0 votes

I am trying to use a property pattern to prevent email forwarding to accounts in other domains managed by Adaxes.

Here is my regex: ^([^,]+,)+(DC=domain,DC=local)$

The altRecipient (Forward To) property is supposed to be a distinguished name, and that is reflected in ADSI, however, I cannot get this regex to match anything. I select a user to forward to, and the DN for that user is:

CN=Tech Gal,OU=Tech Users,DC=domain,DC=local

Does anyone have any insight as to why this isn't working? Is Adaxes using some other value before resolving the DN?

Thanks in advance!
Leah

by (120 points)

1 Answer

0 votes
by (287k points)
selected by
Best answer

Hello Leah,

Unfortunately, there is no possibility to disallow selecting users from a specific domain in the Forward To field using Property Patterns. However, thank you for the suggestion. We will consider it.

As a solution, you can use a Business Rule triggering Before Updating Exchange Properties of a User that will cancel the operation if the Forward To field contains a user located in a specific domain. If this solution meets your needs, we will provide you with detailed instructions.

0

That sounds like something I can work with. Instructions would be great. Thanks!

0

Hello,

Thank you for the confirmation. To create the Business Rule:

  1. Launch Adaxes Administration Console.

  2. In the Console Tree, right-click your service node.

  3. In the context menu, navigate to New and click Business Rule.

  4. On step 2 of the Create Business Rule wizard, select User Object type.

  5. Select Before Modifying Exchange properties of a User and click Next.

  6. Click Add an action.

  7. Select Cancel this operation.

  8. Specify a cancellation reason and click OK.

  9. Right-click the action you created and then click Add Condition.

  10. Select If PowerShell script returns true.

  11. Paste the below script into the Script field. In the script, the $domainDN variable specifies the distinguished name (DN) of the domain (e.g. DC=example,DC=com).

     $domainDN = "DC=example,DC=com" # TODO: modify me
    
     function CheckObjectLocation($objectDN, $domainDN)
     {
         $objectDN = New-Object "Softerra.Adaxes.Ldap.DN" $objectDN
         $Context.ConditionIsMet = $objectDN.IsDescendantOf($domainDN)
     }
    
     # Get Exchange properties set by the action
     $modifiedMailboxParams = $Context.Action.MailParameters
     if (-not($modifiedMailboxParams.MailFlowSettings.DeliveryOptions.ForwardingAddressModificationEnabled))
     {
         return
     }
    
     # Get forwarding address
     $forwardingAddress = $modifiedMailboxParams.MailFlowSettings.DeliveryOptions.ForwardingAddress
     if ($forwardingAddress.ObjectDN)
     {
         CheckObjectLocation $forwardingAddress.ObjectDN $domainDN
         return
     }
     elseif ($forwardingAddress.ObjectGuid)
     {
         $objectPath = "Adaxes://<GUID=" + $forwardingAddress.ObjectGuid + ">"
     }
     elseif ($forwardingAddress.ObjectSid)
     {
         $objectPath = "Adaxes://<SID=" + $forwardingAddress.ObjectSid + ">"
     }
     else
     {
         $Context.LogMessage("Unable to get object path: " + $forwardingAddress.Identifier, "Error")
         $Context.ConditionIsMet = $True
         return
     }
    
     # Check object DN
     $object = $Context.BindToObject($objectPath)
     CheckObjectLocation $object.Get("distinguishedName") $domainDN
  12. Enter a short description and click OK.

  13. Click Next and finish creating the Business Rule.

Related questions

0 votes
1 answer

When we create a shared mailbox, we create an associated mail-enabled security group. In the security group I want to populate the description field with the name of the shared mailbox ... How can I get just the "name" of the shared mailbox versus the full DN?

asked Feb 4, 2021 by atnorman (120 points)
0 votes
1 answer

I have a specific computer property pattern for three different types of computers, which live in three different OUs and are in three different business units. I will have ... How do I enforce a property pattern for a specific business unit at creation time?

asked Jul 17, 2023 by bennett.blodinger (60 points)
0 votes
1 answer

Is it possible to update a Propery Pattern using a powershell script? If a new department OU is created, is it possible to automaticly update the User Pattern's Department property to reflect that a new department has been added?

asked Jan 28, 2013 by kjesoo (960 points)
0 votes
1 answer

Hallo, As a part of my custom command I'd like to create forward from a mailbox to an external SMTP. Unfortunately I cann't use below script because of security policy: ... it by myself but I stuck on bing contact for forward. Could you please help me?

asked Aug 28, 2015 by axmaster (510 points)
0 votes
1 answer

Is there a way I can bypass a property pattern for a set of users? For example we have an AP team that creates an account and want to restrict Job Title and Department to a ... we would like to be able to override that list. Is there an easy way to do that?

asked Sep 5 by curtisa (290 points)
3,526 questions
3,217 answers
8,197 comments
547,625 users