Ldap – Finding DNS name of exchange server for user using LDAP

active-directoryexchangeldapopenldap

Following up on my last question, once I have the correct domain controller, I would like to fetch a given user's exchange server. I am able to get this far using ldapsearch:

ldapsearch -LLL -h dc.example.com -D user@example.com -W -b "DC=example,DC=com"-s sub -x '(sAMAccountName=someuser)' msExchHomeServerName homeMTA homeMDB

dn: CN=someuser,OU=Employees,OU=Users,DC=example,DC=com
homeMTA: CN=Microsoft MTA,CN=EXCHANGESERVER,CN=Servers,CN=First Administrative Gr
 oup,CN=Administrative Groups,CN=My Company,CN=Microsoft Exchange,CN=Servic
 es,CN=Configuration,DC=example,DC=com
homeMDB: CN=Database 1,CN=Storage Group 1,CN=InformationStore,CN=EXCHANGESERVER,C
 N=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=My Company,
 CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com
msExchHomeServerName: /o=My Company/ou=First Administrative Group/cn=Config
 uration/cn=Servers/cn=EXCHANGESERVER

I'd like to convert the DNs above (in their two completely different formats) into DNS names. In this case, they should all be translated into exchangeserver.example.com.

Alternately, is there an easier way to get to this information? In my most common case, the user making the query is the user we're interested in, so my ideal is a way a unix user can ask "what is my exchange server's FQDN?" without requiring the unix machine to be joined to the AD domain.

EDIT: I thought I'd found a solution, but it doesn't actually work:

ldapsearch -x -LLL -h dc.cisco.com -D user@example.com -W -s base -b "CN=Microsoft MTA,CN=EXCHANGESERVER,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=My Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com" dnsHostName

This is very close, but you have to know to strip the "CN=Microsoft MTA," off the front of the -b property, which doesn't lend itself to programatic work.

Best Answer

Assuming you can read VBScript, here's a link to a script from Microsoft showing how to find the location of a mailbox for a user account.

The script is querying the "homeMDB" attribute of the user (to get the DN of the the mailbox database holding the user's mailbox). Then, they're querying that MDB to find the DN of the server object that "owns" the MDB, using the value of the the "msExchOwningServer" attribute of the MDB (BTW, you can ignore the bits about the storage group, because you don't care about that).

Assuming you want a DNS name, query the "networkAddress" property of the server object (the one named in the "msExchOwningServer" attribute of the MDB object returned by querying the DN of the user's "homeMDB"), and take the value starting with "nacn_ip_tcp". That'll give you the FQDN of the server hosting that MDB.

Edit:

I didn't mean to imply that you needed to execute the VBScript-- just that it would tell you what to query with ldapsearch. Likewise, when I said "server object", I didn't mean to imply that you would be instantiating some kind of VBScript object-- only that you would query the DN named for the server.

So, assuming I want the DNS name of the server hosting the mailbox for user Bob, I'd query with the LDAP search filter "(sAMAccountName=Bob)" at the root of the domain (or root of the global catalog, if I wanted to search all domains in the forest) for Bob's "homeMDB" attribute.

ldapsearch -h ad.example.com -D bind-user@ad.example.com -W -b "DC=ad,DC=example,DC=com" -s sub -x "(sAMAccountName=Bob)" homeMDB

This returns the homeMDB attribute:

homeMDB: CN=Mailbox Store (EXCH-SRV),CN=First Storage Group,CN=InformationStore,CN=EXCH-SRV,CN=Servers,CN=EXAMPLE,CN=Administrative Groups,CN=Example Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=example,DC=com

Then, using that homeMDB attribute as a base DN, query for "msExchOwningServer":

ldapsearch -h ad.example.com -D bind-user@ad.example.com  -W -b "CN=Mailbox Store (EXCH-SRV),CN=First Storage Group,CN=InformationStore,CN=EXCH-SRV,CN=Servers,CN=EXAMPLE,CN=Administrative Groups,CN=Example Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=example,DC=com" msExchOwningServer

