RE: [ActiveDir] ProxyAddress Verification Tools

[joseph.e.kaplan]

We do our own stuff here too.  We have some custom S.DS applications that we use to try to find and fix.  Sorry, but I can’t share.  We also use web apps or other custom code to control what proxyAddresses get set on users, groups and contacts, and thus try to ensure that we don’t screw things up anyway.  For security principals, we try hard to make sure that cn, sAMAccountName, UPN prefix (if applicable) and SMTP alias (mailNickname) are all the same and meet the validation rules for each of these.  This makes life in AD and Exchange much easier.   On this particular note, one thing we recently discovered is that Exchange 2003 hates it when it tries to build the OAB and there are mismatches between the mail attribute and the primary SMTP proxyAddresses value.  Spits out many errors and won’t build.  Exchange 2000 didn’t seem to mind this.   Hence, that is an additional validation that needs to be performed now (some of you may have already known about this).   I think a joeware tool that could at least detect issues would be greatly helpful.  Resolving them automatically is pretty hard, but finding them is more possible.  This could even be a pretty efficient app if it worked based on change polling so that it didn’t have to scan the entire directory every time, but could just validate the deltas.   The validations we do are duplicate proxyAddresses, invalid SMTP address formats (Exchange is very picky about these.  Read the RFC VERY carefully.  Most regexes aren’t tight enough!), and now mail/proxyAddresses mismatches.  Are these others we are missing?   Joe K.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, November 03, 2004 5:22 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] ProxyAddress Verification Tools   What is the best tool out there that checks and verifies proxyaddresses are good (format and info) and not duplicated in a forest? I have a perl script to do it, but would like something faster and don't really want to write it but will if I have to.   You are verifying your proxyaddresses right? If not, you might consider it. In my last position at a world class widget factory company that was a huge issue and caused Exchange great stress. We found thousands of issues in the proxyaddresses.     joe This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.