Microsoft Exchange Server is a remarkable product. I’ve been administering Exchange servers since version 5.0 and it has always been a reliable, leading edge product and Microsoft improves it continually. Having said that, there have always been feature gaps in the product, thus the numerous products on the market that do reporting, filtering and other such things.
I found myself needing to create a list of users who have access to their e-mail using Outlook Web Access. I fired up Active Directory Users and Computers thinking I would do a search on something like the HTTP mailbox property of user accounts and be done with it.
However, it wasn’t going to be that easy. I found there was no such property available. After a extended research session I finally found the right command. Here it is.
For Windows/Exchange Server 2003
dsquery * dc=example,dc=com -limit 10000 -filter “(&(&(objectcategory=user)(homeMDB=*)(|(!(protocolSettings=*))(protocolSettings=*http§1*))))” -attr displayName protocolSettings
If you are an Exchange administrator, bookmark this page, print it out and save it. It will save you a headache one day. Perhaps a small one but it’s my favor to you.
Carl | 02-Jan-07 at 10:30 am | Permalink
Tom,
Thanks for the comment on my blog. I actually had problems with a similar script a couple years ago on Exchange 2000. The script SHOULD have worked, but it didn’t return all OWA-enabled accounts on Exchange 2000 at the time.
The accounts in question had the HTTP protocol enabled in AD Users and Computers, but they didn’t show up in the list generated by this query. I looked at the AD attributes using ADSIEdit - (or it could have been LDP) and the “HTTP” attribute actually didn’t exist, even though the option was definitely checked in AD Users and Computers. Anyway, I’d suggest spot checking a half dozen accounts that you know are enabled, just to make sure the script is giving you all the users.
My script use the Advanced Find feature in AD Users and Computers rather than dsquery, but as I said, the attributes were actually missing in AD.