Ah but you are correct Hunter. The base schema is exactly as you indicated. It is Exchange that changes it. :o) I echo the Happy New Year to everyone. Hope everyone has a healthy and prosperous year. joe
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Friday, December 31, 2004 4:08 PM To: [email protected] Subject: RE: [ActiveDir] How to find duplicate proxy address in Active Directory Agreed. The reference I was using (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/a dschema/a_proxyaddresses.asp?) talks about proxyAddresses specifically in the context of Exchange, but does not mention that forestprep bumps it up to the global catalog. Though I should have just looked at the schema in the first place before posting incorrect information. Happy New Year's everyone! -----Original Message----- From: [EMAIL PROTECTED] on behalf of joe Sent: Fri 12/31/2004 12:11 PM To: [email protected] Cc: Subject: RE: [ActiveDir] How to find duplicate proxy address in Active Directory The first hit I had on proxyAddresses though for MS took me to the base object definition. It even mentions Exchange. My request is that they combine all of the MS Schema stuff together so you can look at one page and have an understanding of what the configs will be with the different MS updates. I don't think it is asking MS too much to have all of their Schema info in one easy to read place. They are developing the content in the products. Document it nicely so people can easily find it. joe _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Friday, December 31, 2004 12:12 PM To: [email protected] Subject: RE: [ActiveDir] How to find duplicate proxy address in Active Directory It's there already, just not in the most obvious place: http://msdn.microsoft.com/library/en-us/e2k3/e2k3/e2k3_ldf_all_ad_schema_int ro.asp and http://msdn.microsoft.com/library/en-us/e2k3/e2k3/e2k3_ldf_attributeSchema_P roxy_Addresses.asp _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, December 30, 2004 11:53 AM To: [email protected] Subject: RE: [ActiveDir] How to find duplicate proxy address in Active Directory And for completeness (schema5.ldf) dn: CN=Proxy-Addresses,<SchemaContainerDN> changetype: modify replace: searchFlags searchFlags: 13 - I have submitted a request to MSDN to put some kind of info in the schema page for that attribute that it is updated by Exchange. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, December 30, 2004 11:24 AM To: [email protected] Subject: RE: [ActiveDir] How to find duplicate proxy address in Active Directory >From Exchange forest prep (schema0.ldf): dn: CN=Proxy-Addresses,<SchemaContainerDN> changetype: modify replace: isMemberOfPartialAttributeSet isMemberOfPartialAttributeSet: TRUE - _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, December 30, 2004 10:07 AM To: [email protected] Subject: RE: [ActiveDir] How to find duplicate proxy address in Active Directory When I read this I was like huh? I admit to not even knowing that proxyAddresses was in the default schema, been too long since I have seen an untainted schema. I thought Exchange put it there. Exchange must simply add proxyAddresses to the PAS and tell it to be preserved through tombstoning. Exchange would have serious issues I think if proxyAddresses wasn't in the PAS. joe _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Thursday, December 30, 2004 10:26 AM To: [email protected] Subject: RE: [ActiveDir] How to find duplicate proxy address in Active Directory IIRC, proxyAddresses isn't in the default GC attribute set, so in a multi-domain forest you may be missing dupes. In that case, you could either include proxyAddresses in the partial attribute set or loop through a list of the domains and query each domain. Hunter _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, December 30, 2004 7:49 AM To: [email protected] Subject: RE: [ActiveDir] How to find duplicate proxy address in Active Directory :o) Good job Michael. Honestly I am sure quite a few people are happy and thinking, god I hate that perl crap[1].... You have offered an alternative. ;o) As for your filter.... your filter is fine if the audit is only against users. If you also want to check the addresses of groups and contacts as well then I have found just using proxyAddresses is fine because it is indexed. If you have exchange enabled contacts and groups, probably worth adding them to the check since they could dupe up your addresses, especially contacts. I have seen a couple of occasions where people move someone from being a user to being a contact and you get proxyAddress dupes there on secondaries. Also you should probably enable paging. I expect many of the folks who would like to use this and most likely have programs/systems that would introduce the dupes will have more than 1000 exchange enabled objects. That is kind of hidden in my solution as adfind always automatically pages. It also automatically does ranging but I wouldn't expect either that someone would have more than 1000 addresses listed in a proxyAddresses attribute. I do not recall off the top of my head if ADO will do the ranging automatically. Another suggestion I would make is simply for perf. Possibly have a second dictionary for the duped items. That way you can get away from the instr which is fairly expensive especially if you have big strings (lots of addresses per DN) or you have lots of addresses. I could gain some additional perf that way as well but checking an int isn't very expensive, if there were tens of thousands of addresses though, you would most likely feel a difference in the run speed even just checking ints. Finally, I have found I like dumping the data ahead of time and then parsing it out. This is strictly from working on very large directories where I have experienced servers dropping connections with "Server Unavailable" midway through. That way you don't process x amount