Script to modify msExchHideFromAddressLists attribute

Home Forums Scripting Windows Script Host Script to modify msExchHideFromAddressLists attribute

This topic contains 13 replies, has 4 voices, and was last updated by Avatar vonPryz 10 years, 6 months ago.

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • Avatar
    Matt_Cline
    Member
    #139373

    I need to change the msExchHideFromAddressLists on all user objects to Not Set
    Any ideas on where to start?

    EDIT:

    On Error Resume Next

    Const ADS_SCOPE_SUBTREE = 2

    Set objConnection = CreateObject(“ADODB.Connection”)
    Set objCommand = CreateObject(“ADODB.Command”)
    objConnection.Provider = “ADsDSOObject”
    objConnection.Open “Active Directory Provider”
    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties(“Page Size”) = 2000
    objCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE

    objCommand.CommandText = _
    “SELECT ADsPath FROM ‘LDAP://dc=abd,dc=com’ WHERE objectClass=’user'”
    Set objRecordSet = objCommand.Execute

    objRecordSet.MoveFirst
    Do Until objRecordSet.EOF
    strContactPath = objRecordSet.Fields(“ADsPath”).Value
    Set objContact = GetObject(strContactPath)
    objContact.MSExchHideFromAddressLists = “Not Set”
    objContact.SetInfo
    objRecordSet.MoveNext
    Loop

    The “Not set” value does not seem to like working

    Avatar
    vonPryz
    Member
    #347299

    Re: Script to modify msExchHideFromAddressLists attribute

    Matt_Cline;150307 wrote:
    I need to change the msExchHideFromAddressLists on all user objects to Not Set

    Why would you like to do that? The the attribute is a boolean one, so it can be set only to true or false states.

    -vP

    Avatar
    Matt_Cline
    Member
    #309075

    Re: Script to modify msExchHideFromAddressLists attribute

    New users are not appearing in the GAL
    MS has told me this is the reason. As soon as I change this setting on the user object in ADSIEdit the appear in the GAL

    Rems
    Rems
    Moderator
    #227320

    Re: Script to modify msExchHideFromAddressLists attribute

    ‘# Search an OU and its sub-OUs in the active directory domain
    ‘# Find userobjects with exchange email addresses
    ‘# and the useraccount must not be disabled.
    ‘#
    ‘# *** Make the queried users visible in the AL. ***

    Set objRootDSE = GetObject(“LDAP://rootDSE”)
    strDNSDomain = objRootDSE.Get(“defaultNamingContext”)

    ‘ Start the ADO connection

    Set objCommand = CreateObject(“ADODB.Command”)
    Set objConnection = CreateObject(“ADODB.Connection”)
    objConnection.Provider = “ADsDSOObject”
    objConnection.Open “Active Directory Provider”
    objCommand.ActiveConnection = objConnection

    ‘ Set the ADO connection query strings

    StartNode = “[COLOR=”RoyalBlue”]OU=mycompany users,dc=domain,dc=local[/COLOR]”

    SearchScope = “subtree”

    FilterString = “(&(objectCategory=person)(objectClass=user)” _
    & “(proxyAddresses=*)” _
    & “(!(userAccountControl:1.2.840.113556.1.4.803:=2)))”

    Attributes = “adspath”

    ‘ Create the LDAP-Query

    LDAPQuery = “;” & FilterString & “;” _
    & Attributes & “;” & SearchScope

    objCommand.CommandText = LDAPQuery
    objCommand.Properties(“Page Size”) = 100
    objCommand.Properties(“Timeout”) = 30
    objCommand.Properties(“Cache Results”) = False

    ‘————————————
    Set objRecordSet = objCommand.Execute

    If not objRecordSet.eof then
    objRecordSet.MoveFirst

    Do Until objRecordSet.EOF
    strUserPath = objRecordSet.Fields(“ADsPath”).Value
    Set objUser = GetObject(strUserPath)
    objUser.MSExchHideFromAddressLists = FALSE
    objUser.SetInfo
    objRecordSet.MoveNext
    Loop
    End If

    objRecordset.Close
    objConnection.Close
    [/CODE]

    Rems

    [B][COLOR=”Red”]EDIT:[/COLOR][/B]
    [URL=”http://blogs.technet.com/b/heyscriptingguy/archive/2005/03/23/how-can-i-set-an-active-directory-attribute-value-to-null.aspx”]How Can I Set an Active Directory Attribute Value to NULL?[/URL]
    Const ADS_PROPERTY_CLEAR = 1
    objUser.PutEx ADS_PROPERTY_CLEAR, “MSExchHideFromAddressLists”, 0
    ‘[CODE]
    ‘# Search an OU and its sub-OUs in the active directory domain
    ‘# Find userobjects with exchange email addresses
    ‘# and the useraccount must not be disabled.
    ‘#
    ‘# *** Make the queried users visible in the AL. ***

