Announcement

Collapse
No announcement yet.

Script to modify msExchHideFromAddressLists attribute

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Script to modify msExchHideFromAddressLists attribute

    I need to change the msExchHideFromAddressLists on all user objects to Not Set
    Any ideas on where to start?

    EDIT:

    On Error Resume Next

    Const ADS_SCOPE_SUBTREE = 2

    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 2000
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

    objCommand.CommandText = _
    "SELECT ADsPath FROM 'LDAP://dc=abd,dc=com' WHERE objectClass='user'"
    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst
    Do Until objRecordSet.EOF
    strContactPath = objRecordSet.Fields("ADsPath").Value
    Set objContact = GetObject(strContactPath)
    objContact.MSExchHideFromAddressLists = "Not Set"
    objContact.SetInfo
    objRecordSet.MoveNext
    Loop

    The "Not set" value does not seem to like working
    Last edited by Matt_Cline; 20th February 2009, 04:02.

  • #2
    Re: Script to modify msExchHideFromAddressLists attribute

    Originally posted by Matt_Cline View Post
    I need to change the msExchHideFromAddressLists on all user objects to Not Set
    Why would you like to do that? The the attribute is a boolean one, so it can be set only to true or false states.

    -vP

    Comment


    • #3
      Re: Script to modify msExchHideFromAddressLists attribute

      New users are not appearing in the GAL
      MS has told me this is the reason. As soon as I change this setting on the user object in ADSIEdit the appear in the GAL

      Comment


      • #4
        Re: Script to modify msExchHideFromAddressLists attribute

        Code:
        '# Search an OU and its sub-OUs in the active directory domain
        '# Find userobjects with exchange email addresses
        '# and the useraccount must not be disabled.
        '# 
        '# *** Make the queried users visible in the AL. ***
        
        Set objRootDSE = GetObject("LDAP://rootDSE")
        strDNSDomain = objRootDSE.Get("defaultNamingContext")
        
        ' Start the ADO connection
        
        Set objCommand = CreateObject("ADODB.Command")
        Set objConnection = CreateObject("ADODB.Connection")
        objConnection.Provider = "ADsDSOObject"
        objConnection.Open "Active Directory Provider"
        objCommand.ActiveConnection = objConnection
        
        ' Set the ADO connection query strings
        
        StartNode = "OU=mycompany users,dc=domain,dc=local"
        
        SearchScope = "subtree"
        
        FilterString = "(&(objectCategory=person)(objectClass=user)" _
                & "(proxyAddresses=*)" _
                & "(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
        
        Attributes = "adspath"
        
        ' Create the LDAP-Query
        
        LDAPQuery = "<LDAP://" & StartNode & ">;" & FilterString & ";" _
                & Attributes & ";" & SearchScope
        
        objCommand.CommandText = LDAPQuery
        objCommand.Properties("Page Size") = 100
        objCommand.Properties("Timeout") = 30
        objCommand.Properties("Cache Results") = False
        
        '------------------------------------
        Set objRecordSet = objCommand.Execute
        
        If not objRecordSet.eof then 
           objRecordSet.MoveFirst
        
           Do Until objRecordSet.EOF
              strUserPath = objRecordSet.Fields("ADsPath").Value
              Set objUser = GetObject(strUserPath)
              objUser.MSExchHideFromAddressLists = FALSE
              objUser.SetInfo
              objRecordSet.MoveNext
           Loop
        End If
        
        objRecordset.Close
        objConnection.Close
        \Rems

        EDIT:
        How Can I Set an Active Directory Attribute Value to NULL?
        Const ADS_PROPERTY_CLEAR = 1
        objUser.PutEx ADS_PROPERTY_CLEAR, "MSExchHideFromAddressLists", 0
        '
        Last edited by Rems; 7th June 2010, 21:39.

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: Script to modify msExchHideFromAddressLists attribute

          Thanks Rems but this will set the
          MSExchHideFromAddressLists to FALSE
          I need it to clear the attribute completely.
          I am having a problem with a clients Exchange Server 2007 that if a user object has MSExchHideFromAddressLists = FALSE it will not appear in the GAL......it will appear in the other Address Lists like All Users and any manually created one but not the GAL.
          I have varified this by going into ADSI and changing this attribute to Not Set. The user then magically appears in the GAL
          I have checked what ADModify does and that will set the MSExchHideFromAddressLists to False as well.

          Comment


          • #6
            Re: Script to modify msExchHideFromAddressLists attribute

            Does the users that not apear in the GAL have a mailNickname (Alias) configured?,
            if they do not, try to add one to one account and run the Recipient Update Service to configure the recipent showInAddressBook attribute. - for testing


            \Rems


            ps
            Shall I flag this thread is to be moved to Exchange forum?

