[ActiveDir] using perl/ldap against an ad domain

2002-04-24 Thread Michael . Homsey 

I looking for leads to get perl on linux/solaris to talk to use the LDAP
service of a win2k ad service.  I wish to extract user info (phone numbers
and the like.

I could do the same on a win 2k server box in the domain, but prefer to use
a solaris box.

Any pointers welcome.

Michael Homsey
CSIRO, CTIP


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] ADC Exchange 5.5 Mailbox Creation [Continued]

2002-04-24 Thread STEPHENS, BRENDAN 

After creating the user you can create the mailbox using the AccMgmt
component supplied with Exchange...

Set mntAcct = CreateObject("MSExchange.AcctMgmt")
...

And use the component to bind the mailbox to the user...

I'm just wondering if the ADC allows for an easy scripting reference to
create the mailbox (like CDOEXM's createmailbox or mailenable)?

I tried to register the cdoexm component on the 5.5 box, but, of course, it
would not let me create the control :(
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

[ActiveDir] Moving/Copying Users To A New Domain

2002-04-24 Thread Monte Barnett (Tech) 


   Greetings!

 OK, here's the story: Like a few other folks, we've just discovered
that our backups (using BackupExec) did NOT have the Active Directory info
backed up properly. The previous DC is toast, and restoring to either the
old hardware config or a new hardware config has been nothing short of a
lesson in futility. The other server in the domain, even after seizing
control, will not behave as the new "PDC". After numerous errors trying to
reestablish a necessary trust with "Domain A", we successfully removed the
trust from "Domain A", but any attempts to remove it from the problem domain
("Domain B") returns an Active Directory dialog box with the error "The
specified user does not exist". We've been fighting to reconstruct things
for three days now and we've pretty well decided to just move on. We have
the users' data directories & files, and have a new "Domain C" already set
up and trusted with "Domain A".

 So, here's what we'd *like* to do: Since we can still see all of the
old users in "Domain B", we need to know if there is a way to copy the user
accounts to "Domain C". If there *is* some way to do that, it'd certainly be
easier than spending the next several days running batch files & scripts to
create the old users in the new domain, then setting up sharing &
permissions on 1200+ directories on the data drive.

 Is this even possible, or are we simply going to have to roll up our
sleeves and do it "long hand"? 

  Thanks,

  Monte Barnett
  Network Tech
  Burlington-Edison School District
  Burlington, WA 98233
  (360) 757-3344
List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] ADC Programming

2002-04-24 Thread Joe Sargent 

I am not familiar with 5.5, but I think the ADC allows the mailbox to be
created via AD.  So the mailbox creation should be the same, I would
think.  I am sure there is someone else out there who could give you a
better response.

Joe S.



-Original Message-
From: SALANDRA, JUSTIN [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, April 24, 2002 12:42 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] ADC Programming


But I am not using Exchange 2000, I am using Exchange 5.5.  Thank you
for the info though.  I am sure it will be useful.

 -Original Message-
From:   Joe Sargent [mailto:[EMAIL PROTECTED]] 
Sent:   Wednesday, April 24, 2002 12:34 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADC Programming

I have had a lot of problems to get mailboxes created for Exchange 2000.
My guess is your problem is the same.  Mine was account password
policies.  You need to set the "userAccountControl" property to allow
the user to be created with no password.  That is done with this
code

' enable password for user
adsuserobject.Put "userAccountControl", 512 + 32

Then  call your mailbox create procedure

Then set the "userAccountControl" to back...
 ' enable password for user
adsuserobject.Put "userAccountControl", 512 + 32

Then set your password.
' set password
adsuserobject.SetPassword "password"


Below is the mailbox create procedure code that I got from CDOLIVE.com
that I have modified for my use.  Hope this helps.

HTH
JOE S.



Sub CreateMailbox (straduserobject,stremailaddress)

Dim objExchangeServer   ' As CDOEXM.ExchangeServer
Dim objDNSInfo  ' As ActiveDs.ADSystemInfo
Dim objNTInfo   ' As ActiveDs.WinNTSystemInfo
Dim objRootDSE  ' As ActiveDs.IADsContainer
Dim objMailboxStore ' As CDOEXM.IMailboxStore
Dim objRecipient' As CDOEXM.IMailRecipient
Dim objUser ' As ActiveDs.IADsUser
Dim objContainer' As ActiveDs.IADsContainer
DIM strHomeMDBUrl

DIM strServer
DIM strExchSG
DIM strExchAG
DIM strExchOrg
DIM strDomainName
DIM strDNSDomainName

