tokenGroup attribute returning Exchange distribution lists RRS feed

  • Question

  • User372251633 posted

    AD/LDAP gurus:

    I found Ryan Dunn's information about tokenGroups on his blog.  I incorporated it into my code, attempting to remove the Exchange distribution lists, which are just noise for the purposes of my application.  I am still getting Exchange lists.

    I even downloaded his sample application, which uses tokenGroupsGlobalAndUniversal, and several interesting techniques.  I receive Exchange DLs through his app.

    So I'm confused at this point.  Surely there is some attribute that I am missing that indicates a group is an Exchange DL.  I have not found it yet.  Or perhaps our Exchange DLs are set up differently from everyone elses.  I have seen tools that could tell the difference.  I wish I knew what they were checking to determine the difference.

    Any help anyone provides will be greatly appreciated.

    Tuesday, May 30, 2006 2:28 PM

All replies

  • User1354132231 posted
    The tokenGroups (and the tokenGroupsGlobalAndUniversal) should only contain groups that have the security bit enabled on their 'groupType' attribute.  What I am thinking here is that you have mail enabled security groups and not distribution lists.

    You can confirm this by checking the 'groupType' to see if this flag was enabled:

    ADS_GROUP_TYPE_SECURITY_ENABLED        = 0x80000000

    Wednesday, May 31, 2006 10:29 AM