            This posting is provided "AS IS" with no warranties, and confers no rights.

            __________________

            ** Remember to give credit where credit's due **
            and leave Reputation Points for meaningful posts

            Comment


            • #7
              Re: Script to modify msExchHideFromAddressLists attribute

              This script is just for checking (see remarks in my previous reply)
              Code:
              '# Search an OU and its sub-OUs in the active directory domain
              '# query userobjects with exchange email addresses, but 
              '# where not the attribute 'showInAddressBook' is set to TRUE,
              '# and the useraccount must not be disabled.
              '# 
              '# *** echo the username of each found object ***
              
              Set objRootDSE = GetObject("LDAP://rootDSE")
              strDNSDomain = objRootDSE.Get("defaultNamingContext")
              
              ' Start the ADO connection
              
              Set objCommand = CreateObject("ADODB.Command")
              Set objConnection = CreateObject("ADODB.Connection")
              objConnection.Provider = "ADsDSOObject"
              objConnection.Open "Active Directory Provider"
              objCommand.ActiveConnection = objConnection
              
              ' Set the ADO connection query strings
              
              StartNode = strDNSDomain
              
              SearchScope = "subtree"
              
              FilterString = "(&(objectCategory=person)(objectClass=user)" _
                      & "(proxyAddresses=*)" _
                      & "(!(showInAddressBook=TRUE)" _
                      & "(userAccountControl:1.2.840.113556.1.4.803:=2)))"
              
              Attributes = "adspath"
              
              ' Create the LDAP-Query
              
              LDAPQuery = "<LDAP://" & StartNode & ">;" & FilterString & ";" _
                      & Attributes & ";" & SearchScope
              
              objCommand.CommandText = LDAPQuery
              objCommand.Properties("Page Size") = 100
              objCommand.Properties("Timeout") = 30
              objCommand.Properties("Cache Results") = False
              
              '------------------------------------
              Set objRecordSet = objCommand.Execute
              
              If not objRecordSet.eof then 
                 objRecordSet.MoveFirst
              
                 Do Until objRecordSet.EOF
                    strUserPath = objRecordSet.Fields("ADsPath").Value
                    Set objUser = GetObject(strUserPath)
              
              wscript.echo objUser.MSExchHideFromAddressLists, objUser.sAMAccountName 
              
                    objRecordSet.MoveNext
                 Loop
              End If
              
              objRecordset.Close
              objConnection.Close
              
              wscript.echo "done"
              \Rems

              This posting is provided "AS IS" with no warranties, and confers no rights.

              __________________

              ** Remember to give credit where credit's due **
              and leave Reputation Points for meaningful posts

              Comment


              • #8
                Re: Script to modify msExchHideFromAddressLists attribute

                Originally posted by Rems View Post
                Does the users that not apear in the GAL have a mailNickname (Alias) configured?,
                if they do not, try to add one to one account and run the Recipient Update Service to configure the recipent showInAddressBook attribute. - for testing


                \Rems


                ps
                Shall I flag this thread is to be moved to Exchange forum?
                They have alias's (mailnickname).

                You can close the exchange thread if you like, it just seems very strange to me that this attribute need to be set to not set as opposed to FALSE.

                I have just checked on another clients Exchange server and this is the way it is set on the user objects in that environment as well. Guess its just something that I never noticed in E2K7

                Comment


                • #9
                  Re: Script to modify msExchHideFromAddressLists attribute

                  Originally posted by Matt_Cline View Post
                  You can close the exchange thread if you like, it just seems very strange to me that this attribute need to be set to not set as opposed to FALSE.
                  IMHO the subject can best be discussed in the Exchange2007 forum to find a structural solution.
                  Or this thread can be moved to the AD directory forum to find a solution how to make the forced edit in the database (not a structural solution).

                  edit:
                  I found this discussion what matches what I have mentioned before.

                  Can you confirm the 'showInAddressBook' attribute is correctly set to TRUE on the userobjects.


                  \Rems
                  Last edited by Rems; 21st February 2009, 10:42.

                  This posting is provided "AS IS" with no warranties, and confers no rights.

                  __________________

                  ** Remember to give credit where credit's due **
                  and leave Reputation Points for meaningful posts

                  Comment


                  • #10
                    Re: Script to modify msExchHideFromAddressLists attribute

                    Originally posted by Rems View Post

                    Can you confirm the 'showInAddressBook' attribute is correctly set to TRUE on the userobjects.


