 8:33 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Simple LDAP Query You can't do that with exchg. Get a security group with everybody in the OU, and search for (memberOf=DNToGroup). I know it's a pain - I do it. If the OUs are constantly going to change, write an agent to crawl them every night and update the groups. --Brian Desmond -----Original Message----- From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tue 5/4/2004 7:27 PM To: [EMAIL PROTECTED] Cc: Subject: RE: [ActiveDir] Simple LDAP Query Unfortunately, I don't have the luxury of specifying my search base. I need a query that I can, specifically, place into an "All Address Lists" object in Exchange System Manager. So effectively I'm limited to a search base of the domain. But thanks for your response. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Tuesday, May 04, 2004 6:00 PM To: [EMAIL PROTECTED] Subject: AW: [ActiveDir] Simple LDAP Query Hi Michael, just define it in the search base, e.g. LDAP://ou=myou,dc=mydomain,dc=com. You define usually searchbase, filter, attribues and scope - and searchbase does not need to be the domain, it can be any LDAP Path. HTH, Ulf ________________________________ Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Michael B. Smith Gesendet: Dienstag, 4. Mai 2004 23:38 An: [EMAIL PROTECTED] Betreff: [ActiveDir] Simple LDAP Query I'm obviously missing something simple... How do I construct a query to return all the objects in a particular OU? (To be specific, I want to return everything in an OU that is mail-enabled -- but I can do the rest given the syntax to search only a particular OU.) Thanks List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
