AD custom6 attribute and group memberships for shared mailboxes
I have 900 shared mailboxes that are in Exchange 2007. These mailboxes have no owners and are provided access to the users threw AD groups. I need a script that will produce Each users custom6 attribute (SID is there) along with the shared mailboxes they
have rights to (Full. send As etc...)
This is a migration from 2007 to 2010 in different domains.
[email protected]
2142285476
Charles B. Giles
Deployment and upgrade questions should be asked in the forum for the product as there are tools available to automate 2007 to 2010 migrations.
See:
http://technet.microsoft.com/en-us/library/ee681665(v=exchg.141).aspx
See:
http://blogs.technet.com/b/exchange/archive/2012/05/23/exchange-server-deployment-assistant-update-for-exchange-2010-hybrid-deployments-with-office-365.aspx
See:
http://social.technet.microsoft.com/Forums/exchange/en-US/home?forum=exchange2010
¯\_(ツ)_/¯
Similar Messages
-
How to see the group membership for a user in oidadmin
how to see the group membership for a user in oidadmin?
I see the memberships in oiddas, but I would like to know if its possible to see them in oidadmin? Thanks.Hi,
For what I understand, you know the user and want to know the groups that the user is member of (am i wrong?)...
With this query you pass the user's DN to the ldapsearch and the search gives you back the list of groups the member is a member of, all you need to do is change the value "uniquemember=cn=orcladmin" in the query for your own user.
For example:
$ORACLE_HOME/bin/ldapsearch -h localhost -p 389 -D "cn=orcladmin" -w oracle10g -b "dc=acme,dc=com,dc=au" -s sub "uniquemember=cn=orcladmin" dn
will give you the list of groups that the user "cn=orcladmin" is a member of.
$ORACLE_HOME/bin/ldapsearch -h localhost -p 389 -D "cn=orcladmin" -w oracle10g -b "dc=acme,dc=com,dc=au" -s sub "uniquemember=cn=smithj,cn=Users,dc=acme,dc=com,dc=au" dn
will grive you all the groups that the user smithj is a member of.
if you don't want to get the DN of the group you can change the last parameter of the query like this
$ORACLE_HOME/bin/ldapsearch -h localhost -p 389 -D "cn=orcladmin" -w oracle10g -b "dc=acme,dc=com,dc=au" -s sub "uniquemember=cn=smithj,cn=Users,dc=acme,dc=com,dc=au" cn
will give you the CN of the groups the user is member of.
let me know if this is what you need.
Regards,
Juan -
Publish calendar for Shared Mailbox
Hi,
I have shared mailbox that I really need to have the calendar to be publish online (the ics link). I tried using the website and outlook 2013 client. Both of them saying that the "storeID provided isn't an ID of an item." Is there a way to be able
to publish the calendar?Hi,
We can enable Internet Calendar Publishing
in exchange, then users can share calendar availability (free/busy) information with users in non-Exchange organizations and other individuals with Internet access.
Refer to this document.
https://technet.microsoft.com/en-us/library/ff607475%28v=exchg.141%29.aspx?f=255&MSPPError=-2147217396
After creating a new sharing policy, use the following command to set the sharing policy Internet for shared mailbox.
Set-Mailbox -Identity <shared mailbox> -SharingPolicy "new policy"
Best Regards.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Lynn-Li
TechNet Community Support -
How to use Search Folders in Outlook for shared mailboxes
Hello
We use Otlook 2010/2013 with MS Exchange 2010. In outlook there is "Serarch folder" with subfolders Large e-mail, Unreaded mails.... User can create own subfolders with rules.
Users have attahet to outlook shared mailboxex for example Import, Export....
For these mailboxes you cannot use "Search Folders" - outlook can use it only for your personal mailbox.
To use "Serach folders" for shared mailbox I have to create new e-mail profile in Windows. User has to run outlook using these new profile "import". Now he is directly connected with shared mailbox.
But users want to use "Search folders" when they are on own outlook profile with shared mailboxes attahecd to their profiles.
