Events Medium Image

Finding Users with a Hidden Exchange/Office365 Mailbox in Active Directory

Finding Users with a Hidden Exchange/Office365 Mailbox can be important for on premise Exchange and Exchange online management.  In this article we’re looking at finding this attribute in Active Directory.  This implies either a completely on-premise Exchange implementation or a hybrid implementation where at least one Exchange Server is on premise. Hiding mailboxes from the Global Address List (GAL) is essential when creating accounts that you don’t want your general population to see when looking up addresses in Outlook.  This might be an account set up to receive emails from a specific external source, for example.  This also can be an important part of deprovisioning users.  You might disable them, move them to a special OU, and hide their email address from being displayed in the GAL. Being able to report on these users is crucial for management of Active Directory and Exchange. Find Users with a Hidden Exchange/Office365 Mailbox Using PowerShell When you run the following scripts on a machine with RSAT installed, they will fetch users who have a hidden exchange/Office365 mailbox for a particular domain. Method #1 import-module activedirectory Get-ADUser -LDAPFilter "(&(objectCategory=user)(homeMDB=*)(msExchHideFromAddressLists=TRUE))" This first method uses an LDAP query. Method #2: import-module activedirectory get-aduser -filter {msExchHideFromAddressLists -eq $true -and homeMDB -like "*"} You might also want to use a service account (“-Credentials” on your PowerShell commands) to keep things more secure. There are several other methods that don’t require RSAT (and the “activedirectory” module).  These are helpful techniques to start. Web Active Directory’s PeopleAudit Web Active Directory’s PeopleAudit allows you to run a report like this on demand. Also, you can delegate it safely to others in your organization to run via their web browser. Users can filter and sort the results on the fly and with a single button press print the results or export to your clipboard, PDF, Excel, or CSV. Safely and securely specify the service account to use to perform the reporting tasks. Customize the report results and filters without scripting or coding. Schedule these reports for delivery to you or others in your organization via configurable emails. Web Active Directory’s PeopleUpdate can ensure that newly deprovisioned users have their email addresses hidden in the GAL.

Windows 10 1709 and RSAT

Upgrade to Windows 10 1709 and RSAT Disappears An upgrade to Windows 10 build 1709 (“Fall Creators Update”) removes Remote Server Administration Tools (RSAT).  This is unexpected behavior.  We have seen this before with the last major update of Windows. Reinstall RSAT This time, there’s a new version of RSAT to download.  Here is the download for RSAT for Windows 10 from Microsoft. Cannot read configuration file ‘ trying to read configuration data from file ‘\\?\<EMPTY>’, line number ‘0’ As an aside, the upgrade caused other issues related to Application Pools not being able to start under IIS.  This results in an error in the Event Viewer (under Windows Applications):  Cannot read configuration file ‘ trying to read configuration data from file ‘\\?\<EMPTY>’, line number ‘0’ The explanation for the fix is found here.

Handling Duplicates When Provisioning

Provisioning isn’t always about creating new things.  Handling duplicates when provisioning is an important part of a provisioning solution.  This is true no matter the kind of object that’s provisioned, what directory platform or platforms are involved, and whether the process is occurring as a one-off via a web form or thousands of records are being processed in a hands-free bulk process. Options for Duplicate Handling When Provisioning with PeopleProvision In PeopleProvision, you can configure what happens when a duplicate is encountered and what constitutes a duplicate.  You can configure this differently for different directory platforms which is important since multiple platforms might be involved in a single action. When a duplicate is found, most implementations we’ve found choose to perform an update.  Other options include always creating a new item (this involves the solution finding a unique name) and ignoring.  Ignoring it is a good option if duplicates are an anomaly; you could set the solution to notify you if this happened. PeopleProvision can be configured so that a small update by a user or automated bulk process can lead to more involved changes to your directory platform.  You can make this happen by pre-configuring business rules.  In addition to discussing duplicates, the video below contains a good example of this.

Sign in
Forgot password?
Sign up

(*) Required fields

I agree with OptimaSales Terms & Privacy Policy