The only downside with this option is that it usually means you need to expose your production AD DCs to servers in the DMZ. Even if you baton down the ports through your firewall, use IPSec, etc. it still means there is a route through to your DCs.
Tony ---------- Original Message ---------------------------------- Wrom: OKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTN Reply-To: [EMAIL PROTECTED] Date: Mon, 12 Jan 2004 05:19:17 -0800 You might want to look at another option. Depending on the mail transfer agent you're using at the relays, many can do LDAP verification "live" off AD. Sendmail can do it, and I believe postfix and others can as well. Having worked in an environment in which we had to keep white and black lists up to date - at its worst, it was 3500 users and more or less constantly out of date. I'd strongly suggest you look at a different way to do it. Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- Wrom: HGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUI Sent: Saturday, January 10, 2004 10:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ldifde and/or csdve I'm going to find out real soon if it meets requirements or not. :-) Thanks for taking the time, Joe. Basically we're trying to create blacklists and whitelists for email filters based on email address to make sure user of x company does not have email parsed through various stages. One question... does adfind actually pull each value from the proxyAddresses field and match up to the parameter you've specified (e.g. the SMTP:*)... ? Thanks again! -m _____ Wrom: VOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLE [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Saturday, January 10, 2004 7:31 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ldifde and/or csdve I will probably get dunned for the use of perl (except by Robbie and Richard) but.... If this is a one off thing, i.e. not a regular process and you just want to grab some data here is a quick and dirty solution. This is a joeware whip it up on the spot special for you.... no charge. :op __START SCRIPT__ `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail proxyaddresses >tempfile.txt`; open fh,"<tempfile.txt"; %uniqueemail=(); %ciuniqueemail=(); foreach $thisline (<fh>) { if ($thisline=~/.+: *([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED])/> )/) { $uniqueemail{$1}=1; $ciuniqueemail{lc($1)}=1; } } print "\n\nUnique Email Addresses\n" map {print "$_\n"} sort keys %uniqueemail; print "\n\nCase Insensitive Unique Email Addresses\n" map {print "$_\n"} sort keys %ciuniqueemail; __END SCRIPT__ It uses adfind (www.joeware.net <http://www.joeware.net> on the free win32 tools page) to query a global catalog to get all of the objects with either mail attribute populated OR SMTP starting one of the values in proxyaddresses and also retrieves those attributes. It sends this to a file both because I don't know how big your forest is and your memory in your pc is. If you have something smaller for a forest or a big box you can pull straight into memory with @output=`adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail proxyaddresses`; Also the base is nothing which means search the entire directory, if you wanted a single domain you could set -b parameter to some value like dc=child1,dc=domain,dc=com. It also will give you two hashes of unique IDs. One is case sensitive, one is case insensitive. Shouldn't matter and I personally would do everything case insensitive but not sure exactly what you are looking for so did it both ways. If you want case insensitive, kill any line with uniqueemail in it and leave the lines with ciuniqueemail in it. ex: __START SCRIPT__ `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail proxyaddresses >tempfile.txt`; open fh,"<tempfile.txt"; %ciuniqueemail=(); foreach $thisline (<fh>) { if ($thisline=~/.+: *([EMAIL PROTECTED])/ <mailto:[EMAIL PROTECTED])/> ) {$ciuniqueemail{lc($1)}=1}}; print "\n\nCase Insensitive Unique Email Addresses\n" map {print "$_\n"} sort keys %ciuniqueemail; __END SCRIPT__ Oh one quick thing, I hate it when I don't easily see what a regular expression is doing so the regex above ($thisline=~/.+: *([EMAIL PROTECTED])/ <mailto:[EMAIL PROTECTED])/> ) breaks down like this $thisline=~/.+: *(.+)/ $thisline=~ Take the $thisline variable and run a match against it.... /.+: *([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED])/> )/ This is the match. Match any line that has a : and an @ sign in it. On a match take the info following the : or a : with a trailing space and save it. This will match any of the following lines: >mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >proxyaddresses: SMTP:[EMAIL PROTECTED] >proxyaddresses: smtp:[EMAIL PROTECTED] and save the email address piece in the variable $1. If you need to match up the dn to the email addresses this gets more involved but is still pretty easy. The following script will create a semi colon delimited list with the DN as the first field and all other fields email addresses for the specified dn. __START SCRIPT__ `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail proxyaddresses >tempfile.txt`; open fh,"<tempfile.txt"; %ciuniqueemail=(); foreach $thisline (<fh>) { if ($thisline=~/dn:(.+)/) {$cdn=lc($1)}; if ($thisline=~/.+: *([EMAIL PROTECTED])/ <mailto:[EMAIL PROTECTED])/> ) {$ciuniqueemail{$cdn}{lc($1)}=1; } print "\n\nCase Insensitive Unique Email Addresses\n" foreach $dn (sort keys $ciuniqueemail) { print "$dn;"; map {print "$_;"} sort keys %{$ciuniqueemail{$dn}}; print "\n"; } __END SCRIPT__ want to match to display names or whatever else instead? Simply add the field to the search and change the line picking out the current "key". I really like dn as that is guaranteed unique in a forest, anything else and you need to scope your search better to avoid non-unique hits which would skew the output incorrectly. Does that meet the requirements? joe _____ Wrom: JGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZX [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 09, 2004 2:20 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ldifde and/or csdve Im hoping someone on here might be able to help me. I have a request to create a file that contains all my users smtp addresses. Im running in an AD windows 2000 environment. I need to ensure that the list contains all addresses for each person. I.e. in some cases the same person might have three different smtp addresses for whatever reason. Ive done some csdve commands such as: Csvde -f GAlSync.csv -d "OU=Contacts,OU=whatever,DC=CORP,DC=companyname,DC=com Which generates me a csv with the data in it but the cleanup to get to just the smtp addy's will be almost unbearable. Does anyone happen to know a better way to get just those smtp addy's out of there? Thanks, Travis List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