Set objDNSInfo = CreateObject("ADSystemInfo")
Set objNTInfo = CreateObject("WinNTSystemInfo")
Set objRootDSE = GetObject("LDAP://RootDSE";)

strExchOrg = "WSCC"
strExchAG = "First Administrative Group"
strExchSG = "First Storage Group"
strServer = objNTInfo.ComputerName
strDNSDomainName = objDNSInfo.DomainDNSName
strDomainName = objRootDSE.Get("defaultNamingContext")


strHomeMDBUrl = "CN=Mailbox Store (" & strServer & "),CN=" & strExchSG &
"," & _
"CN=InformationStore,CN=" & strServer & ",CN=Servers," &
_
"CN=" & strExchAG & ",CN=Administrative Groups," & _
"CN=" & strExchOrg & ",CN=Microsoft
Exchange,CN=Services,CN=Configuration," & strDomainName
'"CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration," & strDomainName

Set objExchangeServer = CreateObject("CDOEXM.ExchangeServer")
'


Err.Clear
' Get CDOEXM mailbox store interface from ADSI user
Set objMailboxStore = straduserobject

' Get CDOEXM recipient interface from ADSI user
Set objRecipient = straduserobject

' Set Exchange 2000 Server mailbox home database
property
'Err.Clear
'WScript.Echo strHomeMDBUrl
objMailboxStore.CreateMailbox strHomeMDBUrl


' Check for errors
If Err.Number = 0 Then

' Save properties
With straduserobject

' Make entry visible in Exchange address
lists
.Put "msExchHideFromAddressLists", FALSE


'save changes
Err.Clear
.SetInfo
End With
End If

' Check for errors
'If Err.Number = 0 Then

' Write mailbox restrictions
With objMailboxStore

' Disable store defaults
.EnableStoreDefaults = True

' Issue warning at (KB)
'.StoreQuota = 1000

' Prohibit send at (KB)
'.OverQuotaLimit = 1

' Prohibit send and receive at (KB)
'.HardLimit = 10
End With


with objRecipient
'set secondary email address
.ProxyAddresses ="smtp:" &
stremailaddress & "@domain.com"
'set

RE: [ActiveDir] ADC Programming

2002-04-24 Thread SALANDRA, JUSTIN 

But I am not using Exchange 2000, I am using Exchange 5.5.  Thank you for
the info though.  I am sure it will be useful.

 -Original Message-
From:   Joe Sargent [mailto:[EMAIL PROTECTED]] 
Sent:   Wednesday, April 24, 2002 12:34 PM
To: [EMAIL PROTECTED]
Subject:RE: [ActiveDir] ADC Programming

I have had a lot of problems to get mailboxes created for Exchange 2000.
My guess is your problem is the same.  Mine was account password
policies.  You need to set the "userAccountControl" property to allow
the user to be created with no password.  That is done with this
code

' enable password for user
adsuserobject.Put "userAccountControl", 512 + 32

Then  call your mailbox create procedure

Then set the "userAccountControl" to back...
 ' enable password for user
adsuserobject.Put "userAccountControl", 512 + 32

Then set your password.
' set password
adsuserobject.SetPassword "password"


Below is the mailbox create procedure code that I got from CDOLIVE.com
that I have modified for my use.  Hope this helps.

HTH
JOE S.



Sub CreateMailbox (straduserobject,stremailaddress)

Dim objExchangeServer   ' As CDOEXM.ExchangeServer
Dim objDNSInfo  ' As ActiveDs.ADSystemInfo
Dim objNTInfo   ' As ActiveDs.WinNTSystemInfo
Dim objRootDSE  ' As ActiveDs.IADsContainer
Dim objMailboxStore ' As CDOEXM.IMailboxStore
Dim objRecipient' As CDOEXM.IMailRecipient
Dim objUser ' As ActiveDs.IADsUser
Dim objContainer' As ActiveDs.IADsContainer
DIM strHomeMDBUrl

DIM strServer
DIM strExchSG
DIM strExchAG
DIM strExchOrg
DIM strDomainName
DIM strDNSDomainName