and it bombs and you go WTF, you just restart the dump. I am actually suprised how small the vbscript code is, would have expected more lines of code; well done. joe [1] To those I say, wipe the drool off your chin son... j/k _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Wednesday, December 29, 2004 11:20 PM To: [email protected] Subject: RE: [ActiveDir] How to find duplicate proxy address in Active Directory Not that I didn't have anything else to do for the last 45 minutes, but I needed a break. I'm sure Joe won't like my filter, he never does. :-) :-) strDomainDN = "dc=brnets,dc=local" strBase = "<GC://" & strDomainDN & ">;" strFilter = "(&(objectclass=user)(objectcategory=person)(proxyAddresses=*));" strAttrs = "name,adspath,proxyaddresses;" strScope = "subtree" Set objDIC = CreateObject("Scripting.Dictionary") set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope) objRS.MoveFirst iCount = 0 while Not objRS.EOF 'Wscript.Echo "name = " & objRS.Fields(0).Value 'wscript.echo "adspath = " & objRS.Fields(1).Value proxyaddresses = objRS.Fields(2) for each proxyaddress in proxyaddresses proxyaddress = LCase (proxyaddress) If objDic.Exists (proxyaddress) Then objDic.Item (proxyAddress) = objDic.Item (proxyAddress) & "|" & objRS.Fields(1).Value wscript.echo "Dup: " & objDic.Item (proxyAddress) iCount = iCount + 1 Else objDic.Add proxyAddress, objRS.Fields(1).value End If next 'wscript.echo objRS.MoveNext wend wscript.echo "Total unique addresses found: " & objDic.Count If iCount = 0 Then Wscript.Echo "No dups found" Else Dim objArr, objIt, strVals objArr = objDic.Keys For Each objIt in objArr strVals = objDic.Item (objIt) If Instr (strVals, "|") > 0 Then Dim arrNames, strName arrNames = Split (strVals, "|") wscript.echo objIt For each strName in arrNames wscript.echo vbTab & strName Next End If Next End If wscript.quit 0 _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, December 29, 2004 5:59 PM To: [email protected] Subject: RE: [ActiveDir] How to find duplicate proxy address in Active Directory Hmm I think I previously posted a script that does this to the list, at least that basic functionality.I can't find it though so here is a basic one again. We have definitely discussed this a couple of times previously though. It is pretty simple functionality, simply form a query of base: "" port: global catalog aka 3268 filter: proxyaddresses=* then parse through all of the returned proxyaddresses and slap them into a hash with the proxy address normalized as the key. If the hash entry exists, tack on the new DN to the value. At the end chase through all hash entries looking for entries with multiple values. In perl I recommend using a hash value of an array to make it easiest. The adfind ldap query dumped to a testpa.txt file would look like adfind -gc -b "" -f proxyaddresses=* proxyaddresses > testpa.txt Of course for more advanced checking, you probably also want to make sure legacyExchangeDNs don't dupe any X500 proxyaddresses because that would be a bad dupe as well. I will leave that as an exercise for the class. Anyway, dump the above command to a text file. Use ADCSV to convert to a CSV file. Tell ADCSV to use # to separate multivalue attribs because semicolon's won't work for this case. adcsv /infile:testpa.txt /mvdelim:# Should give you a text file like: DN;proxyAddresses; "CN=$jricha34,CN=Users,DC=joe,DC=com";"SMTP:[EMAIL PROTECTED];X400:c=US;a= ;p=joeware;o=Exchange;s=?jricha34;"; "CN=Public Folder Store (2K3EXC01),CN=SG1,CN=InformationStore,CN=2K3EXC01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=joeware,CN=Microsoft Exchange,CN=Serv ices,CN=Configuration,DC=joe,DC=com";"smtp:[EMAIL PROTECTED];smtp:2K3 [EMAIL PROTECTED];SMTP:[EMAIL PROTECTED];X400:c=US;a= ;p=joeware;o=Exchange;s=2K3EXC01-IS;"; "CN=Microsoft System Attendant,CN=2K3EXC01,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=joeware,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=joe,DC =com";"smtp:[EMAIL PROTECTED];smtp:[EMAIL PROTECTED];SMTP:2K3E [EMAIL PROTECTED];X400:c=US;a= ;p=joeware;o=Exchange;s=2K3EXC01-SA;"; "CN=postmaster,OU=MailUsers,OU=joeware2,OU=Exchange,DC=joe,DC=com";"smtp:pos [EMAIL PROTECTED];SMTP:[EMAIL PROTECTED];smtp:[EMAIL PROTECTED];X400:c= US;a= ;p=joeware;o=Exchange; s=postmaster;"; <SNIP> Now build a perl script that looks through all lines of the file and shoves the values into the hash and then outputs the hash entries that have multiple values. Here would be a basic script to do it. $pahash=(); foreach $thisline (<>) { ($dn,$pa)=($thisline=~/"(.+?)";"(.+)"/); map {$pahash{lc($_)}[++$pahash{lc($_)}[0]]=$dn} split(/#/,$pa); } foreach $thiskey (sort keys %pahash) { next unless $pahash{$thiskey}[0]>1; print "Duped: $thiskey\n"; for $thisentry (1..$pahash{$thiskey}[0]) {print " ".$pahash{$thiskey}[$thisentry]."\n"}; } I'll leave it to Brian or Deji or one of the other vbscript guys to come up with the equiv vbscript code. Once you get to here, the next step is inevitably to start asserting that the addresses are valid in format and characters and labels, etc. That is when it starts to get tough. joe _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Manjeet Sent: Wednesday, December 29, 2004 4:02 PM To: [email protected] Subject: [ActiveDir] How to find duplicate proxy address in Active Directory All, I am facing a lots of problem due to duplicate proxy address in active directory. Some of my user's mails are bouncing back due to this. I have tried Active directory search but no result found. I am looking for a good tool by which I can search out the duplicate proxy address and delete them. I was trying dupproxy.exe but its giving error than can not open LDAP. Your early help will pe appericiated. Thank You, Manjeet _____ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn <http://us.rd.yahoo.com/evt=29916/*http:/info.mail.yahoo.com/mail_250> more.
<<attachment: winmail.dat>>