Is it posible to do it? Or use some third-party
product?
Thank you for help
Tomasz
Kind Regards TomaszHi,
I suggest we ask this question on Outlook forum:
http://social.technet.microsoft.com/Forums/office/en-US/home?forum=outlook
Regards,
Simon Wu
TechNet Community Support -
I have LON\JSmith in LON domain and DEL\JimSmith in DEL domain
I would like to extract group memberships of LON\JSmith in LON domain and append matching by email (i.e. DEL\JimSmith) user object in every group in LON domain.
for instance
LON\JSmith and DEL\JimSmith is the same person and has same email address [email protected]
LON\JSmith belongs to 3 groups - LON\localadmingroup;LON\univdesktop;LON\globalsurvey
The outcome of the script should be
LON\JSmith; DEL\JimSmith should be in 3 groups - LON\localadmingroup;LON\univdesktop;LON\globalsurvey.
How can i do it?
NavgupHi Navgup,
Please refer to the script below, to query users in other domain by specifying the parameter "-Server" in the cmdlet "get-aduser", and also note I haven't tested the script below:
import-module activedirectory
get-adgroupmember "group"|foreach{
$email=(get-aduser $_.samaccountname -properties *).EmailAddress#get the user email
Get-ADUser -filter {EmailAddress -eq $email} -properties * -server DomainB.company.com|select samaccountname, memberof}#filter user name and group with the email in other domain
To get users across domain, please also refer this blog:
Adding/removing members from another forest or domain to groups in Active Directory:
http://blogs.msdn.com/b/adpowershell/archive/2010/01/20/adding-removing-members-from-another-forest-or-domain-to-groups-in-active-directory.aspx?Redirected=true
I hope this helps. -
Design question: Change Group membership for a AD resource via SelfService
Hi all,
based on the OIM tutorials, I designed OIM that way that an end user can successfully request a resource. Is there a way to allow end users to modify their resource "subscriptions"? For example, I would like to allow end users to change their AD group memberships after the initial provision to the resource.
From what I have learned from the tutorials, I would assume to create an AD group membership attribute in the user account profile form and propagate changes to that attribute back to AD.
Or is there a way to allow end users to change their resource data directly under "My Resources" ?there is no concept of requesting a modification of an already provisoned account. Like you said this can be achieved thru an attribute on the user's profile and on changing that attribute, downstream applications can be propagated the new value.
Typically if changes to an already proviisoned account needs to be done in oim and through oim, an oim admin goes to the user's resource profile and clicks on edit on the process form and can edit any data there. in case of ad groups, there will be a child process form that shows the groups that the user is a member of, you can insert(add) new groups or delete existing groups from there and save the form. In the proviisoning porcess of AD you will need to write a porcess task, which should add/remove the user from the specified group in AD on the trigger when a new group is added or an existing group is removed wehn the admin is modifying the user's AD process form/process child forms in oim. -
Hello all,
What I'm trying to do is generate a report of all groups owned by a specific user, along with the group memberships, and output it all to a single .csv file. In the .csv file, I would like to have the group names as the column headers, and underneath
the group name, list all the members of the group down through the column. So for example, if User1 owns 3 groups, the output would look like:
What I'm having trouble with is outputting the objects to the .csv using New-Object psobject, and I'm starting to wonder if there is an easier way to do this and my brain is just fried.
Any ideas?OK so I can try and give some code here, but I'm asking more of a concept question about how PowerShell builds objects so I'm not sure it will help....
$User = "User1"
get-adgroup -filter {managedby -eq $user} -pr member | %{
$_.name
$_.member
OK so this is a simple script that outputs a group name followed by the membership, all in a single column. What I would like is for the group names to each be the header of a column, and have the membership listed underneath. For example:
Is this possible in PowerShell? -
Samba winbind and group membership.
I have a Solaris 10 (update 4) box (x86) that is joined to an active directory via samba/winbind.
The users are working fine however their group membership is not.
