0 votes

Hi,

Is there a simple way to read the Exchange AD attributes without having to use the custom Exchange ADSI interface API?

I'm trying to write an Adaxes Scheduled Task that iterates thru AD and looks for mailboxes with hard quotas set (ms-Exch-MDB-Over-Hard-Quota-Limit) and then reports on them and removes the quota (by deleting the attribute).

I know there is the 'proper' way of doing this using the Exchange SDK commands etc, but there doesn't appear to be any reason why I shouldn't be able to do it using the 'normal' Get("ms-Exch-MDB-Over-Hard-Quota-Limit") - other than the fact that the command doesn't recognise the property!

Thanks

by (1.6k points)
0

Ping to top.

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Yes, you can read and modify Exchange-specific properties of AD objects directly in Active Directory, just the same as you do with any other properties of AD objects. However, we recommend resorting to the Exchange ADSI API anywhere possible, because it is the method recommended by Microsoft. We can't guarantee that simply modifying a property will work in all cases on the Exchange side.

Anyway, here's a script that emails an HTML-formatted report on all users who have the ms-Exch-MDB-Over-Hard-Quota-Limit set, and then removes the limit without using Adaxes Exchange ADSI API:

# E-mail settings
$to = "recipient@domain.com" # TODO: modify me
$subject = "Users Who have Hard Mailbox Quotas Specified" # TODO: modify me
$reportHeader = "<h2><b>Users Who have Hard Mailbox Quotas (<i>ms-Exch-MDB-Over-Hard-Quota-Limit</i>) Specified</b></h2>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

# Search users who have the 'ms-Exch-MDB-Over-Hard-Quota-Limit' attribute set
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.SearchFilter = "(&(sAMAccountType=805306368)(!(name=DiscoverySearchMailbox*))(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mDBOverHardQuotaLimit=*))"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.VirtualRoot = $True

try
{
    $searchResultIterator = $searcher.ExecuteSearch()
    $users = $searchResultIterator.FetchAll()

    # Get the default Web Interface address
    $webInterfaceAddress = "%adm-WebInterfaceUrl%"
    if ([System.String]::IsNullOrEmpty($webInterfaceAddress))
    {
        $Context.LogMessage("Default web interface address not set for Adaxes service. For details, see http://www.adaxes.com/help/?HowDoI.ManageService.RegisterWebInterface.html", "Warning")
    }

    $reportHeader += "<ol>"
    foreach ($userID in $users)
    {
        # Bind to the user
        $user = $Context.BindToObject($userID.AdsPath)

        # Add user info to the report
        $guid = [Guid]$user.Get("objectGuid")
        $userDisplayName = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($userID.AdsPath, "IncludeParentPath")
        $reportHeader += "<li><a href='$webInterfaceAddress`ViewObject.aspx?guid=$guid'>$userDisplayName</a></li>"

        # Clear the 'ms-Exch-MDB-Over-Hard-Quota-Limit' attribute
        $user.Put("mDBOverHardQuotaLimit", $NULL)
        $user.SetInfo()
    }
    $reportHeader += "</ol>"
    $reportHeader += "Users found:" + $users.Length
    $htmlReport = $reportHeader + $reportFooter 

    # Send mail
    $Context.SendMail($to, $subject, $NULL, $htmlReport)
}
finally
{
    $searchResultIterator.Dispose()
}

Here's a version of the script that does the same using Adaxes Exchange ADSI API:

# E-mail settings
$to = "recipient@domain.com" # TODO: modify me
$subject = "Users Who have Hard Mailbox Quotas Specified" # TODO: modify me
$reportHeader = "<h2><b>Users Who have Hard Mailbox Quotas (<i>ms-Exch-MDB-Over-Hard-Quota-Limit</i>) Specified</b></h2>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

