Thanks for that, nice tool, it shows a lot of info. In the mean time I got the query working, finally. Does anybody know where I can find information about how to learn LDAP. It would be nice if in the future I would not have to disturb the people with LDAP query questions :-) but be able to fix/create them myself.
I first started to read this: http://www.microsoft.com/technet/prodtechnol/exchange/2003/insider/ldapq uery.mspx Now I am working on this: http://download.microsoft.com/download/3/d/3/3d32b0cd-581c-4574-8a27- 67e89c206a54/uldap.doc But perhaps there is even better material, especially focussed on queries in AD. ----- Oorspronkelijk bericht ----- Van: Jerry Welch <[EMAIL PROTECTED]> Datum: woensdag, mei 31, 2006 1:40 pm Onderwerp: RE: [ActiveDir] LDAP query to create Exchange address list - organisation with child domains > Victor, > There is a great little editor called Notepad2 that pairs up > parentheses and > makes this type of work much easier. http://www.flos-freeware.ch/ > I copied your earlier query string into Notepad2 and see that the > parentheses did not balance out. > Jerry > > > Jerry Welch > CPS Systems > US/Canada: 888-666-0277 > International: +1 703 827 0919 (-5 GMT) > IP Phone (Skype): Jerry_Welch ( www.skype.net ) > IP Phone (VOIP): Jerry_Welch ( www.voipstunt.com ) > VOIP to Landline: callto:+1-703-827-0919 > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of victor- > [EMAIL PROTECTED]: Wednesday, May 31, 2006 7:14 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] LDAP query to create Exchange address > list - > organisation with child domains > > Okay, I have been working on getting this query right for an hour > now, tried > several combinations but I believe it is not all that easy to > build an LDAP > query, things like parentheses and ampersands...they are driving > me mad > right now ;-) > > I have now created 2 seperated address lists in Exchange because I > cannotseem to create one query to output the complete result I > want. > > I have now composed 2 seperate queries which give me exactly the > output that > want, BUT only seperately. When I join these queries together I > get a query > which doesnt work or doesnt give me the output that I want. > > These are the queries: > > query 1: > > (&(&(& (mailnickname=*) (| > (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(! (msExchHomeServerName=*)))(&(objectCategory=person) > (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& > (objectCategory=person)(objectClass=contact)) )))) > > query 2: > > (&(objectCategory=group)(proxyAddresses=*a.mydomain.com)) > > > - "AA" are the first letters of the servernames for that child domain. > - "a" in "a.mydomain.com" is the name of my child domain. > > Both these queries are working but I cannot seem to make one query > out of > them. I guess the query I want to create should have some sort of > AND in it > because I want the results of both queries together in one query. > > Does anybody have any idea how to create one working query out of > these two? > > > > ----- Oorspronkelijk bericht ----- > Van: [EMAIL PROTECTED] > Datum: woensdag, mei 31, 2006 11:27 am > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > address > list - organisation with child domains > > > Emm, it seems I just found it, might be usefull for anybody who > > didnt > > already know it, (probably just me): > > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;312299 > > > > ----- Oorspronkelijk bericht ----- > > Van: [EMAIL PROTECTED] > > Datum: woensdag, mei 31, 2006 10:33 am > > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > > address > > list - organisation with child domains > > > > > I have made some progress and I think that this query should work: > > > > > > (&(&(& (mailnickname=*) (| > > > (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(! > > (msExchHomeServerName=*)))(&(objectCategory=person) > > > (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& > > > (objectCategory=person)(objectClass=contact)) > > > (objectCategory=publicFolder))(&(objectCategory=group) > > > ([EMAIL PROTECTED] email address)))) > > > > > > Unfortunately I cannot paste this query in the LDAP query > field > > on > > > the > > > Advanced tab of the screen I get in when I click properties of > > the > > > address list. It seems I can only put a certain number of > > > characters in > > > there. > > > > > > > > > ----- Oorspronkelijk bericht ----- > > > Van: [EMAIL PROTECTED] > > > Datum: woensdag, mei 31, 2006 9:55 am > > > Onderwerp: Re: RE: [ActiveDir] LDAP query to create Exchange > > > address > > > list - organisation with child domains > > > > > > > Good idea, but I think I am doing something wrong. It is not > a > > > > matter > > > > of the AL being displayed differently by the RUS on the hand > > or > > > > the AL > > > > previeuw button on the other hand (at least in case of this > > > > company it > > > > isnt:-). > > > > > > > > The only thing I am looking at is the list which is > displayed > > > when > > > > clicking the AL preview button. When I put the query > described > > > > beneath, > > > > in the address list in ESM and I click the preview button, a > > > list > > > > is > > > > displayed which also contains mail enabled groups from the > > other > > > > child > > > > domains. I cannot seem to get the query right to not display > > > those > > > > groups. It looks like this problem