Agreed. The reference I was using (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_proxyaddresses.asp?) talks about proxyAddresses specifically in the context of Exchange, but does not mention that forestprep bumps it up to the global catalog. Though I should have just looked at the schema in the first place before posting incorrect information. Happy New Year's everyone!
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of joe
Sent: Fri 12/31/2004 12:11 PM
To: [email protected]
Cc:
Subject: RE: [ActiveDir] How to find duplicate proxy address in Active
Directory
The first hit I had on proxyAddresses though for MS took me to the base
object definition. It even mentions Exchange. My request is that they combine
all of the MS Schema stuff together so you can look at one page and have an
understanding of what the configs will be with the different MS updates. I
don't think it is asking MS too much to have all of their Schema info in one
easy to read place. They are developing the content in the products. Document
it nicely so people can easily find it.
joe
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael
B. Smith
Sent: Friday, December 31, 2004 12:12 PM
To: [email protected]
Subject: RE: [ActiveDir] How to find duplicate proxy address in Active
Directory
It's there already, just not in the most obvious place:
http://msdn.microsoft.com/library/en-us/e2k3/e2k3/e2k3_ldf_all_ad_schema_intro.asp
and
http://msdn.microsoft.com/library/en-us/e2k3/e2k3/e2k3_ldf_attributeSchema_Proxy_Addresses.asp
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, December 30, 2004 11:53 AM
To: [email protected]
Subject: RE: [ActiveDir] How to find duplicate proxy address in Active
Directory
And for completeness (schema5.ldf)
dn: CN=Proxy-Addresses,<SchemaContainerDN>
changetype: modify
replace: searchFlags
searchFlags: 13
-
I have submitted a request to MSDN to put some kind of info in the
schema page for that attribute that it is updated by Exchange.
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric
Fleischman
Sent: Thursday, December 30, 2004 11:24 AM
To: [email protected]
Subject: RE: [ActiveDir] How to find duplicate proxy address in Active
Directory
From Exchange forest prep (schema0.ldf):
dn: CN=Proxy-Addresses,<SchemaContainerDN>
changetype: modify
replace: isMemberOfPartialAttributeSet
isMemberOfPartialAttributeSet: TRUE
-
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, December 30, 2004 10:07 AM
To: [email protected]
Subject: RE: [ActiveDir] How to find duplicate proxy address in Active
Directory
When I read this I was like huh?
I admit to not even knowing that proxyAddresses was in the default
schema, been too long since I have seen an untainted schema. I thought Exchange
put it there. Exchange must simply add proxyAddresses to the PAS and tell it to
be preserved through tombstoning.
Exchange would have serious issues I think if proxyAddresses wasn't in
the PAS.
joe
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman,
Hunter
Sent: Thursday, December 30, 2004 10:26 AM
To: [email protected]
Subject: RE: [ActiveDir] How to find duplicate proxy address in Active
Directory
IIRC, proxyAddresses isn't in the default GC attribute set, so in a
multi-domain forest you may be missing dupes. In that case, you could either
include proxyAddresses in the partial attribute set or loop through a list of
the domains and query each domain.
Hunter
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Thursday, December 30, 2004 7:49 AM
To: [email protected]
Subject: RE: [ActiveDir] How to find duplicate proxy address in Active
Directory
:o)
Good job Michael. Honestly I am sure quite a few people are happy and
thinking, god I hate that perl crap[1].... You have offered an alternative. ;o)
As for your filter.... your filter is fine if the audit is only against
users. If you also want to check the addresses of groups and contacts as well
then I have found just using proxyAddresses is fine because it is indexed. If
you have exchange enabled contacts and groups, probably worth adding them to
the check since they could dupe up your addresses, especially contacts. I have
seen a couple of occasions where people move someone from being a user to being
a contact and you get proxyAddress dupes there on secondaries.
Also you should probably enable paging. I expect many of the folks who
would like to use this and most likely have programs/systems that would
introduce the dupes will have more than 1000 exchange enabled objects. That is
kind of hidden in my solution as adfind always automatically pages. It also
automatically does ranging but I wouldn't expect either that someone would have
more than 1000 addresses listed in a proxyAddresses attribute. I do not recall
off the top of my head if ADO will do the ranging automatically.
Another suggestion I would make is simply for perf. Possibly have a
second dictionary for the duped items. That way you can get away from the instr
which is fairly expensive especially if you have big strings (lots of addresses
per DN) or you have lots of addresses. I could gain some additional perf that
way as well but checking an int isn't very expensive, if there were tens of
thousands of addresses though, you would most likely feel a difference in the
run speed even just checking ints.
Finally, I have found I like dumping the data ahead of time and then
parsing it out. This is strictly from working on very large directories where I
have experienced servers dropping connections with "Server Unavailable" midway
through. That way you don't process x amount and it bombs and you go WTF, you
just restart the dump.
I am actually suprised how small the vbscript code is, would have
expected more lines of code; well done.
