Use AD as external Addressbook

  • Thread starter Thread starter Bernhard Brinkmann
  • Start date Start date
B

Bernhard Brinkmann

Hi group-ies,

Im currently looking for a way to optimize some stuff at our company. We
keep large newsletter-recipients in a lot of different ways but not is
efficient. The one is hard to understand for "standard users" the other
offers not enough ways to get/maintain the data.

We use a Windows 2000 Domain and have Exchange 2003 so I thought maybe I
can use the AD to store my addresses in some way so that they are
accessable by specific users and are still maintainable by scripts (mainly
running on unix-boxes) and other applications. I had a quick look with my
ldap-viewer to the structure of our AD but couldnt find anything apropriate
and I remembered that I had sworn my son that I will never ever touch the
AD "just to try something" while having no backup-/failover-system.

Basically what Im looking for is some way to query/modify a public address-
book or something on the public-store, but I dont have a clue where the
OU's are or even if that exchange-stuff is located there, so that is my
question :)

thx for hints in advance
BB
 
Bernhard said:
Hi group-ies,

Im currently looking for a way to optimize some stuff at our company. We
keep large newsletter-recipients in a lot of different ways but not is
efficient. The one is hard to understand for "standard users" the other
offers not enough ways to get/maintain the data.

We use a Windows 2000 Domain and have Exchange 2003 so I thought maybe I
can use the AD to store my addresses in some way so that they are
accessable by specific users and are still maintainable by scripts (mainly
running on unix-boxes) and other applications. I had a quick look with my
ldap-viewer to the structure of our AD but couldnt find anything apropriate
and I remembered that I had sworn my son that I will never ever touch the
AD "just to try something" while having no backup-/failover-system.

Basically what Im looking for is some way to query/modify a public address-
book or something on the public-store, but I dont have a clue where the
OU's are or even if that exchange-stuff is located there, so that is my
question :)

thx for hints in advance
BB
Click to expand...

At work we put a bunch of contacts into ADS for use with a fax system
and users can access the entries using the Outlook address book since
the entries were given email addresses and thus were published in the
Global Address List for Exchange. BUt even if you don't have Exchange
(Exchange takes its data from ADS) you can still put the entries in ADS
(probably best to make them Contact objects as I did) and then you
perform basic LDAP queries to grab the data. If you are going to have
thousands of entries (we had 35,000+ at work and the GAL caches them)
you may want to build a small app that can cache entries so that a query
that may return half or a large portion of them doesn't have to be
executed every time but can read the cache instead.

I'm not sure exactly what you expected to find by browsing your AD
structure but if you just create a new OU to hold all the entries you
can then define ACLs for that particular OU so security groups have the
appropriate privileges. You won't find the recipient entries in AD until
you create them. And as I said before, if you want the entries to show
up in the GAL then you should make them contact objects and give them an
email address (contact objects don't need usernames and thus can't
authenticate to the domain).

Let me know if you need further clarification given this information.
 
Is Exchange being used to send the messages via Outlook/OWA or is this
done some other way? How do you address things now?

If you have distribution lists in Exchange, you will need associated
contact objects in Active Directory as well. The structure of AD means
nothing, you can put the objects in any of the domain partitions you
want, there isn't a spot that just exists for that.

If you don't actually need to use DLs and AD Contacts (say you are using
UNIX scripts to lookup the objects and send messages to them) then you
might consider putting the objects into an ADAM instance instead. ADAM
is basically Active Directory Lite. Check it out at

http://www.microsoft.com/windowsserver2003/adam/default.mspx


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Back
Top