是否有一个 AD 属性可以告诉我某个帐户是否使用 ActiveSync?

是否有一个 AD 属性可以告诉我某个帐户是否使用 ActiveSync?

我知道 Exchange 需要保留邮箱的同步状态信息,因此我希望可以使用相关属性来知道谁在使用智能手机查看邮件。

到目前为止,我们仍在使用 Exchange 2003。似乎最好的方法是在 ADUC 中保存查询,我希望可以使用它来创建通讯组?但无论你有什么都比我拥有的更好,所以提前感谢。

答案1

不,但您可以询问 Exchange 用户是否正在使用 activesync。您需要查找该邮箱中是否存在 Microsoft-Server-ActiveSync。您需要查找 Glen Scales 编写的脚本来执行此操作。 您还可以解析日志。我在他的网站上找不到它,所以这里是代码:

servername = wscript.arguments(0)
set shell = createobject("wscript.shell")
strValueName = "HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias"
minTimeOffset = shell.regread(strValueName)
toffset = datediff("h",DateAdd("n", minTimeOffset, now()),now())

report = "<table border=""1"" width=""100%"">" & vbcrlf
report = report & "  <tr>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">DisplayName</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">Email Address</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">Device Type</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">Device ID</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">FolderSync</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">ContactSync</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">CalendarSync</font></b></td>" & vbcrlf
report = report & "<td align=""center"" bgcolor=""#000080""><b><font color=""#FFFFFF"">autdstate.xml</font></b></td>" & vbcrlf
report = report & "</tr>" & vbcrlf
set req = createobject("microsoft.xmlhttp")
set com = createobject("ADODB.Command")
set conn = createobject("ADODB.Connection")
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strNameingContext = iAdRootDSE.Get("configurationNamingContext")
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
polQuery = "<LDAP://" & strNameingContext &  ">;(&(objectCategory=msExchRecipientPolicy)(cn=Default Policy));distinguishedName,gatewayProxy;subtree"
svcQuery = "<LDAP://" & strNameingContext & ">;(&(objectCategory=msExchExchangeServer)(cn=" & Servername & "));cn,name,legacyExchangeDN;subtree"
Com.ActiveConnection = Conn
Com.CommandText = polQuery
Set plRs = Com.Execute
while not plRs.eof
    for each adrobj in plrs.fields("gatewayProxy").value
        if instr(adrobj,"SMTP:") then dpDefaultpolicy = right(adrobj,(len(adrobj)-instr(adrobj,"@")))
    next
    plrs.movenext
wend
wscript.echo dpDefaultpolicy 
Com.CommandText = svcQuery
Set Rs = Com.Execute
while not rs.eof    
    GALQueryFilter =  "(&(&(&(& (mailnickname=*)(!msExchHideFromAddressLists=TRUE)(| (&(objectCategory=person)(objectClass=user)(msExchHomeServerName=" & rs.fields("legacyExchangeDN") & ")) )))))"
    strQuery = "<LDAP://"  & strDefaultNamingContext & ">;" & GALQueryFilter & ";displayname,mail,distinguishedName,mailnickname,proxyaddresses;subtree"
    com.Properties("Page Size") = 100
    Com.CommandText = strQuery
    Set Rs1 = Com.Execute
    while not Rs1.eof
        falias = "http://" & servername & "/exadmin/admin/" & dpDefaultpolicy & "/mbx/"
        if not isnull(rs1.fields("proxyaddresses").value) then 
            for each paddress in rs1.fields("proxyaddresses").value
                if instr(paddress,"SMTP:") then falias = falias & replace(paddress,"SMTP:","")  & "/non_ipm_subtree"
            next
            wscript.echo  falias 
            SerachAsync(falias)
        else 
            wscript.echo "*** Null Proxy ****   : " & rs1.fields("mailnickname")
        end if
        rs1.movenext
    wend
    rs.movenext
wend
rs.close
set conn = nothing
set com = nothing
report = report & "</table>" & vbcrlf
Set fso = CreateObject("Scripting.FileSystemObject")
set wfile = fso.opentextfile("c:\temp\asreport.htm",2,true) 
wfile.write report
wfile.close
set wfile = nothing
set fso = nothing

wscript.echo "Done"