is more difficult than I > > > > thought it > > > > would be. > > > > > > > > Still working on it. > > > > > > > > ----- Oorspronkelijk bericht ----- > > > > Van: joe <[EMAIL PROTECTED]> > > > > Datum: woensdag, mei 31, 2006 1:59 am > > > > Onderwerp: RE: [ActiveDir] LDAP query to create Exchange > > address > > > > list - > > > > organisation with child domains > > > > > > > > > First off, the test AL button in the ESM doesn't build the > > AL > > > > the > > > > > same way > > > > > that the RUS does. The RUS does not issue an LDAP query to > > > build > > > > > the AL, it > > > > > looks at every object that is detected as changed (or at > > every > > > > > object if > > > > > forced to rebuild) via USN change tracking and manually > > > compares > > > > > it to the > > > > > AL LDAP filter. This means that bugs in either mechanism > > could > > > > > result in > > > > > different lists being built, so basically, don't trust > what > > > ESM > > > > > says the AL > > > > > will have as members, it is pretty worthless. Set the > filter > > > and > > > > > let the AL > > > > > build the list. > > > > > > > > > > Because of how this is all implemented, there is no domain > > > > > affinity for the > > > > > building of the ALs. This means you need to focus on > > something > > > > > else. I would > > > > > not focus on the email addresses since those are also > being > > > > > set/modified by > > > > > the RUS, you want to use something else. This could be a > > > > specific > > > > > specialattribute you set on the objects that allow you to > > > > > categorize them or add > > > > > the users/groups to special groups that indicate what > domain > > > > they > > > > > are in and > > > > > add a memberof=somegroupdn component to the filter. > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED] On Behalf Of > > > victor- > > > > > [EMAIL PROTECTED]: Tuesday, May 30, 2006 3:53 PM > > > > > To: ActiveDir@mail.activedir.org > > > > > Subject: [ActiveDir] LDAP query to create Exchange address > > > list - > > > > > organisation with child domains > > > > > > > > > > I am in an organisation of which the Active Directory > exists > > > of > > > > a > > > > > parent root domain and 4 child domains. > > > > > > > > > > Each child domain has its own address list in Exchange. It > > is > > > > one > > > > > Exchange organisation with 1 Administrative Group. > > > > > > > > > > Let's call these domains A, B, C, and D. > > > > > > > > > > When looking at each of these lists I see the following: > > > > > > > > > > - Users with Exchange mailbox > > > > > - Users with an External e-mail address > > > > > - Groups > > > > > - Contacts > > > > > - Public Folders > > > > > > > > > > The thing I dont want to see but what I cannot seem to get > > rid > > > > of > > > > > is > > > > > the fact that I see (mail enabled) groups from other child > > > > domains > > > > > in > > > > > the address lists. > > > > > > > > > > Each child domain has several Exchange servers which names > > > start > > > > > with > > > > > AA or BB or CC or DD, depending on the child domain for > > which > > > > they > > > > > are > > > > > serving. For instance the Exchange servers in child domain > > A, > > > > all > > > > > start with AA. That is why I based the query on AA* for > the > > A > > > > > child > > > > > domain. > > > > > > > > > > For child domain A the query looks like this: > > > > > > > > > > (&(&(& (mailnickname=*) (| > > > > (&(objectCategory=person)(objectClass=user)> > > > > > > > > > > (!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)> > > > (objectClass=user)(msExchHomeServerName=*/cn=AA*))(& > > > > > > > > > > > (objectCategory=person)(objectClass=contact))(objectCategory=group)> > > > (objectCategory=publicFolder) )))) > > > > > > > > > > What I would like to do is create an Exchange address list > > > > without > > > > > groups from other child domains in it. > > > > > > > > > > The strange thing is that when I build a query which > > consists > > > of > > > > > groups based on the emailaddress/proxyaddress of that > > specific > > > > > child > > > > > domain, the query gives an output of exactly those groups > > > which > > > > > are in > > > > > that child domain, so far soo good. When I then add all > > users > > > > with > > > > > an > > > > > emailaddress/proxyaddress to that same query (I do this > all > > > from > > > > > with > > > > > ESM, right click address list etcetera), I get the message > > > that > > > > no > > > > > items can be found by this criteria. > > > > > > > > > > Any help is greatly appreciated. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > List info : http://www.activedir.org/List.aspx > > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > > List archive: http://www.activedir.org/ml/threads.aspx > > > > > > > > > > List info : http://www.activedir.org/List.aspx > > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > > List archive: http://www.activedir.org/ml/threads.aspx > > > > > > > > > List info : http://www.activedir.org/List.aspx > > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > > List archive: http://www.activedir.org/ml/threads.aspx > > > > > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: http://www.activedir.org/ml/threads.aspx > > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.activedir.org/ml/threads.aspx > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
