Forum Discussion

mcalvi_59634's avatar
Icon for Nimbostratus rankNimbostratus
Apr 13, 2012

parse AD attrribute

Wondering it is possible to parse an AD attribute of a user. For example, we want to auto ACL the access to exchange box based on where the user lives in exchange. If a user1 is on server1 and user2 is on server2, we want the ACL to allow access only to those specific servers vs all exchange servers. We found an attribute which contains the server name in AD but contains a lot of other stuff that would need to be parsed out. Any ideas?


3 Replies

  • A few questions:



    1) I assume you are referring to APM with the question around ACL's, but would like you to confirm


    2) Which version of Exchange are you using?


    3) When you refer to Exchange servers, I figure you are referring to the CAS servers, but would also like to confirm



    I've done some work recently in Exchange 2010 to identify the AD Site that a given mailbox is located in, so traffic can be directed to the appropriate CAS array.
  • @mcalvi: Yes, this is possible to do. Which AD attribute are you looking to parse?
  • Just thinking how to use ACLs on APM to open up a access to the specific exchange box a user is on. It appears I can use the msExchHomeServerName attribute to parse the variable for the exchange server the user is on.


    for example, mine is:



    /o=My Group/ou=Exchange Administrative Group (asdfasdfasdT)/cn=Configuration/cn=Servers/cn=exchange-1



    In this instance, I think if I can grab the exchange-1, being the hostname, we could open that up to the user vs the other 15 exchange boxes we have.





    1) yes


    2) 2k7


    3) yes, CAS servers