    Set objRootDSE = GetObject(“LDAP://rootDSE”)
    strDNSDomain = objRootDSE.Get(“defaultNamingContext”)

    ‘ Start the ADO connection

    Set objCommand = CreateObject(“ADODB.Command”)
    Set objConnection = CreateObject(“ADODB.Connection”)
    objConnection.Provider = “ADsDSOObject”
    objConnection.Open “Active Directory Provider”
    objCommand.ActiveConnection = objConnection

    ‘ Set the ADO connection query strings

    StartNode = “OU=mycompany users,dc=domain,dc=local

    SearchScope = “subtree”

    FilterString = “(&(objectCategory=person)(objectClass=user)” _
    & “(proxyAddresses=*)” _
    & “(!(userAccountControl:1.2.840.113556.1.4.803:=2)))”

    Attributes = “adspath”

    ‘ Create the LDAP-Query

    LDAPQuery = “;” & FilterString & “;” _
    & Attributes & “;” & SearchScope

    objCommand.CommandText = LDAPQuery
    objCommand.Properties(“Page Size”) = 100
    objCommand.Properties(“Timeout”) = 30
    objCommand.Properties(“Cache Results”) = False


    Set objRecordSet = objCommand.Execute

    If not objRecordSet.eof then
    objRecordSet.MoveFirst

    Do Until objRecordSet.EOF
    strUserPath = objRecordSet.Fields(“ADsPath”).Value
    Set objUser = GetObject(strUserPath)
    objUser.MSExchHideFromAddressLists = FALSE
    objUser.SetInfo
    objRecordSet.MoveNext
    Loop
    End If

    objRecordset.Close
    objConnection.Close
    [/CODE]

    Rems

    EDIT:
    How Can I Set an Active Directory Attribute Value to NULL?
    Const ADS_PROPERTY_CLEAR = 1
    objUser.PutEx ADS_PROPERTY_CLEAR, “MSExchHideFromAddressLists”, 0

    Avatar
    Matt_Cline
    Member
    #309076

    Re: Script to modify msExchHideFromAddressLists attribute

    Thanks Rems but this will set the
    MSExchHideFromAddressLists to FALSE
    I need it to clear the attribute completely.
    I am having a problem with a clients Exchange Server 2007 that if a user object has MSExchHideFromAddressLists = FALSE it will not appear in the GAL……it will appear in the other Address Lists like All Users and any manually created one but not the GAL.
    I have varified this by going into ADSI and changing this attribute to Not Set. The user then magically appears in the GAL
    I have checked what ADModify does and that will set the MSExchHideFromAddressLists to False as well.

    Rems
    Rems
    Moderator
    #227321

    Re: Script to modify msExchHideFromAddressLists attribute

    Does the users that not apear in the GAL have a mailNickname (Alias) configured?,
    if they do not, try to add one to one account and run the Recipient Update Service to configure the recipent showInAddressBook attribute. – for testing

    Rems

    ps
    Shall I flag this thread is to be moved to Exchange forum?

    Rems
    Rems
    Moderator
    #227322

    Re: Script to modify msExchHideFromAddressLists attribute

    This script is just for checking (see remarks in my previous reply)

    ‘# Search an OU and its sub-OUs in the active directory domain
    ‘# query userobjects with exchange email addresses, but
    ‘# where [B]not[/B] the attribute ‘showInAddressBook’ is set to TRUE,
    ‘# and the useraccount must not be disabled.
    ‘#
    ‘# *** echo the username of each found object ***

    Set objRootDSE = GetObject(“LDAP://rootDSE”)
    strDNSDomain = objRootDSE.Get(“defaultNamingContext”)

    ‘ Start the ADO connection

    Set objCommand = CreateObject(“ADODB.Command”)
    Set objConnection = CreateObject(“ADODB.Connection”)
    objConnection.Provider = “ADsDSOObject”
    objConnection.Open “Active Directory Provider”
    objCommand.ActiveConnection = objConnection

    ‘ Set the ADO connection query strings

    StartNode = strDNSDomain

    SearchScope = “subtree”

    FilterString = “(&(objectCategory=person)(objectClass=user)” _
    & “(proxyAddresses=*)” _
    & “([B]![/B](showInAddressBook=TRUE)” _
    & “(userAccountControl:1.2.840.113556.1.4.803:=2)))”

