locked
How to Set Exchange Delivery Restrictions in Active Directory RRS feed

  • Question

  • User23342110 posted

    Hello, we move email accounts to a disabled user OU, but people can still email those disabled accounts until we manually add an email delivery restriction to their account...which can take us a while.  Is there a way that I can do this programmatically?

    In the manual process, I pull up the AD properties of user... Exchange General Tab - Delivery Restrictions - Message Restrictions -  Only From - Administrator.

    Right now, I have a vb.net program that moves the AD account to the disabled OU, hides them from the global address list, and sets other properties.  But, I don't know what value needs to be set to add the Message Restrictions.

    Does anyone know what that field(s) are called, and if I can get to those?

     Thanks!

    Wednesday, May 21, 2008 11:03 AM

Answers

  • User1191518856 posted

    There is an attribute called authOrig on a mailbox-enabled user object that reflects the accepted senders. Ref: http://technet.microsoft.com/en-us/library/aa997251(EXCHG.65).aspx

    This is a multi-value attribute, and you specify the distinguished name of the allowed sender.

    Code should be something like:

    DirectoryEntry entry = new DirectoryEntry(...);
    PropertyValueCollection authorig = entry.Properties("authorig");
    authorig.AddRange(new object[] { "CN=user1,DC=domain,DC=com", "CN=user2,DC=domain,DC=com" });
    entry.CommitChanges();
    

    Please let me know if this works. Thanks!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, May 21, 2008 4:37 PM
  • User23342110 posted

    Thanks Johram for the starting point.  I usually can figure out things from that point, but I'm still struggling with this.  I'm getting a constraint error, so I'm sure I have something wrong.  I've tried this 20 different ways, and I'm not getting any closer.  Can you give me any pointers from here?  I put in the "fake" domain in the array figuring it would add a value that didn't exist...so nothing would be added.  Maybe that's a bad assumption? 

    A constraint violation occurred. (Exception from HRESULT: 0x8007202F) 

    Dim dey As DirectoryEntry = New DirectoryEntry(...)

    Dim authorig As PropertyValueCollection = dey.Properties("authorig")
    authorig = dey.Properties("authorig")

    Dim colarray() As Object = {"CN=test1,OU=test1,DC=test1,DC=test1"}
    authorig.Value = colarray

    dey.CommitChanges()

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 22, 2008 3:52 PM

All replies

  • User1191518856 posted

    There is an attribute called authOrig on a mailbox-enabled user object that reflects the accepted senders. Ref: http://technet.microsoft.com/en-us/library/aa997251(EXCHG.65).aspx

    This is a multi-value attribute, and you specify the distinguished name of the allowed sender.

    Code should be something like:

    DirectoryEntry entry = new DirectoryEntry(...);
    PropertyValueCollection authorig = entry.Properties("authorig");
    authorig.AddRange(new object[] { "CN=user1,DC=domain,DC=com", "CN=user2,DC=domain,DC=com" });
    entry.CommitChanges();
    

    Please let me know if this works. Thanks!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, May 21, 2008 4:37 PM
  • User23342110 posted

    Thanks Johram for the starting point.  I usually can figure out things from that point, but I'm still struggling with this.  I'm getting a constraint error, so I'm sure I have something wrong.  I've tried this 20 different ways, and I'm not getting any closer.  Can you give me any pointers from here?  I put in the "fake" domain in the array figuring it would add a value that didn't exist...so nothing would be added.  Maybe that's a bad assumption? 

    A constraint violation occurred. (Exception from HRESULT: 0x8007202F) 

    Dim dey As DirectoryEntry = New DirectoryEntry(...)

    Dim authorig As PropertyValueCollection = dey.Properties("authorig")
    authorig = dey.Properties("authorig")

    Dim colarray() As Object = {"CN=test1,OU=test1,DC=test1,DC=test1"}
    authorig.Value = colarray

    dey.CommitChanges()

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, May 22, 2008 3:52 PM
  • User1191518856 posted

    Yes, it's a bad assumption... I think DirectoryServices will try to resolve the DN as you add it so you cannot add a fake one. Why not add a real DN though?

    Thursday, May 22, 2008 6:01 PM
  • User23342110 posted

    That worked.  I clipped the last part of the ADSPath property for the administrator account ("CN=Administrator,OU=Domain Administrators,DC=domain,DC=[mydomain],DC=local").  Very cool, thank you!

    Wednesday, May 28, 2008 4:23 PM
  • User-319231021 posted

     

    i have been reading the article and would like to know if this code can be used to access an input list of accounts that i need to set this way

    Delivery Restrictions button

    unauthOrig

    Messages rejected from (for mailboxes)

    Delivery Restrictions button

    authOrig

    Messages accepted from (for mailboxes)

    Tuesday, December 22, 2009 6:19 AM