I wanted to restrict users in a group from emailing each other as email was being abused and used as an instant messaging service and affecting productivity.
The solution I used was a combination of nice GUI tools and a quick LDAP reference.
So, in my case all the users were in a distribution group within an OU in Active Directory. Therefore I wanted to restrict receiving mail from this distribution group from all members of my chosen group.
This can be done manually via the "Exchange General" tab and the "Delivery Restrictions" button under the user properties in AD (you may need the exchange plug ins installed). But to do this in bulk requires a bit of scripting or "ADModify" - my new favorite tool.
ADModify has many default settings for applying changes to users/groups in bulk but does not have an explicit option for restricting mail from certain sources. The way around this is to use the custom tab (after you have selected your users and clicked next) and create the attribute name "dLMemRejectPerms" (case sensitive i think). You now need an attribute value in the format:
CN=distribution group,CN=ou where this lives,DC=domain,DC=local etc
If you have no idea how to arrive at this use ADSIEdit to browse your Active Directory and view the required attribute but look and don't touch as you can do some damage!
So off you go with those custom attributes and - hey presto!
If you make a mistake you should find an xml file in the same directory as ADModify.exe which will allow you to undo the changes.
Other attributes for the exchange general tab:
http://technet.microsoft.com/en-us/library/aa997251.aspx
Subscribe to:
Post Comments (Atom)
1 comment:
What a great idea!
Parsnip Boy.
Post a Comment