                    \Rems
                    I have checked on users that are not showing up in the GAL.
                    They have
                    CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=abc,DC=co m

                    CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=abc,DC=co m

                    I had checked here before which was making more confused as to why when a user is specified to appear in the GAL and also specifically set to not be hidden from the GAL.

                    If the mailbox is edited in EMC and hidden form that GAL, changes applied, and then un-hidden from that GAL they will show up

                    Thanks for the continued assistance

                    EDIT:

                    After looking at the article you linked I went through it and got the following

                    I modified a user and removed all entries in the showInAddressList

                    Then ran
                    Set-Mailbox -ApplyMandatoryProperties -Identity "Joe User" -Verbose

                    The results were as follows

                    VERBOSE: Set-Mailbox : Beginning processing.
                    VERBOSE: Set-Mailbox : Administrator Active Directory session settings are:
                    View Entire Forest: 'False', Default Scope: 'abc.com',
                    Configuration Domain Controller: 'dc.abc.com',
                    VERBOSE: Set-Mailbox : Searching objects "Joe User" of type "ADUser"
                    under the root "$null".
                    VERBOSE: Set-Mailbox : Previous operation run on domain controller
                    'exch.abc.com'.
                    VERBOSE: Set-Mailbox : Processing object "abc.com/users/juser".
                    VERBOSE: Setting mailbox "Joe User".
                    VERBOSE: Set-Mailbox : Applying RUS policy to the given recipient
                    "abc.com/users/juser" with the home domain controller "$null".
                    VERBOSE: Set-Mailbox : The RUS server that will apply policies on the specified
                    recipient is "exch.abc.com".
                    VERBOSE: Set-Mailbox : No properties changed for the object
                    "abc.com/users/juser".
                    WARNING: The command completed successfully but no settings of
                    'abc.com/users/juser' have been modified.
                    VERBOSE: Set-Mailbox : Saving object "abc.com/users/juser" of type "ADUser" and state
                    "Unchanged".
                    VERBOSE: Set-Mailbox : Previous operation run on domain controller
                    'exc.abc.com'.
                    VERBOSE: Set-Mailbox : Ending processing.

                    I then checked in ADSI and nothing had been updated in the showInAddressList, ie, it was blank

                    I am starting to think that the RUS/Default Policy is not functioning
                    Last edited by Matt_Cline; 21st February 2009, 12:16.

                    Comment


                    • #11
                      Re: Script to modify msExchHideFromAddressLists attribute

                      Just as a side note to this, did you ask MS the questions in your Exchange 2007 post?
                      http://forums.petri.com/showthread.php?t=33319
                      or anyone onsite that may know if this was changed on purpose maybe?
                      cheers
                      Andy

                      Please read this before you post:


                      Quis custodiet ipsos custodes?

                      Comment


                      • #12
                        Re: Script to modify msExchHideFromAddressLists attribute

                        Yeah I made the call to MS.
                        I am fairly sure that no one on site would have made any changes to user like this, although anything is possible at a school

                        Comment


                        • #13
                          Re: Script to modify msExchHideFromAddressLists attribute

                          An update on this
                          I created a new Default address policy and new users added will now show up in the GAL.....I knew it was the policy not applying at the time the user was mail-enabled. The issue now is that I have a ton of users that I need to modify this attribute.
                          I am speaking with MS again on Monday I'll update when I have a responce from them

                          Comment


                          • #14
                            Re: Script to modify msExchHideFromAddressLists attribute

                            This is now resolved
                            The issue is as follows
                            After adding users in bulk to AD from a script or any other way than through ADUC and then mail-enabling them in EMC they do not appear in the GAL or All Users.
                            The problem is that the msExchHideFromAddressLists is set to FALSE. If this attribute is set to <not set> the user will appear in the GAL.
                            This is however not the issue.
                            The problem lies with the Default Address policy.

                            The solution is as follows
                            Create a new address policy in the EMC and make sure that is has the following settings

                            Applies to all recipients
                            The Addresses are
                            @externaldomainname.com.au
                            @internaldomain.local

                            In ADSI Edit navigate to
                            CN=Recipient Policies,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC =Local
                            Right click on the name of the policy that you just created
                            Change the attribute
                            msExchPolicyOrder to 2147483647

                            Restart all Exchange services

                            Open the EMS and type the following

                            Get-user –resultsize unlimited | set-mailbox –applymanadoryproperties

                            Open OWA and verify that all users are now in the GAL

                            I had this as an open case with MS and their solution was to pay them to write a script to modify the msExchHideFromAddressLists

                            Comment

                            Working...
                            X