Just a quick comment: Microsoft allows vendors to create their own proxy types. Cisco has a couple, for example, that are installed when you install their VoiceConnector and BridgeConnector. I don't know if they are supposed to be registered or not, though. I would hope so.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, November 04, 2004 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ProxyAddress Verification Tools 1. No argument. This could be internally generated, people issues, or at the widget factory we once saw a real fun issue with something the ADC was doing which really dorked the proxyaddresses on us for x.400 once. 2. Agreed. The blank smtp proxyaddresses I was told by MS could cause some weird NDRs. I didn't get anymore info than that. I don't really know the backend tech details on what they do with the proxyaddresses and more importantly exactly how they do it. Implementation details on the use of proxyaddresses would be nice, including queries against them etc. Question for you Al, are you aware of any valid reasons for duped proxy addresses? MS says they shouldn't be duped period. But just curious if someone found some hack that seems to work to do this or that. I don't mean just dupes of primary, I mean any dupes at all. Also is there is a comprehensive list of the valid proxyaddress types like smtp, ms,ccmail,profs,snads, etc. I have seen some very different interesting ones lately. Is there a good doc on SMTP address validity checking? I looked at one RFC but that is one of the more confusing RFCs I have read, don't recall which it was but the valid chars were on I think pages 8/9. Any docs on valid x500/x400 values? I am definitely looking from the report side versus the autofix side. Autofixing this stuff would almost certainly not be a good thing though I expect I would get requests of how about just fixing it when you find it versus just saying something which is what I get with gcchk (lingering object detection). Some things I am a bit leary to muck with. The last random thoughts are good and I was thinking along those lines but that would be a ways out, looking for a way to quickly identify the basics right now. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, November 04, 2004 7:20 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ProxyAddress Verification Tools Those are good boundaries. I'd say that if you have that kind of garbage two things are likely true: 1) you have a bad process somewhere that needs to be cleaned up 2) if you write a tool, it needs to be customizable for the site that's using it. Most sites will have their own customizations of what's correct and what's not. In the case of a tool that checks this, you would want to have a base of correctness and then customizations on top of that. i.e. properly formatted SMTP addresses wherever found, duplicates among primary or any proxy-addresses or both, character checking (multi-language?)(should be able to handle both 2821 and 821 specs for legacy reasons) would be examples of base-level function. Blank proxy-addresses? You might report it, but that's necessarily any more than bloat so action may not be worth it. Maybe an option? Adding an option to export the information or logging it in a way that it's easily put back if they find out they still have old dec mailers around would be good ;) Keep in mind that per RFC 6. Invalid smtp address format like [EMAIL PROTECTED]@joeware.net [EMAIL PROTECTED]@joeware.net is not invalid. It may not be a great idea, but it's compliant and should be allowed. There's also other combinations that are possible that in practice people shouldn't do. For legacy reasons they might need it but really should just get a report about it vs fixing it. Just some random thoughts Joe. It would be nice to have something that checks for dups and format as long as the format is configurable in a pattern matching way (such as [EMAIL PROTECTED] would be looking for [EMAIL PROTECTED] addresses and would check that with the users sn, and givenname field values etc.) Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, November 03, 2004 7:04 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ProxyAddress Verification Tools Verify as in verify that garbage isn't in the proxyaddresses field. What does that mean to me? Things I have commonly seen 1. Values that mean nothing (i.e. value but no label), like say the whole value is @domain.com or alice or something else silly. 2. A label but no value, like SMTP: or X400: 3. Duped labels like X400:X400 4. Duplicate addresses, x400 or smtp or ms or ccmail or ? Any dupes are bad. At the Widget factory we had 50+ conference room mailboxes sharing x400 addresses that were migrated from 5.5, it was a mess. Whether that was due to the special provisioning and such or something in the migration I never heard and not sure anyone figured it out, I identified them, they fixed them. 5. Invalid characters in smtp addresses like spaces, unicode, special characters. 6. Invalid smtp address format like [EMAIL PROTECTED]@joeware.net or joe@ 7. Invalid x400... Though this one I have had to do manually in terms of what the proper values for the pieces are, would like to work that out programmatically as well to make it more generic. Also what characters aren't valid for x400? Then there is bloat, like having SNADS or PROFS or CCMAIL or MSMAIL entries and you only have Exchange email. Most of this could be attributed to provisioning systems gone bad or bad scripts or people just putting garbage in through interfaces that allow it (proxyAddresses is simply a MV attribute in AD). I wouldn't put it past the system in various versions making a mistake and putting something there. I haven't known of anything in particular doing it but have run into occasions where there was no other simple explanation and could never be duplicated using any methods allegedly being used. I don't think the best practices analyzer does it though I should positively rule it out. It seems as a rule AD tends to get messy as most people aren't looking at cleaning it up. The Exchange attributes seem to be even more ripe in some environments because people are positively afraid to touch anything in the Exchange attributes. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, November 03, 2004 7:36 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ProxyAddress Verification Tools When you say verify, what do you mean exactly. That means multiple things to me, such as whether one was created, whether there are dups, whether it conforms to the naming standards, and so on. Can you provide some boundaries? Personally, I haven't seen anything that does this as a tool. Although it's expected that this is built in to the creation process, there are ways this can get messed up and there are ways to circumvent even the safe-guards built into the Exchange product. There are ways to prevent it as well such as having a good system of unique id's for user LHS of the SMTP addresses etc. In practice, you never see users with unfriendly smtp addresses for very long though :) Haven't looked at the new health checker to see if it identifies proxy-address issues. Probably should. I would think a perl or vbscript with regular expressions would be helpful, but for dups it would require a little more effort to catch before monitoring does especially in a large environment. Some sort of database app would be most efficient I would think. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, November 03, 2004 6:22 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] ProxyAddress Verification Tools What is the best tool out there that checks and verifies proxyaddresses are good (format and info) and not duplicated in a forest? I have a perl script to do it, but would like something faster and don't really want to write it but will if I have to. You are verifying your proxyaddresses right? If not, you might consider it. In my last position at a world class widget factory company that was a huge issue and caused Exchange great stress. We found thousands of issues in the proxyaddresses. joe List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