sub SerachAsync(furl)
strQuery = "<?xml version=""1.0""?><D:searchrequest xmlns:D = ""DAV:"" >"
strQuery = strQuery & "<D:sql>SELECT ""http://schemas.microsoft.com/mapi/proptag/x3001001E"""
strQuery = strQuery & " FROM scope('shallow traversal of """
strQuery = strQuery & furl & """') Where ""DAV:ishidden"" = False AND ""DAV:isfolder"" = True AND "
strQuery = strQuery & """http://schemas.microsoft.com/mapi/proptag/x3001001E"" = 'Microsoft-Server-ActiveSync'</D:sql></D:searchrequest>"
req.open "SEARCH", furl, false
req.setrequestheader "Content-Type", "text/xml"
req.setRequestHeader "Translate","f"
on error resume next
req.send strQuery
if err.number <> 0 then wscript.echo err.description
on error goto 0
If req.status >= 500 Then
ElseIf req.status = 207 Then
    set oResponseDoc = req.responseXML
    set oNodeList = oResponseDoc.getElementsByTagName("d:x3001001E")
    if oNodeList.length <> 0 then
        wscript.echo "Active-Sync Folder Exists"
        displayAyncSub(furl & "/Microsoft-Server-ActiveSync")
    else
        wscript.echo "No Active-Sync Folder"
    end if 
Else
End If

end sub

sub displayAyncSub(furl)

strQuery = "<?xml version=""1.0""?><D:searchrequest xmlns:D = ""DAV:"" >"
strQuery = strQuery & "<D:sql>SELECT ""http://schemas.microsoft.com/mapi/proptag/x3001001E"""
strQuery = strQuery & " FROM scope('shallow traversal of """
strQuery = strQuery & furl & """') Where ""DAV:ishidden"" = False AND ""DAV:isfolder"" = True</D:sql></D:searchrequest>"
req.open "SEARCH", furl, false
req.setrequestheader "Content-Type", "text/xml"
req.setRequestHeader "Translate","f"
on error resume next
req.send strQuery
if err.number <> 0 then wscript.echo err.description
on error goto 0
If req.status >= 500 Then
ElseIf req.status = 207 Then
    set oResponseDoc = req.responseXML
    set oNodeList = oResponseDoc.getElementsByTagName("d:x3001001E")
    for each node in oNodeList
        call displaydeviceSub(furl & "/" & node.text,node.text)
    next
Else
End If
end sub

sub displaydeviceSub(furl,fname)

strQuery = "<?xml version=""1.0""?><D:searchrequest xmlns:D = ""DAV:"" >"
strQuery = strQuery & "<D:sql>SELECT ""http://schemas.microsoft.com/mapi/proptag/x3001001E"""
strQuery = strQuery & " FROM scope('shallow traversal of """
strQuery = strQuery & furl & """') Where ""DAV:ishidden"" = False AND ""DAV:isfolder"" = True</D:sql></D:searchrequest>"
req.open "SEARCH", furl, false
req.setrequestheader "Content-Type", "text/xml"
req.setRequestHeader "Translate","f"
on error resume next
req.send strQuery
if err.number <> 0 then wscript.echo err.description
on error goto 0
If req.status >= 500 Then
ElseIf req.status = 207 Then
    set oResponseDoc = req.responseXML
    set oNodeList = oResponseDoc.getElementsByTagName("d:x3001001E")
    for each node in oNodeList
        report = report & "<tr>" & vbcrlf
        report = report & "<td align=""center"">" & rs1.fields("displayname") & "&nbsp;</td>" & vbcrlf
        report = report & "<td align=""center"">" & rs1.fields("mail") & "&nbsp;</td>" & vbcrlf
        report = report & "<td align=""center"">" & fname & "&nbsp;</td>" & vbcrlf
        report = report & "<td align=""center"">" & node.text  & "&nbsp;</td>" & vbcrlf
        report = report & finditems(furl & "/" & node.text)
        report = report & "</tr>" & vbcrlf
    next
Else
End If
end sub

function finditems(furl)

