cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Setting a policy for a group of users in different OU's

Carl_Swanson
Level 4

‎05-16-2006 08:02 AM

Ok, I'm pretty sue I know what I need to do but I'm not sure on syntax of the ldap query I need to perform. We have a group of users from different OU's, Departments, etc that we need to set specific policy for. Going to try and use EVPM. We plan on putting these members into a group but I'm unsure how the ldap query needs to be to select members of a group in EVPM. Any help would be greatly appreciated.

-Thanks
0 Kudos
5 REPLIES 5

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎05-16-2006 08:31 AM

here are some examples:

Example 1

LDAPquery = sn=bridges
; Where all surname attributes exactly equal �bridges�

Example 2

LDAPquery = (& (sn=bridges)(department=*engineering))
; Where all surname attributes equal �bridges� AND department has �engineering� suffix, such as:
; Charlie Bridges � European Engineering

Example 3

LDAPquery = (& (Department=IT)(! (physicalDeliveryOfficeName=London)))
; Where department equals �IT� AND physicalDeliveryOfficeName IS NOT EQUAL �London�

Example 4

LDAPquery = (& (| (Department=IT)(Department=Finance))(!(physicalDeliveryOfficeName=LONDON)))
; Where department equals �IT� OR �Finance� AND physicalDeliveryOfficeName IS NOT EQUAL �London�
0 Kudos

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎05-16-2006 08:55 AM

Also, in 6.0 you are able to set up OU's as targets and apply policies that way. :)
0 Kudos

Carl_Swanson
Level 4

‎05-16-2006 01:48 PM

Yes, I have those examples but I'm looking for somebody who has set policy for members of a security group. We have about 50 or so people we need to set a special policy for. They are in different OU's, Different Departments so setting to department or ou doesn't help much.
0 Kudos

Micah_Wyenn_2
Level 6
Partner Accredited

‎05-16-2006 02:31 PM

Carl,
You'd use the EVPM ldapquery as per above, except be sure to specify the "override" flag when you're changing the policies. You'd only have to run the evpm script once per group change (and of course, once initially). So it shouldn't be too much of a bother.

micah
0 Kudos

Carl_Swanson
Level 4

‎05-22-2006 06:25 AM

So how does this look as far as syntax?


DirectoryComputerName = vaultcomputer
Sitename = vaultsite


Name = VIPfilter
Createshortcut = true
DeleteOriginal = true
UnreadMail = true
UseInactivityPeriod = true
InactivityUnits = Days
InactivityPeriod = 29


LDAPquery = MemberOf=CN=VIPMailboxPolicy,OU=Distribution Lists,DC=corporate,DC=reg


Name = mailboxroot
Enabled = true
Filtername = VIPfilter
OverrideArchiveLocks = true
RetentionCategory = VIP Retention
VaultName = First Vault Store


What would be the correct ladder of events. What we were going to do is set the default policy for the different OU's and then run EVPM for the special group. At what point is the policy set? when the mailbox is enabled or running evpm to change the hidden message on the client?

-Thanks
0 Kudos