Set objDNSInfo = CreateObject("ADSystemInfo")
Set objNTInfo = CreateObject("WinNTSystemInfo")
Set objRootDSE = GetObject("LDAP://RootDSE";)

strExchOrg = "WSCC"
strExchAG = "First Administrative Group"
strExchSG = "First Storage Group"
strServer = objNTInfo.ComputerName
strDNSDomainName = objDNSInfo.DomainDNSName
strDomainName = objRootDSE.Get("defaultNamingContext")


strHomeMDBUrl = "CN=Mailbox Store (" & strServer & "),CN=" & strExchSG &
"," & _
"CN=InformationStore,CN=" & strServer & ",CN=Servers," &
_
"CN=" & strExchAG & ",CN=Administrative Groups," & _
"CN=" & strExchOrg & ",CN=Microsoft
Exchange,CN=Services,CN=Configuration," & strDomainName
'"CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration," & strDomainName

Set objExchangeServer = CreateObject("CDOEXM.ExchangeServer")
'


Err.Clear
' Get CDOEXM mailbox store interface from ADSI user
Set objMailboxStore = straduserobject

' Get CDOEXM recipient interface from ADSI user
Set objRecipient = straduserobject

' Set Exchange 2000 Server mailbox home database
property
'Err.Clear
'WScript.Echo strHomeMDBUrl
objMailboxStore.CreateMailbox strHomeMDBUrl


' Check for errors
If Err.Number = 0 Then

' Save properties
With straduserobject

' Make entry visible in Exchange address
lists
.Put "msExchHideFromAddressLists", FALSE


'save changes
Err.Clear
.SetInfo
End With
End If

' Check for errors
'If Err.Number = 0 Then

' Write mailbox restrictions
With objMailboxStore

' Disable store defaults
.EnableStoreDefaults = True

' Issue warning at (KB)
'.StoreQuota = 1000

' Prohibit send at (KB)
'.OverQuotaLimit = 1

' Prohibit send and receive at (KB)
'.HardLimit = 10
End With


with objRecipient
'set secondary email address
.ProxyAddresses ="smtp:" &
stremailaddress & "@domain.com"
'set default SMTP
.SMTPEmail = stremailaddress &
"@otherdomain.com" 
end with

' Set the delivery restriction settings and
proxy addresses
With objRecipient
 
' If either of these is -1, then the
system defaults are being used
' Outgoing message size

RE: [ActiveDir] ADC Programming

2002-04-24 Thread Joe Sargent 

I have had a lot of problems to get mailboxes created for Exchange 2000.
My guess is your problem is the same.  Mine was account password
policies.  You need to set the "userAccountControl" property to allow
the user to be created with no password.  That is done with this
code

' enable password for user
adsuserobject.Put "userAccountControl", 512 + 32

Then  call your mailbox create procedure

Then set the "userAccountControl" to back...
 ' enable password for user
adsuserobject.Put "userAccountControl", 512 + 32

Then set your password.
' set password
adsuserobject.SetPassword "password"


Below is the mailbox create procedure code that I got from CDOLIVE.com
that I have modified for my use.  Hope this helps.

HTH
JOE S.



Sub CreateMailbox (straduserobject,stremailaddress)

Dim objExchangeServer   ' As CDOEXM.ExchangeServer
Dim objDNSInfo  ' As ActiveDs.ADSystemInfo
Dim objNTInfo   ' As ActiveDs.WinNTSystemInfo
Dim objRootDSE  ' As ActiveDs.IADsContainer
Dim objMailboxStore ' As CDOEXM.IMailboxStore
Dim objRecipient' As CDOEXM.IMailRecipient
Dim objUser ' As ActiveDs.IADsUser
Dim objContainer' As ActiveDs.IADsContainer
DIM strHomeMDBUrl

DIM strServer
DIM strExchSG
DIM strExchAG
DIM strExchOrg
DIM strDomainName
DIM strDNSDomainName

Set objDNSInfo = CreateObject("ADSystemInfo")
Set objNTInfo = CreateObject("WinNTSystemInfo")
Set objRootDSE = GetObject("LDAP://RootDSE";)

strExchOrg = "WSCC"
strExchAG = "First Administrative Group"
strExchSG = "First Storage Group"
strServer = objNTInfo.ComputerName
strDNSDomainName = objDNSInfo.DomainDNSName
strDomainName = objRootDSE.Get("defaultNamingContext")


strHomeMDBUrl = "CN=Mailbox Store (" & strServer & "),CN=" & strExchSG &
"," & _
"CN=InformationStore,CN=" & strServer & ",CN=Servers," &
_
"CN=" & strExchAG & ",CN=Administrative Groups," & _
"CN=" & strExchOrg & ",CN=Microsoft
Exchange,CN=Services,CN=Configuration," & strDomainName
'"CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration," & strDomainName

