none
From which AD attributes we can identify the user is mail-enabled user or mailbox user ?

    Question

  • We use several Exchange Environment.

    We would like to know which AD attributes is usable to identify the user is mail-enabled user or mailbox user .

    What are those AD attributes ?

    Tuesday, July 2, 2013 7:20 AM

Answers

  • We use several Exchange Environment.

    We would like to know which AD attributes is usable to identify the user is mail-enabled user or mailbox user .

    What are those AD attributes ?


    Use the property "msExchRecipientTypeDetails".

    1 := User Mailbox

    128 := Mail-enabled User


    --- Rich Matheisen MCSE&I, Exchange MVP

    • Marked as answer by yuuichiro99 Sunday, July 7, 2013 7:51 AM
    Saturday, July 6, 2013 2:20 AM
  • Mail-enabled user objects are users that have an external mailbox. Mailbox-enabled user objects are users that have an Exchange mailbox.
    The following sample code queries for mail-enabled and mailbox-enabled user objects by setting the query to include:

    (&(objectClass=user)(mail=*))

    Another common query is to find all the mail-enabled/mailbox-enabled users who have a specific attribute set. The following sample query finds all the users who do not have a value set for the extension2 attribute. If you add (!(extensionAttribute2=*)) to the query shown earlier, you would specify that the resulting recordset should contain objects that do not have the extension2 attribute set. The query would look like this:

    = "<LDAP://" & varDomainNC & -

     ">;(&(objectClass=user)(mail=*)(!(extensionAttribute2=*)));adspath,cn;subtree"

                                      


    Note You can view the extension2 attribute on a user object by using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. To do so, view the
    Properties of a mail-enabled/mailbox-enabled user object. To find the extension2 attribute, view the Properties of the user object, click the Exchange Advanced tab, and then click Custom Attributes.


    Saturday, July 6, 2013 2:06 PM

All replies

  • If it is a Mailbox, the AD attribute is objectClass = user

    Mail - enabled, the AD attribute is  objectClass = user & objectClass = contact

    http://support.microsoft.com/kb/275636

    Tuesday, July 2, 2013 7:27 AM
  • Thank you.

    Is there any candidates for that AD attributes ?

    How about mailboxGUID and msExchhomemailserver ?

    Friday, July 5, 2013 12:21 AM
  • Yes, both(mailboxGUID & msExchhomemailserver ) will also tell you if the user has mail enabled or not.
    Friday, July 5, 2013 4:19 AM
  • We use several Exchange Environment.

    We would like to know which AD attributes is usable to identify the user is mail-enabled user or mailbox user .

    What are those AD attributes ?


    Use the property "msExchRecipientTypeDetails".

    1 := User Mailbox

    128 := Mail-enabled User


    --- Rich Matheisen MCSE&I, Exchange MVP

    • Marked as answer by yuuichiro99 Sunday, July 7, 2013 7:51 AM
    Saturday, July 6, 2013 2:20 AM
  • If it is a Mailbox, the AD attribute is objectClass = user

    Mail - enabled, the AD attribute is  objectClass = user & objectClass = contact

    http://support.microsoft.com/kb/275636


    A mailbox and a mail-enabled user will both have an objectClass value of "user". A "contact" isn't a "security principal" and cannot be used for authentication -- it's quite different to a "user" object.

    --- Rich Matheisen MCSE&I, Exchange MVP

    Saturday, July 6, 2013 2:23 AM
  • Mail-enabled user objects are users that have an external mailbox. Mailbox-enabled user objects are users that have an Exchange mailbox.
    The following sample code queries for mail-enabled and mailbox-enabled user objects by setting the query to include:

    (&(objectClass=user)(mail=*))

    Another common query is to find all the mail-enabled/mailbox-enabled users who have a specific attribute set. The following sample query finds all the users who do not have a value set for the extension2 attribute. If you add (!(extensionAttribute2=*)) to the query shown earlier, you would specify that the resulting recordset should contain objects that do not have the extension2 attribute set. The query would look like this:

    = "<LDAP://" & varDomainNC & -

     ">;(&(objectClass=user)(mail=*)(!(extensionAttribute2=*)));adspath,cn;subtree"

                                      


    Note You can view the extension2 attribute on a user object by using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. To do so, view the
    Properties of a mail-enabled/mailbox-enabled user object. To find the extension2 attribute, view the Properties of the user object, click the Exchange Advanced tab, and then click Custom Attributes.


