Interesting ideas. We have a MMS (for joe's benefit) server... I'd like to see if populating lists is going to be possible using it... in the way I think.
Unfortunately, at the moment our collective backs are against the wall. We're dealing with a vendor that uses uniqueMember attribute which either is not or used in AD. Automation is definitely where we want to go... just a matter of figuring out how to get there. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Monday, January 12, 2004 12:37 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] ldifde and/or csdve I was thinking more along the the lines of the paranoid amongst us - you know, those who don't trust Microsoft products with any exposure to the Internet. OpenLDAP would fit in nicely with our existing mail relay structure, really. See, we run 4 boxes which boot OpenBSD from CD and do DNS and sendmail relaying. In our scheme, we could easily build the necessary OpenLDAP software into the boot image and just add a single config file to control it. No additional boxes needed, and not a lot of overhead - not to mention all lookups would be local. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: joe [mailto:[EMAIL PROTECTED] > Sent: Monday, January 12, 2004 12:07 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] ldifde and/or csdve > > > <COUGH>AD/AM<COUGH> <COUGH>MMS<COUGH> > > I refuse to call it MIIS. Stupid change. > > joe > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Monday, January 12, 2004 9:28 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] ldifde and/or csdve > > Not necessarily. > > If this is a big enough deal to warrant the work, you could > do one way sync > out to something like openldap (http://www.openldap.org) and use it - > replicating only the desired data there. > > Trust me, when we had whitelists on our external relays, > there was no end to > the problems and issues we had with inbound mail, and we only had 3500 > people at the time. I'd think something like this is worth > the effort if you > really want to reject prior to acceptance. > > Roger > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Tony Murray [mailto:[EMAIL PROTECTED] > > Sent: Monday, January 12, 2004 9:08 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] ldifde and/or csdve > > > > > > The only downside with this option is that it usually means > you need > > to expose your production AD DCs to servers in the DMZ. > Even if you > > baton down the ports through your firewall, use IPSec, etc. > it still > > means there is a route through to your DCs. > > > > Tony > > > > ---------- Original Message ---------------------------------- > > Wrom: OKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTN > > Reply-To: [EMAIL PROTECTED] > > Date: Mon, 12 Jan 2004 05:19:17 -0800 > > > > You might want to look at another option. Depending on the mail > > transfer agent you're using at the relays, many can do LDAP > > verification "live" off AD. Sendmail can do it, and I > believe postfix > > and others can as well. > > > > Having worked in an environment in which we had to keep white and > > black lists up to date - at its worst, it was 3500 users > and more or > > less constantly out of date. I'd strongly suggest you look at a > > different way to do it. > > > > Roger > > -------------------------------------------------------------- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > -----Original Message----- > > Wrom: HGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUI > > Sent: Saturday, January 10, 2004 10:20 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] ldifde and/or csdve > > > > > > I'm going to find out real soon if it meets requirements or > not. :-) > > Thanks for taking the time, Joe. Basically we're trying to create > > blacklists and whitelists for email filters based on email > > address to make > > sure user of x company does not have email parsed through > > various stages. > > > > One question... does adfind actually pull each value from the > > proxyAddresses > > field and match up to the parameter you've specified (e.g. > > the SMTP:*)... ? > > Thanks again! > > > > -m > > > > > > _____ > > > > Wrom: VOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLE > > [mailto:[EMAIL PROTECTED] On Behalf Of Joe > > Sent: Saturday, January 10, 2004 7:31 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] ldifde and/or csdve > > > > I will probably get dunned for the use of perl (except by Robbie and > > Richard) but.... > > > > If this is a one off thing, i.e. not a regular process and > > you just want to > > grab some data here is a quick and dirty solution. This is a > > joeware whip it > > up on the spot special for you.... no charge. :op > > > > > > __START SCRIPT__ > > `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail > > proxyaddresses >tempfile.txt`; > > open fh,"<tempfile.txt"; > > %uniqueemail=(); > > %ciuniqueemail=(); > > foreach $thisline (<fh>) > > { > > if ($thisline=~/.