    Attributes = “adspath”

    ‘ Create the LDAP-Query

    LDAPQuery = “;” & FilterString & “;” _
    & Attributes & “;” & SearchScope

    objCommand.CommandText = LDAPQuery
    objCommand.Properties(“Page Size”) = 100
    objCommand.Properties(“Timeout”) = 30
    objCommand.Properties(“Cache Results”) = False

    ‘————————————
    Set objRecordSet = objCommand.Execute

    If not objRecordSet.eof then
    objRecordSet.MoveFirst

    Do Until objRecordSet.EOF
    strUserPath = objRecordSet.Fields(“ADsPath”).Value
    Set objUser = GetObject(strUserPath)

    wscript.echo objUser.MSExchHideFromAddressLists, objUser.sAMAccountName

    objRecordSet.MoveNext
    Loop
    End If

    objRecordset.Close
    objConnection.Close

    wscript.echo “done”[/CODE]

    Rems[CODE]
    ‘# Search an OU and its sub-OUs in the active directory domain
    ‘# query userobjects with exchange email addresses, but
    ‘# where not the attribute ‘showInAddressBook’ is set to TRUE,
    ‘# and the useraccount must not be disabled.
    ‘#
    ‘# *** echo the username of each found object ***

    Set objRootDSE = GetObject(“LDAP://rootDSE”)
    strDNSDomain = objRootDSE.Get(“defaultNamingContext”)

    ‘ Start the ADO connection

    Set objCommand = CreateObject(“ADODB.Command”)
    Set objConnection = CreateObject(“ADODB.Connection”)
    objConnection.Provider = “ADsDSOObject”
    objConnection.Open “Active Directory Provider”
    objCommand.ActiveConnection = objConnection

    ‘ Set the ADO connection query strings

    StartNode = strDNSDomain

    SearchScope = “subtree”

    FilterString = “(&(objectCategory=person)(objectClass=user)” _
    & “(proxyAddresses=*)” _
    & “(!(showInAddressBook=TRUE)” _
    & “(userAccountControl:1.2.840.113556.1.4.803:=2)))”

    Attributes = “adspath”

    ‘ Create the LDAP-Query

    LDAPQuery = “;” & FilterString & “;” _
    & Attributes & “;” & SearchScope

    objCommand.CommandText = LDAPQuery
    objCommand.Properties(“Page Size”) = 100
    objCommand.Properties(“Timeout”) = 30
    objCommand.Properties(“Cache Results”) = False


    Set objRecordSet = objCommand.Execute

    If not objRecordSet.eof then
    objRecordSet.MoveFirst

    Do Until objRecordSet.EOF
    strUserPath = objRecordSet.Fields(“ADsPath”).Value
    Set objUser = GetObject(strUserPath)

    wscript.echo objUser.MSExchHideFromAddressLists, objUser.sAMAccountName

    objRecordSet.MoveNext
    Loop
    End If

    objRecordset.Close
    objConnection.Close

    wscript.echo “done”[/CODE]

    Rems

    Avatar
    Matt_Cline
    Member
    #309077

    Re: Script to modify msExchHideFromAddressLists attribute

    Rems;150422 wrote:
    Does the users that not apear in the GAL have a mailNickname (Alias) configured?,
    if they do not, try to add one to one account and run the Recipient Update Service to configure the recipent showInAddressBook attribute. – for testing

    Rems

    ps
    Shall I flag this thread is to be moved to Exchange forum?

    They have alias’s (mailnickname).

    You can close the exchange thread if you like, it just seems very strange to me that this attribute need to be set to not set as opposed to FALSE.

    I have just checked on another clients Exchange server and this is the way it is set on the user objects in that environment as well. Guess its just something that I never noticed in E2K7

    Rems
    Rems
    Moderator
    #227323

    Re: Script to modify msExchHideFromAddressLists attribute

    Matt_Cline;150502 wrote:
    You can close the exchange thread if you like, it just seems very strange to me that this attribute need to be set to not set as opposed to FALSE.

    IMHO the subject can best be discussed in the Exchange2007 forum to find a structural solution.
    Or this thread can be moved to the AD directory forum to find a solution how to make the forced edit in the database (not a structural solution).

    edit:
    I found this discussion what matches what I have mentioned before.

    Can you confirm the ‘showInAddressBook’ attribute is correctly set to TRUE on the userobjects.