Users that should be members of certain groups do not seem to be: in that if I run
"groups" and check the group member ship for myself I am missing entry of some groups yet I can verify that I should be a member of that group by running getent group "domain\\group name" and seing my username entered.
winbind has the following parameters set
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
I am at a loss as to why it picks up some groups and not others.
Has anyone come across something similar or know how to solve this issue?
Regards,
JamesHi,
I know this thread is very old but unfortunately I'm facing exactly the same problem under Solaris 10 Sparc. Any ideas? Maybe this issue was solved?
Regards,
Oliver -
RDBMSRealm and Group membership
Hello.
I would like to us an RDBMSRealm implementation behind some form of caching implementation.
I have looked at and run the RDBMSRealm example that ships with 6.0.
The major drawback is that I expect to have some groups where the number of members
can be up to 1 million. The examples for RDBMSRealm and Custom Realm say to use
a hash table to hold the membership of a group. This seems unrealistic in cases
where the group membership is this large.
Has anyone implemented an RDBMSRealm or custom realm that does not use the "hash
table" approach?
I am currently using WLS 6.0 sp2 and am connecting to an Oracle 8.1.7 database.
Thanks for your time,
BubbaThis article from Sarge's Blog might help:
http://www.sargeway.com/blog/index.cfm?mode=entry&entry=30 -
Minimum group membership for imp/exp for ora 8i(client) windows xp users
Hi to all,
For oracle 8i clients, windows xp users, what is the minimum group membership required that can be used so that the users can import or export dmps. Using Administrators imp/exp works ok... Any alternative?
ThanksHi Thierry,
Please do not confuse the issue. Here we have the windows Operating System - privilege and then the Oracle database user privilege. In my case the Oracle database user privilege is DBA. If the user is given a Windows - Administrators privilege (which I do want to give) the exp/imp creates the DMP and log file. But any other standard windows privilege (with DBA privilege) the exp/imp does not create the dmp and log file. I hope I am clear and now you can suggest some alternative solution to OS - administrator.
Thanks again -
Maximum number of connection profiles and group policies for Cisco ASA
Hi,
We have a Cisco ASA 5520 running 8.0(2) that we use only for Remote Access VPN.
Does anyone know how many connection profiles and group policies that are supported on the box? I have not been able to find this in the manual.
Thanks in advance for your help!
Best regards,
HarryThere is no limit for connection profiles or group policies that can be configured on ASA. However the numbers do depend upon the memory available in the device as the profiles are stored in memory during execution.
-
Currency Dim and Groups Dim for LegalConsolidation and IcMatching App
Hi experts,
I have had a look on posts about using Currency and Groups Dim, and using only Groups,
I have developed apps with only Group Dim. Do you recommend to use Curr and Groups in the future.?
And which dims should I include in ICmatching App with curr and groups dim?
RegardsHi,
While what the guys before have said is correct, I have a different opinion on the matter from my experience (and from the SAP starter kits since 7.5).
I use a separate Group and Currency dimension because you may want to look at an entity's numbers in GC but without running Consolidation. For example, an entity that is only partially owned will only have GC values for its owned %, but the accountant for this entity may need to answer questions on the GC values based on 100%. With separate dimensions you can see values in GC before and after Consolidation.
For an IC Matching application, I would have both Group and Currency dimensions. I would definitely use Group dimension because you may want to see eliminated IC balances in different groups. You should also have the Currency dimension as although only GC Interco balances are essential for matching, the LC values for each position is important as a frame of reference for the local accountant.
Hope this helps,
Tom. -
User and Group Ids for Standby Database
The following oracle homes installed under the same unix account on the primary node:
10gR2 CRS home
10gR2 ASM home
10gR2 RDBMS home
Oracle Applications E-Business Suite 11.5.10.2 (concurrent admin)
Based on note 216212.1 - Business Continuity for Oracle Applications Release 11i, Database Releases 9i and 10g
Section 1: Design Considerations and Assumptions
The note, verbatim, says "+The user and group Ids of the Oracle and applications software owner accounts must be the same on the production and standby servers+." Is this statement true? In other words, if the primary server software owner is the "morgan" unix account, then the unix account must also be "morgan" (not "stanley") on the standby server?Yes you can run a standby with different unix usernames on primary and standby, but it will be easier if the usernames are the same.
