Using LDAP for saved queries in AD

A friend asked me about setting up a query for returning all the users in one group.

I first tried to set it up by using the wizard which I could noit get to work and then I found the option called “Custon Search” which uses a standard LDAP query. I tried this and after a little fiddeling around finding the correct CN I came up with this:

(&(objectcategory=person)(objectclass=user)(memberof=CN=Group,OU=OrgUnit,DC=domain,DC=local))

The problem from the beginning was that I did not use the CN (eg CN=Group ,OU=OrgUnit,DC=domain,DC=local)

If you want to find all users NOT in a certain group you use:

(&(objectcategory=person)(objectclass=user)(!(memberof=CN=Group,OU=OrgUnit,DC=domain,DC=local)))

While looking around I also found this for finding disabled users:

(&(objectcategory=person)(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

Here is a link to some other LDAP queries.

0X80004005 Sychronization Errors in Outlook

Q: I am getting synchronization errors in Outlook that seems to have to do with the Offline Adress Book

 

7:59:00 Microsoft Exchange offline address book
7:59:00 0X80004005

A: You need to associate every Mailbox Store with a Offline Book

1. Start Exchange System Manager.
2. Expand Organization, and then expand Administrative Groups.

If “Administrative Groups” does not appear under Organization, make sure that you have configured Exchange System Manager to display Administrative Groups. To do so, right-click Organization, click Properties, and then click Display administrative groups.

3. Expand the administrative group to which the server belongs.
4. Expand Servers, expand the server that you want to configure, and then expand First Storage Group.
5. Right-click Mailbox Store, and then click Properties.
6. In the Offline Address Book section, make sure that a valid offline Address Book is listed.

If one is not listed, click Browse, and then click a valid offline Address Book. You can use Default Offline Address Book as the default setting.

 

Source: Microsoft Knowledge Base

Getting RPC over HTTPS to work…

Here is some information on getting RPC over HTTPS to work that I used.

Configuring the Server

Configure RPC over HTTPS – Exchange Server from The Lazy Admin
More on RPC Over HTTPs from The Lazy Admin (troubleshooting)
How to configure RPC over HTTP on a single server in Exchange Server 2003 from Microsoft
Testing RPC over HTTP/S Connection from Daniel Petri
Configure RPC over HTTP/S on a Single Server from Daniel Petri
RPC over HTTP/S Error 401.3 after Windows 2003 SP1 from Daniel Petri

Configuring Outlook

Configure RPC over HTTPS – Outlook 2003 and ISA 2004 from The Lazy Admin
How to troubleshoot client RPC over HTTP connection issues in Office Outlook 2003 from Microsoft
Configure Outlook 2003 to use RPC over HTTP/S

Getting Outlook Mobile Access to work on my Small Business Server

I wanted to be able to read my private mail (that resides in my SBS at home) from my Qtek S100. The problem is that I use Active sync to sync my Work Calendar so the only option left is setting up Outlook Mobile Access.

I found this excellent article in Jespers Johanssons Blog which I used but I did not pass the finnish line… I ran in to a problem when I finished…

A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator.

This is due to this:

“The incoming requests are made to the /OMA virtual directory on the Exchange 2003 computer. These requests try to communicate by using the NetBIOS name of the /Exchange virtual directory. If the host header for the OMA Web site does not include the NetBIOS name, you receive the message that is mentioned in the Symptoms section.”

The rest of the information is here.

Thanks Jesper for the excellent article…

My SBS OWA login is skrewed ut after SP install…

Q: I just upgraded to MS Exchange 2003 SP2 on my Windows 2003 SBS server and now I need to login with DOMAINusername instead of just username… Why? and how do I change it back?

A: The reason for this is that on a “real” Exchange server the default login is DOMAINusername. You will need to edit the web pages used for login according to this article.