- Backups (4)
- Desktops (2)
- Exchange (4)
- General Hardware (5)
- Google (2)
- Intel (1)
- Internet (5)
- Laptops (1)
- Memory (1)
- Microsoft (7)
- Nerdism (1)
- Networking (3)
- Rant (5)
- Security (6)
- Servers (1)
- Storage (3)
- Technical Questions (1)
- Uncategorized (2)
- 15. October 2008: Tech Talk site update
- 1. October 2008: HP Acquires LeftHand Networks
- 26. September 2008: Google Chrome - The Power Users Guide
- 10. September 2008: Cabling - Know when to walk away
- 2. September 2008: Google Chrome all set to launch
- 30. August 2008: IE8 and it's backwards incompatibility???
- 30. August 2008: Comcast gets slapped, then locks down bandwidth usage
- 27. August 2008: Customize/Create Outlook Web Access 2007 Themes
- 27. August 2008: Applying Managed Folder Mailbox Policies via LDAP Filters
- 27. August 2008: Exchange 2007 SP1 ActiveSync issues
Applying Managed Folder Mailbox Policies via LDAP Filters
In Exchange 2003 Mailbox Manager Policies could be applied to subsets of mailboxes using LDAP filters the same way Recipient Policies were applied.
In Exchange 2007 this behavior changed. Mailbox Manager Policies are now called Managed Folder Mailbox Polices and they are assigned on a per user level. This new methodology allows more granularity and eliminates some of the confusion about which policy is being applied.
However, in some cases the ability to apply these policies via LDAP filters is desired and the change is cumbersome. If you prefer the filtered method for applying policies, you can write a script using the PowerShell function below:
functionApply-FilteredManagedFolderMailboxPolicies ($LDAPFilter, $ManagedFolderMailboxPolicy){ $root = [ADSI]” $searcher = New-ObjectSystem.DirectoryServices.DirectorySearcher($root) $searcher.Filter = $LDAPFilter $searcher.PageSize = 500 $users = $searcher.findall() foreach ($user in $users){ $UserDN = [String] $user.properties.distinguishedname if ($UserDN -notlike “*SystemMailbox*”){ $mailbox = get-mailbox $UserDN if ($mailbox.RecipientTypeDetails -ne “LegacyMailbox”){ write-host “Updating: $UserDN” Set-Mailbox -Identity:$UserDN-ManagedFolderMailboxPolicy:$ManagedFolderMailboxPolicy-ManagedFolderMailboxPolicyAllowed:$true } } }}
This function will search your current domain for user accounts that match the supplied LDAP filter. For each user returned, the account is checked to ensure that the mailbox is hosted on an Exchange 2007 server and will set the Managed Folder Mailbox Policy as desired.
Combining with the LDAP filters you have already created for your existing Mailbox Manager Policies, you can easily write a script to apply the appropriate policies via filters.
#Usage:#Apply-FilterdManagedFolderMailboxPolicies $LDAPFilter $PolicyName
# Default PolicyApply-FilteredManagedFolderMailboxPolicies “(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) ))))” $null
# Delete after 180 days policyApply-FilteredManagedFolderMailboxPolicies “(&(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) )))(objectCategory=user)(memberOf=CN=Delete After 180 Days,CN=Users,DC=domain,DC=com)))” “180 day policy”
When writing the script, remember that the precedence of your policies should be lowest to highest. The first policy you should apply should be your default policy (or $null if you don’t want one) and the last policy should be your most restrictive filter with the highest precedence.
In this example, the default action is to no assign policy. The “180 day policy” is applied to the members of the “Delete After 180 Days” group.
When using groups to apply policies it is important to remember that there must be a default policy in your script so that once a user is removed from the defined group, the existing policy applied will be updated to the default policy.
About LDAP Filters
To get the LDAP filters used with existing Mailbox Manager policies simply open the policy and copy the text in the Filter Rules:textbox. Paste this filter encompassed in quotes into your script and you will be good to go.
If you want to manually create your own LDAP search string you can use the information at Creating an LDAP Search String to get you started.
If you prefer the GUI method open Active Directory Users and Computers, right-click the Saved Queries folder, select New, and Query. Click the Define Query box and select Users, Contacts, and Groups from the drop down box. On the Advanced tab select the attribute you would like to use from the filter from the Field box. At the very minimum you should add the following filters to start:
User: E-Mail Address Starts with *
User:Exchange Home Server Starts with *
Scheduling the Script
To ensure user policies are updated correctly based upon the filters, you must schedule this script to run sometime before the Managed Folder Assistant runs on the servers. Therefore as the assistant runs daily at 5am, the script should run daily at 3am.
posted by: Myke Reinhold
Info credit: Nick Smith
Leave a Reply
You must be logged in to post a comment.