-
User permissions for shared mailbox
In a big organization, we've multiple shared mailboxes. Each mailbox is being looked at by different employees. We want to provide folder level restrictions to the employees and have primarily 3 type of access at a folder and root level:
1) Owner access (Read, Create, Respond and Delete)
2) Employee access (Read, Create and Respond)
3) Read and View-only access
Idea is to have a controlled access environment in the company where we don't want any employee to delete any e-mails and they're held accountable for their work.
Million dollar question is - How do we achieve this in an Exchange Service 2010 Enterprise SP3 environment? Is it recommended to have such access levels? Can we've profile groups created to add users in future too with similar access restrictions?
Please provide step by step.
If this is not possible or advised, please suggest a better alternative with which we can track who deletes the e-mails and then change their behavior. May be some e-mail logs that help us determine this information? What is your suggestion?Hi,
You can try Exfolders tool:
http://gallery.technet.microsoft.com/office/Exchange-2010-SP1-ExFolders-e6bfd405
How to use Exfolders:
http://mouzzamh.wordpress.com/2012/04/01/how-to-use-exfolder-tool-for-exchange-2010/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Thanks,
Simon Wu
TechNet Community Support -
Best practices for sharing mailboxes
Hello,
To share mailboxes, I am not sure of the 'best practices'.
From my point of view, there are two scenarios :
classic mailbox : an user A wants to share his mailbox so it assigns rights on his mailbox for an userB via Outlook. The userB will add the userA's mailbox to his profile
shared mailbox : the rights are managed by the administrator
Is it correct to divide the management (i.e classic user manages his own mailbox and the administrator manages rights on shared mailbox) or is not ?
And the delegation functionnality in Outlook is not really what I want because the userB must have only access to the mailbox (+calendar+contacts) but he hasn't to manage the appointments, etc.
Thanks for your helpUnless there is some other reason, users should own the right to share their mailboxes - it shouldn't be something that demands administrator management (if only so that the administrators aren't swamped by user requests for sharing their mailboxes).
For true shared mailboxes, when the mailbox is created, full access is granted by an administrator.
Maybe you are looking for
-
Firefox 3.0.1 will not launch without crashing immediately in 10.5.6
trying to help a friend ibook newly upgraded to 10.5.6 and Firefox will not launch. it crashes within seconds of launching every single time. I have trashed everything Firefox and Mozilla I can find in the HD-Library-(caches, preferences, app support
-
Iphone 4s running OS 5.1.1 will not sync proporly
I have tried over 2 days different techiniques to restore my iphone to be sycn properly with my computer. For awhile I was recieving an error and said that it would not sycn. The one major thing that I notice is that my Capacity Bar just shows everyt
-
Sale Based Rent- You are not allowed to change sales-based rents
Hi everybody, While processing a sale based rent using T-code : RESRSE, I got the problem as below: At the Log Display Screen: Step Processing of Sales-Based Rents performed on 19.12.2011 at 17:00:02 Status of step: You are not allowed to change sale
-
Urgent need lsmw with directinput
hi folks, i am in urgent need i am using the program RSADRLSM02 for the uploading of the bisiness address services/regionla structure with lsmw using directinput method i finished all the steps but at the end i am getting struck it is asking for the
-
ERROR INSTALLING ILM 1.2
Hi, We have tried to install ILM v 1.2 en we got the below issue: Warning: Package Body created with compilation errors. Errors for PACKAGE BODY ILM_TOOLKIT.ILM_TOOLKIT: LINE/COL ERROR 16717/3 PL/SQL: SQL Statement ignored 16723/11 PLS-00414: no colu