OK, let me start by saying I'm no programming or scripting expert, but I
dabble... :)
I copied and pasted the text off the TechNet site.. When I run it, unmodified,
the script only runs against my child domain. We have one parent domain, and
one child; the machine I'm running from is my workstation which is part of the
parent domain.
It appears, to me, that the oRecordset only contains the names of the trusted
domains? If I modify the code and add a call to the function just after the
Else (PerDomain(strDomainNC)) when the strDomainNC is still set to the parent
domain, then it functions as expected...
(Lines 59 - 69 of the original code, plus the extra function call after the
Else below)
If oRecordSet.Eof Then
TextStream.WriteLine("Didn't find any trusts, assuming single domain...")
PerDomain(strDomainNC)
Else
PerDomain(strDomainNC) ' Added to run against the original parent NC
While Not oRecordSet.Eof
strDomainNC = oRecordSet.Fields(0)
TextStream.WriteLine "++" & strDomainNC
PerDomain(strDomainNC)
oRecordSet.MoveNext
Wend
End If
Did this just not run correctly for me in its original configuration, did I
miss something, or is it really just wrong as posted?
Joe Pochedley
A computer terminal is not some clunky old television
with a typewriter in front of it. It is an interface
where the mind and body can connect with the universe
and move bits of it about. -Douglas Adams
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Wednesday, November 09, 2005 1:11 PM
To: [email protected]
Subject: RE: [ActiveDir] Automating NoMas
Something like this might be of interest.
http://www.microsoft.com/technet/prodtechnol/exchange/guides/DROpsGuide/a209faf9-91a1-46d7-8a6d-538ce3fba85d.mspx
The best way would be to disassociate the mailbox from the account and maintain
the mailbox for as long as the account retention requires (keep them matched).
That would require you to keep track of where a user's mailstore is located of
course.
Note, this approach doesn't scale well. At all. That's why the above
mentioned script exists in the first place. Most people want to keep the user
and the mailbox objects tied together until both are removed (if removed at
all). Or, they tend to have a separate group that does AD administration but
has nothing to do with the mailbox provisioning which also easily results in
this type of situation.
I agree with Joe that the ADUC with Exchange integrated tools should handle
this more gracefully, but it's never that simple. ;-)
-ajm
>From: "Harding, Devon" <[EMAIL PROTECTED]>
>Reply-To: [email protected]
>To: <[email protected]>
>Subject: RE: [ActiveDir] Automating NoMas
>Date: Wed, 9 Nov 2005 12:25:19 -0500
>
>Ok with that said, what would be the correct way or tools to disable a
>mail enabled account in Active Directory?
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of joe
>Sent: Wednesday, November 09, 2005 11:49 AM
>To: [email protected]
>Subject: RE: [ActiveDir] Automating NoMas
>
>Let me restate this just a little.
>
>The issue are due to Exchange Dev having an incomplete understanding of
>how people do things in the enterprise and assuming that the only time
>a disabled account could have a mailbox is because it is a resource
>mailbox so instead of having an attribute for it they assume and then
>after assuming run into all sorts of issues with their assumption.
>
> >From our side, it means that we have to adjust how we deprovision
>accounts
>to properly populate the directory so Exchange doesn't get its panties
>in a bunch. And yes, enough of these will get your Exchange server's
>panties in a bunch. Lots of folks (primarily from MS) like to say these
>are meaningless and can't hurt anything but I have seen multiple cases
>where they caused store hangs and queues. I actually got an MS person
>to admin they were a huge issue about 2-3 years ago but couldn't get
>the person to give me an email stating that. I understood completely.
>
>The interesting thing is that you would at least expect ADUC with the
>Exchange extensions to properly disable these accounts but nope, we
>have to handle it manually. But that is ok, we really shouldn't be
>using ADUC to manage users in larger orgs anyway. No business rules, no
>decent logging, too many people with too many permissions: you want to
>use provisioning tools, either self written or purchased.
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of joe
>Sent: Wednesday, November 09, 2005 10:59 AM
>To: [email protected]
>Subject: RE: [ActiveDir] Automating NoMas
>
>Correct your deprovisioning process. Those issues are due to
>incorrectly setting values on mailbox enabled users. Basically bad data
>is going in the directory and then you are manually swinging back and
>correcting it.
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon
>Sent: Wednesday, November 09, 2005 9:18 AM
>To: [email protected]
>Subject: [ActiveDir] Automating NoMas
>
>How can I prevent the Event ID error 9548(MSExchangeIS) from happening?
>I normally use NoMas to fix em, but I want to prevent them from happening.
>
>Would it be possible to create a script that runs like every morning
>and perform exactly what NoMas does for every child domain I have?
>
>
>Devon Harding
>Windows Systems Engineer
>Southern Wine & Spirits - BSG
>954-602-2469
>
>
>-----------------------------------------
>__________________________________
>This message and any attachments are solely for the intended recipient
>and may contain confidential or privileged information. If you are not
>the intended recipient, any disclosure, copying, use or distribution of
>the information included in the message and any attachments is
>prohibited. If you have received this communication in error, please
>notify us by reply e-mail and immediately and permanently delete this
>message and any attachments. Thank You.
>
>List info : http://www.activedir.org/List.aspx
>List FAQ : http://www.activedir.org/ListFAQ.aspx
>List archive:
>http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>List info : http://www.activedir.org/List.aspx
>List FAQ : http://www.activedir.org/ListFAQ.aspx
>List archive:
>http://www.mail-archive.com/activedir%40mail.activedir.org/
>
>List info : http://www.activedir.org/List.aspx
>List FAQ : http://www.activedir.org/ListFAQ.aspx
>List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>List info : http://www.activedir.org/List.aspx
>List FAQ : http://www.activedir.org/ListFAQ.aspx
>List archive:
>http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