+: *([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED])/> )/) > > { > > $uniqueemail{$1}=1; > > $ciuniqueemail{lc($1)}=1; > > } > > } > > > > print "\n\nUnique Email Addresses\n" > > map {print "$_\n"} sort keys %uniqueemail; > > > > print "\n\nCase Insensitive Unique Email Addresses\n" > > map {print "$_\n"} sort keys %ciuniqueemail; > > __END SCRIPT__ > > > > > > It uses adfind (www.joeware.net <http://www.joeware.net> on > > the free win32 > > tools page) to query a global catalog to get all of the > > objects with either > > mail attribute populated OR SMTP starting one of the values in > > proxyaddresses and also retrieves those attributes. It sends > > this to a file > > both because I don't know how big your forest is and your > > memory in your pc > > is. If you have something smaller for a forest or a big box > > you can pull > > straight into memory with > > > > @output=`adfind -t 50000 -gc -b -f > > \"&(mail=*)(proxyaddresses=SMTP:*)\" mail > > proxyaddresses`; > > > > > > Also the base is nothing which means search the entire > > directory, if you > > wanted a single domain you could set -b parameter to some value like > > dc=child1,dc=domain,dc=com. > > > > > > It also will give you two hashes of unique IDs. One is case > > sensitive, one > > is case insensitive. Shouldn't matter and I personally would > > do everything > > case insensitive but not sure exactly what you are looking > > for so did it > > both ways. If you want case insensitive, kill any line with > > uniqueemail in > > it and leave the lines with ciuniqueemail in it. > > > > ex: > > > > __START SCRIPT__ > > `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail > > proxyaddresses >tempfile.txt`; > > open fh,"<tempfile.txt"; > > %ciuniqueemail=(); > > foreach $thisline (<fh>) { if ($thisline=~/.+: *([EMAIL PROTECTED])/ > > <mailto:[EMAIL PROTECTED])/> ) > > {$ciuniqueemail{lc($1)}=1}}; > > print "\n\nCase Insensitive Unique Email Addresses\n" > > map {print "$_\n"} sort keys %ciuniqueemail; > > __END SCRIPT__ > > > > > > Oh one quick thing, I hate it when I don't easily see what a regular > > expression is doing so the regex above ($thisline=~/.+: *([EMAIL PROTECTED])/ > > <mailto:[EMAIL PROTECTED])/> ) breaks down like this > > > > $thisline=~/.+: *(.+)/ > > > > $thisline=~ Take the $thisline variable and run a > > match against > > it.... > > /.+: *([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED])/> )/ This is the match. > > Match any line > > that has a : and an @ sign in it. On a match take the info > > following the : > > or a : with a trailing space and save it. > > > > This will match any of the following lines: > > > > >mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > >proxyaddresses: SMTP:[EMAIL PROTECTED] > > >proxyaddresses: smtp:[EMAIL PROTECTED] > > > > and save the email address piece in the variable $1. > > > > > > > > If you need to match up the dn to the email addresses this gets more > > involved but is still pretty easy. The following script will > > create a semi > > colon delimited list with the DN as the first field and all > > other fields > > email addresses for the specified dn. > > > > > > __START SCRIPT__ > > `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail > > proxyaddresses >tempfile.txt`; > > open fh,"<tempfile.txt"; > > %ciuniqueemail=(); > > foreach $thisline (<fh>) > > { > > if ($thisline=~/dn:(.+)/) {$cdn=lc($1)}; > > if ($thisline=~/.+: *([EMAIL PROTECTED])/ <mailto:[EMAIL PROTECTED])/> ) > > {$ciuniqueemail{$cdn}{lc($1)}=1; > > } > > > > print "\n\nCase Insensitive Unique Email Addresses\n" > > foreach $dn (sort keys $ciuniqueemail) > > { > > print "$dn;"; > > map {print "$_;"} sort keys %{$ciuniqueemail{$dn}}; > > print "\n"; > > } > > __END SCRIPT__ > > > > > > want to match to display names or whatever else instead? > > Simply add the > > field to the search and change the line picking out the > > current "key". I > > really like dn as that is guaranteed unique in a forest, > > anything else and > > you need to scope your search better to avoid non-unique hits > > which would > > skew the output incorrectly. > > > > > > > > Does that meet the requirements? > > > > > > joe > > > > > > > > > > > > _____ > > > > Wrom: JGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZX > > [mailto:[EMAIL PROTECTED] On Behalf Of > > [EMAIL PROTECTED] > > Sent: Friday, January 09, 2004 2:20 PM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] ldifde and/or csdve > > Im hoping someone on here might be able to help me. I have a > > request to > > create a file that contains all my users smtp addresses. Im > > running in an > > AD windows 2000 environment. I need to ensure that the list > > contains all > > addresses for each person. I.e. in some cases the same > > person might have > > three different smtp addresses for whatever reason. Ive done > > some csdve > > commands such as: > > > > Csvde -f GAlSync.csv -d > > "OU=Contacts,OU=whatever,DC=CORP,DC=companyname,DC=com > > > > Which generates me a csv with the data in it but the cleanup > > to get to just > > the smtp addy's will be almost unbearable. Does anyone > > happen to know a > > better way to get just those smtp addy's out of there? > > > > Thanks, > > > > Travis > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/