Set objExchangeServer = CreateObject("CDOEXM.ExchangeServer")
'


Err.Clear
' Get CDOEXM mailbox store interface from ADSI user
Set objMailboxStore = straduserobject

' Get CDOEXM recipient interface from ADSI user
Set objRecipient = straduserobject

' Set Exchange 2000 Server mailbox home database
property
'Err.Clear
'WScript.Echo strHomeMDBUrl
objMailboxStore.CreateMailbox strHomeMDBUrl


' Check for errors
If Err.Number = 0 Then

' Save properties
With straduserobject

' Make entry visible in Exchange address
lists
.Put "msExchHideFromAddressLists", FALSE


'save changes
Err.Clear
.SetInfo
End With
End If

' Check for errors
'If Err.Number = 0 Then

' Write mailbox restrictions
With objMailboxStore

' Disable store defaults
.EnableStoreDefaults = True

' Issue warning at (KB)
'.StoreQuota = 1000

' Prohibit send at (KB)
'.OverQuotaLimit = 1

' Prohibit send and receive at (KB)
'.HardLimit = 10
End With


with objRecipient
'set secondary email address
.ProxyAddresses ="smtp:" &
stremailaddress & "@domain.com"
'set default SMTP
.SMTPEmail = stremailaddress &
"@otherdomain.com" 
end with

' Set the delivery restriction settings and
proxy addresses
With objRecipient
 
' If either of these is -1, then the
system defaults are being used
' Outgoing message size
.OutgoingLimit = -1

' Incoming message size
.IncomingLimit = -1
End With

' Save properties

straduserobject.SetInfo

 
end sub


-Original Message-
Fr

[ActiveDir] ADC Programming

2002-04-24 Thread SALANDRA, JUSTIN 

Hello Everyone,

Question for you all.

I have the ADC installed from the Exchange 2000 CD on my Win2k Server DC.  I
have all the right CA's configured. I am trying to automate the creation of
user accounts through a adsi and asp scripts.  I can get the users created,
but am having difficulty creating the mailboxes.  Does anyone know the
coding for creating mailboxes through AD for Exchange 5.5 using the ADC?

Justin A. Salandra, MCSE
Senior Network Engineer
Catholic Healthcare System
914.681.8117 office
646.483.3325 cell
[EMAIL PROTECTED]  

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Microsoft Baseline Security Analyser:

2002-04-24 Thread Hayes, Shawn 
Title: Message



I saw 
some mixed results, but I am not complaining.  When I ran the MSBSA on the 
server it showed I needed more hotfixes than when I ran it from my workstation 
directed at the server.  Although, WINDOWS UPDATE reported I needed 
all the hotfixes/patches that the MSBSA found and 
more. :-(

  
  -Original Message-From: Rick Kingslan 
  [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 8:24 
  PMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] Microsoft Baseline Security Analyser:
  James,
   
  Thanks for tossing this out there.  Yes, there are some great 
  features to this, and it puts a GREAT face on HFNetchk.  There are a few 
  folks that have complained of inconsistent results, but I haven't experienced 
  it yet.
   
  Overall, great tool.
   
  
  Rick Kingslan - Microsoft Certified Trainer  MCSE+I 
  on Windows NT 4.0  MCSE on Windows 2000  MVP [Windows 
  NT/2000 Server]"Any sufficiently advanced technologyis 
  indistinguishable from magic."  ---  Arthur C. 
  Clarke
  

-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]] On Behalf Of Blair, 
JamesSent: Tuesday, April 23, 2002 7:09 PMTo: 
'[EMAIL PROTECTED]'Subject: [ActiveDir] Microsoft 
Baseline Security Analyser:
All,
 
Came across this 
the other day and thought that some of you may be interested, pretty sure 
that it has not been mentioned yet, much prefer this to 
hfnetchk:
 
Quick Summary 
from Microsoft:

"the Microsoft Baseline Security 
Analyzer (MBSA or Mbsa.exe), a tool that centrally scans Windows-based 
computers for common security misconfigurations. MBSA runs on Windows 
2000-based and Windows XP-based computers, and can scan for missing hotfixes 
and security vulnerabilities on Windows NT 4.0-based, Windows 2000-based, 
and Windows XP-based computers. MBSA generates individual security reports 
for each computer that is scanned for security issues in the Microsoft 
Windows operating system, Microsoft Internet Information Services (IIS), 
Microsoft SQL Server, and Microsoft Internet Explorer. A graphical user 
interface and command line interface are available in version 1.0." 
Available 
at:
 
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320454
 
James