Search WWW Search

Friday, June 22, 2007

Exchange: Find Disabled Accounts with Mailboxes

Summary: In this example we will use a customer AD query to search for disabled accounts with mailboxes.

Example 1.

In this example we will perform a custome AD search using Active Directory Users and Computers

1. Open Active Directory Users and Computers and click the find icon

2. In the "Find" drop down menu, select custom search and click the advanced tab

3. Paste the following in the white pane:


This will enumerate all disabled accounts with mailboxes. From here you can delete all the mailboxes by selecting the first user and scolling down to the bottom of the list and selecting the last user by shift + left click. Then right click the list, Exchange tasks and delete mailbox.

To perform a search of a single server:


Click find.

To obtain the full dn of your msExchHomeServerName attribute, you can find this in ADSIEdit.

1. Go to start run, type adsiedit.msc (part of windows server support tools)

2. Expand Domain, this should resemble your OU structure. Locate a user, right click a user cn=my user and select properties.

3. Look for attribute msExchHomeServerName and double click. Copy this string and paste it in the above Ldap query.

Other tricks:

Find disabled accounts with mailboxes that are not hidden in the GAL.


To export to txt file using LDIFDE from command prompt:

C:\>ldifde -f c:\exportlist.txt -r "(&(UserAccountControl:1.2.840.113556.1.4.803
)" -l "dn"

Best practices:

Ensure that you have deleted Mailbox retention configured to ensure that these mailboxes can be recovered in a swift manner. To configure mailbox retention, open Exchange System Manger, locate your mailbox store, properties limits tab.

James Chong (MVP)MCSE M+, S+, MCTS, Security+

How useful was this article? Want to see a tip not listed? Please leave a comment.
xml:lang="en" lang="en"> MS Exchange Tips: June 2007