This returns the DN of the server hosting that mailbox database:

msExchOwningServer: CN=EXCH-SRV,CN=Servers,CN=EXAMPLE,CN=Administrative Groups,CN=Example Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=example,DC=com

Finally, using the server's DN as the base DN, query for the "networkAddress" attribute:

ldapsearch -h ad.example.com -D bind-user@ad.example.com -W -b "CN=EXCH-SRV,CN=Servers,CN=EXAMPLE,CN=Administrative Groups,CN=Example Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=example,DC=com" networkAddress

This returns all the network addresses, of which you're interested in the one starting with "nacn_ip_tcp".

networkAddress: ncacn_vns_spp:EXCH-SRV
networkAddress: netbios:EXCH-SRV
networkAddress: ncacn_np:EXCH-SRV
networkAddress: ncacn_spx:EXCH-SRV
networkAddress: ncacn_ip_tcp:EXCH-SRV.ad.example.com
networkAddress: ncalrpc:EXCH-SRV

You can do the same thing for the "homeMTA" attribute, but you'll search for "msExchResponsibleMTAServerBL" instead of "msExchOwningServer" when querying the DN named in the "homeMTA" attribute.

Finally, if you want to forego all of that, query the user for the "msExchHomeServerName" attribute.

msExchHomeServerName: /o=Example Organization/ou=EXAMPLE/cn=Configuration/cn=Servers/cn=EXCH-SRV

Take the value returned there and use that as the serach filter on the "legacyExchangeDN" attribute and search the Exchange-related subtree of the directory for the "networkAddress" attribute.

ldapsearch -h ad.example.com -D bind-user@ad.example.com -W -b "CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,dc=example,dc=com" -x "(legacyExchangeDN=/o=Example Organization/ou=EXAMPLE/cn=Configuration/cn=Servers/cn=EXCH-SRV)" networkAddress

And you'll get back the same network addresses as above.

Related Solutions

Public Folders – Delete Public Folders from 2003 after migrating to 2010 (via Adsiedit) – safe

In Exchange 2003, databases are always child objects of Exchange servers; so you'l find them in the directory tree with a structure like

 <Administrative Group Name>
   <Servers>
     <Server Name>
       <Information Store>
         <Storage Group Name>
           <Database Name>

This changed in Exchange 2010, where databases are higher-level objects, and are no longer tied to a specific server.

So, yes, that's the right place where you will find an Exchange 2003 public folder database, and the right place where you can delete it.

How to configure Exchange Server to receive emails from internet

I'm assuming you don't know much about mail servers in general and Exchange specifically; this is fine, we all have to start somewhere, but you will probably need to study a bit more before you can get Exchange (which is quite a complex piece of software) to run properly.

First of all, I strongly suggest you ditch that tutorial you're following and start reading proper documentation; two main reasons for this:

That tutorial's purpose is to guide you into setting up another software ("IGetMail") to interact with Exchange; so, it's by no means a suprise it doesn't delve much into setting up Exchange correctly.
It's also full of plainly wrong information, like the idea that you should install AD LDS on an Exchange server (totally useless unless you're setting up an Edge Transport server).

Then, you should also plan your setup a little bit more; f.e. it's possible (although not recommended at all) to install Exchange on a domain controller, but you need to know what can of worms you're opening with doing this (ever tried rebooting that server?). Oh, and BTW, if you didn't even bother to give a name to that poor server, this means you're definitely not paying enough attention to its setup.

Now, about your two questions:

Assuming Exchange is working correctly, you just need to point your web browser to https://localhost/owa from the server itself, or to https://your.server.name/owa if you have proper DNS resolution in place.
Before even talking about DNS, your server will need a public static IP address, or a port forwarding configuration in your router/firewall, in order to be able to actually receive anything from anywhere.

Best Answer

Related Solutions

Public Folders – Delete Public Folders from 2003 after migrating to 2010 (via Adsiedit) – safe

How to configure Exchange Server to receive emails from internet

Related Topic