    Rems

    Avatar
    Matt_Cline
    Member
    #309078

    Re: Script to modify msExchHideFromAddressLists attribute

    Rems;150525 wrote:
    Can you confirm the ‘showInAddressBook’ attribute is correctly set to TRUE on the userobjects.

    Rems

    I have checked on users that are not showing up in the GAL.
    They have
    CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=abc,DC=com

    CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=ORG,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=abc,DC=com

    I had checked here before which was making more confused as to why when a user is specified to appear in the GAL and also specifically set to not be hidden from the GAL.

    If the mailbox is edited in EMC and hidden form that GAL, changes applied, and then un-hidden from that GAL they will show up

    Thanks for the continued assistance

    EDIT:

    After looking at the article you linked I went through it and got the following

    I modified a user and removed all entries in the showInAddressList

    Then ran
    Set-Mailbox -ApplyMandatoryProperties -Identity “Joe User” -Verbose

    The results were as follows

    VERBOSE: Set-Mailbox : Beginning processing.
    VERBOSE: Set-Mailbox : Administrator Active Directory session settings are:
    View Entire Forest: ‘False’, Default Scope: ‘abc.com’,
    Configuration Domain Controller: ‘dc.abc.com’,
    VERBOSE: Set-Mailbox : Searching objects “Joe User” of type “ADUser”
    under the root “$null”.
    VERBOSE: Set-Mailbox : Previous operation run on domain controller
    ‘exch.abc.com’.
    VERBOSE: Set-Mailbox : Processing object “abc.com/users/juser”.
    VERBOSE: Setting mailbox “Joe User”.
    VERBOSE: Set-Mailbox : Applying RUS policy to the given recipient
    “abc.com/users/juser” with the home domain controller “$null”.
    VERBOSE: Set-Mailbox : The RUS server that will apply policies on the specified
    recipient is “exch.abc.com”.
    VERBOSE: Set-Mailbox : No properties changed for the object
    “abc.com/users/juser”.
    WARNING: The command completed successfully but no settings of
    ‘abc.com/users/juser’ have been modified.
    VERBOSE: Set-Mailbox : Saving object “abc.com/users/juser” of type “ADUser” and state
    “Unchanged”.
    VERBOSE: Set-Mailbox : Previous operation run on domain controller
    ‘exc.abc.com’.
    VERBOSE: Set-Mailbox : Ending processing.

    I then checked in ADSI and nothing had been updated in the showInAddressList, ie, it was blank

    I am starting to think that the RUS/Default Policy is not functioning

    Avatar
    AndyJG247
    Member
    #322525

    Re: Script to modify msExchHideFromAddressLists attribute

    Just as a side note to this, did you ask MS the questions in your Exchange 2007 post?
    http://forums.petri.com/showthread.php?t=33319
    or anyone onsite that may know if this was changed on purpose maybe?

    Avatar
    Matt_Cline
    Member
    #309079

    Re: Script to modify msExchHideFromAddressLists attribute

    Yeah I made the call to MS.
    I am fairly sure that no one on site would have made any changes to user like this, although anything is possible at a school ;)

    Avatar
    Matt_Cline
    Member
    #309080

    Re: Script to modify msExchHideFromAddressLists attribute

    An update on this
    I created a new Default address policy and new users added will now show up in the GAL…..I knew it was the policy not applying at the time the user was mail-enabled. The issue now is that I have a ton of users that I need to modify this attribute.
    I am speaking with MS again on Monday I’ll update when I have a responce from them

    Avatar
    Matt_Cline
    Member
    #309081

    Re: Script to modify msExchHideFromAddressLists attribute

    This is now resolved
    The issue is as follows
    After adding users in bulk to AD from a script or any other way than through ADUC and then mail-enabling them in EMC they do not appear in the GAL or All Users.
    The problem is that the msExchHideFromAddressLists is set to FALSE. If this attribute is set to the user will appear in the GAL.
    This is however not the issue.
    The problem lies with the Default Address policy.

    The solution is as follows
    Create a new address policy in the EMC and make sure that is has the following settings

    Applies to all recipients
    The Addresses are
    @externaldomainname.com.au
    @internaldomain.local

    In ADSI Edit navigate to
    CN=Recipient Policies,CN=Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=Local
    Right click on the name of the policy that you just created
    Change the attribute
    msExchPolicyOrder to 2147483647

    Restart all Exchange services

    Open the EMS and type the following

    Get-user –resultsize unlimited | set-mailbox –applymanadoryproperties

    Open OWA and verify that all users are now in the GAL

    I had this as an open case with MS and their solution was to pay them to write a script to modify the msExchHideFromAddressLists

Viewing 14 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic.