How to add non mail enable user with LDAP

  • Thread starter Thread starter buurdb
  • Start date Start date
B

buurdb

Hi!

I can successfully add users with java/ldap into our Active Directory
2003. The problem is that all users I create get a mail-account witch
they should not.

I use the following settings but apparently there is something I have
to do to stop Active Directory to not create the Exchange mailbox for
the user. What do I do wrong?

Attributes attrs = new BasicAttributes(true);

attrs.put("objectClass","user");
attrs.put("samAccountName",cuid);
attrs.put("cn",cuid);
attrs.put("displayName",userName);
attrs.put("userPrincipalName", userName);
attrs.put("mailnickname", userName);

//some useful constants from lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;

attrs.put("userAccountControl",Integer.toString(UF_NORMAL_ACCOUNT +
UF_PASSWD_NOTREQD + UF_PASSWORD_EXPIRED+ UF_ACCOUNTDISABLE));

Best regards
Roland
 
Hi!

I can successfully add users with java/ldap into our Active Directory
2003. The problem is that all users I create get a mail-account witch
they should not.

I use the following settings but apparently there is something I have
to do to stop Active Directory to not create the Exchange mailbox for
the user. What do I do wrong?
Click to expand...

Here You have some examples :
http://www.w2k.pl/tech/sample2_6.txt
http://www.w2k.pl/tech/sample2_6_1.txt

You need CDOEXM library installed in the system, which can be done by
installing Exchange admin tools.
 
Oh, just specifying mailnickname like that that will create a completely screwed
up exchange object which isn't mailbox NOR mail-enabled. It will be missing the
Exchange Security Descriptor, homeMDB, tons of stuff. It would just generate an
object that will pop into the GAL and be worthless. You don't want to do that.

You either need to specify more attributes so that the RUS will create the
object properly (which is completely unsupported BTW) or you need to not specify
mailnickname at all and use cdoexm calls to fire the mail/mailbox enabling process.

I wrote a chapter for the Windows Server Cookbook about using scripts to do
Exchange tasks like this and it has some discussion of doing it outside of
CDOEXM (again this is unsupported). You might want to pick up that book or also
I added that chapter into Active Directory Third Edition when I refreshed that
book as well (link below). It will also be in the Active Directory Cookbook
Second Edition.

joe


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Back
Top