# Search users who have the 'ms-Exch-MDB-Over-Hard-Quota-Limit' attribute
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.SearchFilter = "(&(sAMAccountType=805306368)(!(name=DiscoverySearchMailbox*))(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mDBOverHardQuotaLimit=*))"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.VirtualRoot = $True

try
{
    $searchResultIterator = $searcher.ExecuteSearch()
    $users = $searchResultIterator.FetchAll()

    # Get the default Web Interface address
    $webInterfaceAddress = "%adm-WebInterfaceUrl%"
    if ([System.String]::IsNullOrEmpty($webInterfaceAddress))
    {
        $Context.LogMessage("Default web interface address not set for Adaxes service. For details, see http://www.adaxes.com/help/?HowDoI.ManageService.RegisterWebInterface.html", "Warning")
    }

    # Create an instance of the AdmExchangeMailboxParameters class
    $mailboxParams = New-Object "Softerra.Adaxes.Adsi.Exchange.AdmExchangeMailboxParameters"

    # Remove Prohibit Send and Receive Quota
    $storageQuotas = $mailboxParams.StorageQuotas
    $storageQuotas.IsModificationEnabled = $True
    $storageQuotas.ProhibitSendReceiveQuotaModificationEnabled = $True

    $reportHeader += "<ol>"
    foreach ($userID in $users)
    {
        # Bind to the user
        $user = $Context.BindToObject($userID.AdsPath)

        # Add user info to the report
        $guid = [Guid]$user.Get("objectGuid")
        $userDisplayName = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($userID.AdsPath, "IncludeParentPath")
        $reportHeader += "<li><a href='$webInterfaceAddress`ViewObject.aspx?guid=$guid'>$userDisplayName</a></li>"

        # Disable Prohibit Send and Receive Quota
        $user.SetMailParameters($mailboxParams, "ADM_SET_EXCHANGE_PARAMS_FLAGS_NONE")
    }
    $reportHeader += "</ol>"
    $reportHeader += "Users found:" + $users.Length
    $htmlReport = $reportHeader + $reportFooter 

    # Send mail
    $Context.SendMail($to, $subject, $NULL, $htmlReport)
}
finally
{
    $searchResultIterator.Dispose()
}

In the scripts, modify the following to meet your requirements:

  • $to - specifies the recipient of the report;
  • $subject - specifies the e-mail message subject;
  • $reportHeader - specifies the report header;
  • $reportFooter - specifies the report footer.

To schedule the report, create a Scheduled Task configured for the Domain-DNS object type.

0

Awesome support as always!

Related questions

0 votes
1 answer

We have Exchange 2010 OnPrem and Office 365 Exchange Online in a full Hybrid environment. Using AD Active Sync. We have now moved all of our mailboxes to Exchange ... manage the OnPrem Exchange AD Attributes after the last Exchange 2010 server is removed?

asked Jun 1, 2020 by StevePogue (20 points)
0 votes
1 answer

Im trying to rename "Extension attribute 1 and 2" to something legible for users. Is there a way to cahnge the dsiaply name myslef like how other attributes are done?

asked Feb 17, 2023 by raul.ramirez (210 points)
0 votes
1 answer

Hello, We really like the new Azure AD functionality in Adaxes. Is it possible (or planned) to managed Azure AD Custom Security Attributes (currently in Preview) using Adaxes? We have ... an AAD only user so we'd like to start with Azure attrbiutes if we can.

asked Dec 9, 2022 by Gavin.Raymen (40 points)
0 votes
1 answer

I am basically setting up the self service portal to only allow a user to reset thier own passwords.

asked Oct 19, 2022 by mightycabal (1.0k points)
0 votes
1 answer

I am wanting to export a list of users including the properties of a specific custom attribute. Ideally, I would be able to run a get-admuser and filter on a custom attribute, but even an excel report with the custom attributes would work. Is this possible?

asked Sep 9, 2021 by ggallaway (300 points)
3,589 questions
3,278 answers
8,303 comments
548,122 users