hascalsyc = 0
hasfolsyc = 0
hasconsyc = 0
hasautd = 0
rback = ""
strQuery = "<?xml version=""1.0""?><D:searchrequest xmlns:D = ""DAV:"" >"
strQuery = strQuery & "<D:sql>SELECT ""DAV:displayname"", ""DAV:getlastmodified"""
strQuery = strQuery & " FROM scope('shallow traversal of """
strQuery = strQuery & furl & """') Where ""DAV:isfolder"" = False</D:sql></D:searchrequest>"
req.open "SEARCH", furl, false
req.setrequestheader "Content-Type", "text/xml"
req.setRequestHeader "Translate","f"
on error resume next
req.send strQuery
if err.number <> 0 then wscript.echo err.description
on error goto 0
rem wscript.echo req.responsetext
If req.status >= 500 Then
ElseIf req.status = 207 Then
    set oResponseDoc = req.responseXML
    set oNodeList = oResponseDoc.getElementsByTagName("a:displayname")
    set oNodemodlist = oResponseDoc.getElementsByTagName("a:getlastmodified")
    wscript.echo oNodeList.length
    for i = 1 to oNodeList.length
        set onode = oNodeList.nextNode
        set onode1 = oNodemodlist.nextNode
        select case lcase(onode.text)
            case "calendarsyncfile" hascalsyc = 1
                        hascalsycval = DateAdd("h",toffset,(left(replace(replace(onode1.text,"T"," "),"Z",""),19)))
            case "foldersyncfile"   hasfolsyc = 1
                        hasfolsycval = DateAdd("h",toffset,(left(replace(replace(onode1.text,"T"," "),"Z",""),19)))
            case "contactssyncfile" hasconsyc = 1
                        hasconsycval = DateAdd("h",toffset,(left(replace(replace(onode1.text,"T"," "),"Z",""),19)))
            case "autdstate.xml"    hasautd = 1
                        hasautdval = DateAdd("h",toffset,(left(replace(replace(onode1.text,"T"," "),"Z",""),19)))
        end select
    next
Else
End If
wscript.echo hasfolsyc
if hasfolsyc = 1  then
    rback = rback & "<td align=""center"">" & hasfolsycval & "&nbsp;</td>" & vbcrlf
else
    rback = rback & "<td align=""center"">No&nbsp;</td>" & vbcrlf
end if
if hasconsyc  = 1  then
    rback = rback & "<td align=""center"">" & hasconsycval & "&nbsp;</td>" & vbcrlf
else
    rback = rback & "<td align=""center"">No&nbsp;</td>" & vbcrlf
end if
if hascalsyc  <> 0  then
    rback = rback & "<td align=""center"">" & hascalsycval & "&nbsp;</td>" & vbcrlf
else
    rback = rback & "<td align=""center"">No&nbsp;</td>" & vbcrlf
end if
if hasautd  <> 0  then
    rback = rback & "<td align=""center"">" & hasautdval & "&nbsp;</td>" & vbcrlf
else
    rback = rback & "<td align=""center"">No&nbsp;</td>" & vbcrlf
end if
finditems = rback
end function

答案2

看起来它是由 msExchOmaAdminWirelessEnable 中的某个位控制的。以下是某人列出的位描述这个帖子

1 (bit 0) = 1 to disable Server Activesync, 0 to enable it
2 (bit 1) = 1 to disable OMA, 0 to enable it
4 (bit 2) = 1 to disable Always Up-To-Date (AUTD), 0 to enbable it

看起来该值在 AD 中是一个十进制值,因此您需要将这些位进行 AND 运算并将其转换为十进制来设置它。因此:

Disable everything = 0x111 = 7
Enable ActiveSync, Disable OMA, Disable AUTD = 0x110 = 6
Enable ActiveSync, Disable OMA, Enable Autd = 0x010 = 4
etc...

答案3

首先看一下这个:http://support.microsoft.com/kb/830188

因此,基本上,“msExchOmaAdminWirelessEnable”属性默认不在所有用户对象上设置,并且允许使用 ActiveSync 进行访问。如果您选择为所有用户关闭它,然后仅为需要它的用户启用它,那么您可以过滤/查询此“msExchOmaAdminWirelessEnable”属性。

所以,这是一个先有鸡还是先有蛋的问题。如果你不知道谁在使用它,你就无法更改此属性。

我会考虑解析 IIS 服务器上的日志以确定谁在使用 ActiveSync,然后考虑对所有未使用它的用户设置标志。这很麻烦,但在我看来这是实现您想要的最好方法。

答案4

我刚刚查看了所有属性,并没有发现任何可以泄露的东西。

对不起。

相关内容