joe
[1] To those I say, wipe the drool off your chin son... j/k
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael
B. Smith
Sent: Wednesday, December 29, 2004 11:20 PM
To: [email protected]
Subject: RE: [ActiveDir] How to find duplicate proxy address in Active
Directory
Not that I didn't have anything else to do for the last 45 minutes, but
I needed a break. I'm sure Joe won't like my filter, he never does. :-) :-)
strDomainDN = "dc=brnets,dc=local"
strBase = "<GC://" & strDomainDN & ">;"
strFilter =
"(&(objectclass=user)(objectcategory=person)(proxyAddresses=*));"
strAttrs = "name,adspath,proxyaddresses;"
strScope = "subtree"
Set objDIC = CreateObject("Scripting.Dictionary")
set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
objRS.MoveFirst
iCount = 0
while Not objRS.EOF
'Wscript.Echo "name = " & objRS.Fields(0).Value
'wscript.echo "adspath = " & objRS.Fields(1).Value
proxyaddresses = objRS.Fields(2)
for each proxyaddress in proxyaddresses
proxyaddress = LCase (proxyaddress)
If objDic.Exists (proxyaddress) Then
objDic.Item (proxyAddress) = objDic.Item (proxyAddress) & "|" &
objRS.Fields(1).Value
wscript.echo "Dup: " & objDic.Item (proxyAddress)
iCount = iCount + 1
Else
objDic.Add proxyAddress, objRS.Fields(1).value
End If
next
'wscript.echo
objRS.MoveNext
wend
wscript.echo "Total unique addresses found: " & objDic.Count
If iCount = 0 Then
Wscript.Echo "No dups found"
Else
Dim objArr, objIt, strVals
objArr = objDic.Keys
For Each objIt in objArr
strVals = objDic.Item (objIt)
If Instr (strVals, "|") > 0 Then
Dim arrNames, strName
arrNames = Split (strVals, "|")
wscript.echo objIt
For each strName in arrNames
wscript.echo vbTab & strName
Next
End If
Next
End If
wscript.quit 0
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, December 29, 2004 5:59 PM
To: [email protected]
Subject: RE: [ActiveDir] How to find duplicate proxy address in Active
Directory
Hmm I think I previously posted a script that does this to the list, at
least that basic functionality.I can't find it though so here is a basic one
again. We have definitely discussed this a couple of times previously though.
It is pretty simple functionality, simply form a query of
base: ""
port: global catalog aka 3268
filter: proxyaddresses=*
then parse through all of the returned proxyaddresses and slap them
into a hash with the proxy address normalized as the key. If the hash entry
exists, tack on the new DN to the value. At the end chase through all hash
entries looking for entries with multiple values. In perl I recommend using a
hash value of an array to make it easiest.
The adfind ldap query dumped to a testpa.txt file would look like
adfind -gc -b "" -f proxyaddresses=* proxyaddresses > testpa.txt
Of course for more advanced checking, you probably also want to make
sure legacyExchangeDNs don't dupe any X500 proxyaddresses because that would be
a bad dupe as well. I will leave that as an exercise for the class.
Anyway, dump the above command to a text file. Use ADCSV to convert to
a CSV file. Tell ADCSV to use # to separate multivalue attribs because
semicolon's won't work for this case.
adcsv /infile:testpa.txt /mvdelim:#
Should give you a text file like:
DN;proxyAddresses;
"CN=$jricha34,CN=Users,DC=joe,DC=com";"SMTP:[EMAIL
PROTECTED];X400:c=US;a= ;p=joeware;o=Exchange;s=?jricha34;";
"CN=Public Folder Store
(2K3EXC01),CN=SG1,CN=InformationStore,CN=2K3EXC01,CN=Servers,CN=First
Administrative Group,CN=Administrative Groups,CN=joeware,CN=Microsoft
Exchange,CN=Serv
ices,CN=Configuration,DC=joe,DC=com";"smtp:[EMAIL
PROTECTED];smtp:[EMAIL PROTECTED];SMTP:[EMAIL PROTECTED];X400:c=US;a=
;p=joeware;o=Exchange;s=2K3EXC01-IS;";
"CN=Microsoft System Attendant,CN=2K3EXC01,CN=Servers,CN=First
Administrative Group,CN=Administrative Groups,CN=joeware,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=joe,DC
=com";"smtp:[EMAIL PROTECTED];smtp:[EMAIL PROTECTED];SMTP:[EMAIL
PROTECTED];X400:c=US;a= ;p=joeware;o=Exchange;s=2K3EXC01-SA;";
"CN=postmaster,OU=MailUsers,OU=joeware2,OU=Exchange,DC=joe,DC=com";"smtp:[EMAIL
PROTECTED];SMTP:[EMAIL PROTECTED];smtp:[EMAIL PROTECTED];X400:c=US;a=
;p=joeware;o=Exchange;
s=postmaster;";
<SNIP>
Now build a perl script that looks through all lines of the file and
shoves the values into the hash and then outputs the hash entries that have
multiple values. Here would be a basic script to do it.
$pahash=();
foreach $thisline (<>)
{
($dn,$pa)=($thisline=~/"(.+?)";"(.+)"/);
map {$pahash{lc($_)}[++$pahash{lc($_)}[0]]=$dn} split(/#/,$pa);
}
foreach $thiskey (sort keys %pahash)
{
next unless $pahash{$thiskey}[0]>1;
print "Duped: $thiskey\n";
for $thisentry (1..$pahash{$thiskey}[0]) {print "
".$pahash{$thiskey}[$thisentry]."\n"};
}
I'll leave it to Brian or Deji or one of the other vbscript guys to
come up with the equiv vbscript code.
Once you get to here, the next step is inevitably to start asserting
that the addresses are valid in format and characters and labels, etc. That is
when it starts to get tough.
joe
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Manjeet
Sent: Wednesday, December 29, 2004 4:02 PM
To: [email protected]
Subject: [ActiveDir] How to find duplicate proxy address in Active
Directory
All,
I am facing a lots of problem due to duplicate proxy address in active
directory. Some of my user's mails are bouncing back due to this. I have tried
Active directory search but no result found. I am looking for a good tool by
which I can search out the duplicate proxy address and delete them.
I was trying dupproxy.exe but its giving error than can not open LDAP.
Your early help will pe appericiated.
Thank You,
Manjeet
_____
Do you Yahoo!?
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
<http://us.rd.yahoo.com/evt=29916/*http:/info.mail.yahoo.com/mail_250>
<<winmail.dat>>