    Saturday, July 6, 2013 2:06 PM
  • Mail-enabled user objects are users that have an external mailbox. Mailbox-enabled user objects are users that have an Exchange mailbox.
    The following sample code queries for mail-enabled and mailbox-enabled user objects by setting the query to include:

    (&(objectClass=user)(mail=*))

    Another common query is to find all the mail-enabled/mailbox-enabled users who have a specific attribute set. The following sample query finds all the users who do not have a value set for the extension2 attribute. If you add (!(extensionAttribute2=*)) to the query shown earlier, you would specify that the resulting recordset should contain objects that do not have the extension2 attribute set. The query would look like this:

    = "<LDAP://" & varDomainNC & -

     ">;(&(objectClass=user)(mail=*)(!(extensionAttribute2=*)));adspath,cn;subtree"

                                      


    Note You can view the extension2 attribute on a user object by using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. To do so, view the
    Properties of a mail-enabled/mailbox-enabled user object. To find the extension2 attribute, view the Properties of the user object, click the Exchange Advanced tab, and then click Custom Attributes.



    The "mail" attribute isn't used by Exchange. You can set the "mail" attribute on any AD object, but it doesn't mean that Exchange will consider it to be "mail-enabled".

    --- Rich Matheisen MCSE&I, Exchange MVP

    • Proposed as answer by Michael Liben Saturday, September 16, 2017 10:41 AM
    • Unproposed as answer by Michael Liben Saturday, September 16, 2017 10:41 AM
    Saturday, July 6, 2013 10:01 PM
  • Terminology, terminology....

    A Mail-Enabled user is generally consider to be an Active Directory user object that can be used as an Exchange contact. However, it is not a contact object. Most Active Directory users with Office 365 mailboxes are mail-enabled users in the on-premises Active Directory. They can be identified by certain properties.

    Most obvious, they have a value in the targetAddress attribute. This should be identical to the "Reply-To" address in the proxyAddresses attribute (a.k.a. email addresses in Exchange/Outlook parlance). The "Reply-To" address is commonly referred to as the "primary" email address and it is the one with the uppercase SMTP: prefix. The targetAddress should be in the form SMTP:localpart@maildomain.

    However, Exchange mailboxes with forwarding also have these attributes populated so we need to exclude them. This is most easily achieved by examining the msExchMailboxGuid attribute. If it is present, then the user object is hosting an Exchange mailbox.

    A query for mail-enabled users would be (all on one line, omit leading and trailing spaces):

       (&(objectCategory=person)(objectClass=user)(targetAddress=*)(proxyAddresses=*)(!(msExchMailboxGuid=*)))

    If you want to find only those users with Office 365 mailboxes, you can search only for those with a mail domain ending mail.onmicrosoft.com (all on one line, omit leading and trailing spaces):

       (&(objectCategory=person)(objectClass=user)(targetAddress=*)(proxyAddresses=*mail.onmicrosoft.com)(!(msExchMailboxGuid=*)))

    Or, one I find more practical, mail-enabled users that are not Office 365 mailboxes (all on one line, omit leading and trailing spaces):

      (&(objectCategory=person)(objectClass=user)(targetAddress=*)(!(proxyAddresses=*mail.onmicrosoft.com))(!(msExchMailboxGuid=*)))

    ---Michael Liben, Oxford Computer Group

    Saturday, September 16, 2017 11:10 AM