Finding DNS name of exchange server for user using LDAP

active-directory exchange ldap openldap
6,496

Assuming you can read VBScript, here's a link to a script from Microsoft showing how to find the location of a mailbox for a user account.

The script is querying the "homeMDB" attribute of the user (to get the DN of the the mailbox database holding the user's mailbox). Then, they're querying that MDB to find the DN of the server object that "owns" the MDB, using the value of the the "msExchOwningServer" attribute of the MDB (BTW, you can ignore the bits about the storage group, because you don't care about that).

Assuming you want a DNS name, query the "networkAddress" property of the server object (the one named in the "msExchOwningServer" attribute of the MDB object returned by querying the DN of the user's "homeMDB"), and take the value starting with "nacn_ip_tcp". That'll give you the FQDN of the server hosting that MDB.

Edit:

I didn't mean to imply that you needed to execute the VBScript-- just that it would tell you what to query with ldapsearch. Likewise, when I said "server object", I didn't mean to imply that you would be instantiating some kind of VBScript object-- only that you would query the DN named for the server.

So, assuming I want the DNS name of the server hosting the mailbox for user Bob, I'd query with the LDAP search filter "(sAMAccountName=Bob)" at the root of the domain (or root of the global catalog, if I wanted to search all domains in the forest) for Bob's "homeMDB" attribute.

ldapsearch -h ad.example.com -D [email protected] -W -b "DC=ad,DC=example,DC=com" -s sub -x "(sAMAccountName=Bob)" homeMDB

This returns the homeMDB attribute:

homeMDB: CN=Mailbox Store (EXCH-SRV),CN=First Storage Group,CN=InformationStore,CN=EXCH-SRV,CN=Servers,CN=EXAMPLE,CN=Administrative Groups,CN=Example Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=example,DC=com

Then, using that homeMDB attribute as a base DN, query for "msExchOwningServer":

ldapsearch -h ad.example.com -D [email protected]  -W -b "CN=Mailbox Store (EXCH-SRV),CN=First Storage Group,CN=InformationStore,CN=EXCH-SRV,CN=Servers,CN=EXAMPLE,CN=Administrative Groups,CN=Example Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=example,DC=com" msExchOwningServer

This returns the DN of the server hosting that mailbox database:

msExchOwningServer: CN=EXCH-SRV,CN=Servers,CN=EXAMPLE,CN=Administrative Groups,CN=Example Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=example,DC=com

Finally, using the server's DN as the base DN, query for the "networkAddress" attribute:

ldapsearch -h ad.example.com -D [email protected] -W -b "CN=EXCH-SRV,CN=Servers,CN=EXAMPLE,CN=Administrative Groups,CN=Example Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=example,DC=com" networkAddress

This returns all the network addresses, of which you're interested in the one starting with "nacn_ip_tcp".

networkAddress: ncacn_vns_spp:EXCH-SRV
networkAddress: netbios:EXCH-SRV
networkAddress: ncacn_np:EXCH-SRV
networkAddress: ncacn_spx:EXCH-SRV
networkAddress: ncacn_ip_tcp:EXCH-SRV.ad.example.com
networkAddress: ncalrpc:EXCH-SRV

You can do the same thing for the "homeMTA" attribute, but you'll search for "msExchResponsibleMTAServerBL" instead of "msExchOwningServer" when querying the DN named in the "homeMTA" attribute.

Finally, if you want to forego all of that, query the user for the "msExchHomeServerName" attribute.

msExchHomeServerName: /o=Example Organization/ou=EXAMPLE/cn=Configuration/cn=Servers/cn=EXCH-SRV

Take the value returned there and use that as the serach filter on the "legacyExchangeDN" attribute and search the Exchange-related subtree of the directory for the "networkAddress" attribute.

ldapsearch -h ad.example.com -D [email protected] -W -b "CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,dc=example,dc=com" -x "(legacyExchangeDN=/o=Example Organization/ou=EXAMPLE/cn=Configuration/cn=Servers/cn=EXCH-SRV)" networkAddress

And you'll get back the same network addresses as above.

Share:
6,496

Related videos on Youtube

plomien
Author by

plomien

Updated on September 17, 2022

Comments

  • plomien
    plomien over 1 year

    Following up on my last question, once I have the correct domain controller, I would like to fetch a given user's exchange server. I am able to get this far using ldapsearch:

    ldapsearch -LLL -h dc.example.com -D [email protected] -W -b "DC=example,DC=com"-s sub -x '(sAMAccountName=someuser)' msExchHomeServerName homeMTA homeMDB

dn: CN=someuser,OU=Employees,OU=Users,DC=example,DC=com
homeMTA: CN=Microsoft MTA,CN=EXCHANGESERVER,CN=Servers,CN=First Administrative Gr
 oup,CN=Administrative Groups,CN=My Company,CN=Microsoft Exchange,CN=Servic
 es,CN=Configuration,DC=example,DC=com
homeMDB: CN=Database 1,CN=Storage Group 1,CN=InformationStore,CN=EXCHANGESERVER,C
 N=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=My Company,
 CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com
msExchHomeServerName: /o=My Company/ou=First Administrative Group/cn=Config
 uration/cn=Servers/cn=EXCHANGESERVER

    I'd like to convert the DNs above (in their two completely different formats) into DNS names. In this case, they should all be translated into exchangeserver.example.com.

    Alternately, is there an easier way to get to this information? In my most common case, the user making the query is the user we're interested in, so my ideal is a way a unix user can ask "what is my exchange server's FQDN?" without requiring the unix machine to be joined to the AD domain.

    EDIT: I thought I'd found a solution, but it doesn't actually work:

    ldapsearch -x -LLL -h dc.cisco.com -D [email protected] -W -s base -b "CN=Microsoft MTA,CN=EXCHANGESERVER,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=My Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com" dnsHostName

    This is very close, but you have to know to strip the "CN=Microsoft MTA," off the front of the -b property, which doesn't lend itself to programatic work.

  • Spence
    Spence over 14 years
    I dropped on an edit clarifying.
  • plomien
    plomien over 14 years
    Thanks for the additional information. The problem I'm seeing is in the search for "CN=Mailbox Store (EXCH-SRV)..." AD cannot find this DN and returns that the closest match is "CN=EXCH-SRV,CN=Servers,...", which is correct, but an awkward intermediary step (parsing out the error and resubmitting). I can string-munge it, but that seems fragile and requires special casing in my code that also talks to OpenLDAP servers.
  • Spence
    Spence over 14 years
    I don't know what to tell you. I'm having no problems querying the DN returned for the "homeMDB" attribute as the base DN for a query returning the "msExchOwningServer" attribute from the base DN. I'm not having to "string munge" anything. Using the "msExhcHomeServerName" and filtering your next query on the "legacyExchangeDN" attribute will get to your result one query faster, but it'll get you to the same place.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What are the other alternative to test a LDAP connection on linux machine
I need to find out disabled users from ldap
Is there an LDAP standard group membership attribute for users?
Find out my bind DN in a Windows network
Configuring OpenLDAP as a Active Directory Proxy
How do I use Get-AdObject with an -LDAPFilter on proxyAddresses?
ldapquery an Active Directory server for users that belongs to a group named X
ldapsearch against Active Directory fails authentication + search params wrong
How do I migrate user-accounts from OpenLDAP to Active-Directory?
Finding closest Domain Controller through LDAP