Solved: Script to Enable Archiving on Mailbox based on AD ...

AKL · ‎06-21-2011

Hello

I am looking for a script/process to enable mailboxes for archiving based on "Web Page" Active directory attribute in Exchange.

Why?

We have mixed Macinstosh and Outlook clients in our environmet - Enterprise vault 9.0.1. Currently management is planning to migrate Macintosh/Entourage 2008 clients to Outlook/Office 2011.

Since Enterprise Vault 10 will come up with EV client for MAC users, till then we apply an AD Attribute for MAC users with "Web Page" = "M" so they are not archived.

But since we do not have way to auto enable new mailboxes for archiving OR one which are not enabled, we have to do same manually by pulling couple of reports.

What I am looking for?

I am looking for a way where EV can see that AD attribute mentioned above and skip that mailbox from archiving accordingly. EVPM/Enterprise vault shell anything.

I thought of creating different provisioning group as well (well thats an option) however will like to get correct steps for same as well, here are what i have in plan when it comes to Provisioning group:

1. Create Provisioning group using Windows group which in turn contains MAC user accounts.

2. Rank it above default provisioning group with "Archive mailbox" check box NOT selected.

3. Mark default one to auto enable all mailboxes.

Need to make sure in above that since the new group will have higher rank, they dont get archived.

Thoughts?

Thanks

Aj

Rob_Wilcox1 · ‎06-23-2011

When creating your provisioning group(s) you can build complex LDAP patterns, eg :

(&(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) )))(objectCategory=user)(!wWWHomePage=M)))

I constructed that from what you said ... everyone that doesn't have M as the Web Page attribute in AD should be provisioned and enabled.

I haven't tested that, it would break some other testing that I'm currently doing.

So you can do it that way, and just have one provisioning group, set the group to allow archiving, and even auto-enable the users, if you want to.

Or you can do it as you described, and have a "higher" policy which stops archiving based on AD group membership.

Working for cloudficient.com

View solution in original post

RahulG · ‎06-22-2011

You can probably try creating some new LDAP Attributes on Active Directory Architecture for EV and then configure a provisioning group based on the LDAP query

FYI http://www.symantec.com/business/support/index?page=content&id=TECH56585

AKL · ‎06-22-2011

Thanks Rahul

I was already aware of mentioned technote and knew the LDAP attributes which EV can filter on however this isnt suitable/feasible solution as per our environment needs/structure.

In case Method 1 is complicated/obsolete, please make your suggestions on Method 2/Steps mentioned if they are correct and can help us achieve goal.

Thanks Again

Aj

Rob_Wilcox1 · ‎06-23-2011