A little while ago I saw this post in the MSExchange Forums which was basically was asking was it possible to disable IMAP for new users when created in Active Directory, but in the case of the Executives, leave the IMAP settings intact (due to that fact that one of them had purchased an iPhone – yuck!)
I liked the look of this post and wanted to answer, but when thinking about it -it became apparent that this is quite hard to do even though I had the basic idea that it could perhaps be accomplished by some form of script, there were some finer details of how the script should run and how we could take into account existing IMAP settings.
During my research I came across the following script on Glens Exchange Dev Blog which explains how you can enable and disable POP3 and IMAP on a per user basis, this was great as with some adaption these could be used to disable IMAP globally in AD (thanks Glen – as always you have what we need), now all I needed was a method to exclude people from the disable process.
In the end I decided to have a Sub in the script that would open a text file – exclude.txt which contains a lists of distinguishedNames that we which to read back into the Sub and re-enable the IMAP settings.
Now that the script had been logically thought out this is what I came up with in terms of the code:
Set objRootDSE = GetObject(”LDAP://rootDSE“) strADsPath = “LDAP://” & objRootDSE.Get(”defaultNamingContext”) Set objDomain = GetObject(strADsPath) Set objCommand = CreateObject(”ADODB.Command”) Set objConn = CreateObject(”ADODB.Connection”) objConn.Open “Provider=ADsDSOObject;” Set objCommand.ActiveConnection = objConn objCommand.CommandText = “SELECT distinguishedName,samAccountName FROM “+”‘”+strADsPath+”‘”+” WHERE objectClass = ‘user’” objCommand.Properties(”searchscope”) = 2 objCommand.Properties(”Page Size”) = 1000 Set objRecordSet = objCommand.Execute While Not objRecordSet.EOF ChangeVal(objRecordSet.Fields(”distinguishedName”)) objRecordSet.MoveNext Wend FindExcluded Sub ChangeVal(strDN) qstring = “LDAP://” & strDN set objUser = GetObject(qstring) objUser.PutEx 2, “protocolSettings”,ARRAY(”IMAP4§0§1§4§ISO-8859-1§0§1§0§0″) objUser.setinfo Set objUser = Nothing End Sub Sub FindExcluded Set objFSO = CreateObject(”Scripting.FileSystemObject”) Set objFile = objFSO.OpenTextFile(”exclude.txt”, 1) Do Until objFile.AtEndOfStream strLine = objFile.ReadLine qstring = “LDAP://” & strLine ‘Thanks Glen set objUser = GetObject(qstring) objUser.PutEx 2, “protocolSettings”,ARRAY(”IMAP4§1§1§4§ISO-8859-1§0§1§0§0″) objUser.setinfo Loop ObjFile.Close Set objFSO = Nothing Set objFile = Nothing End Sub
You can download a copy of this code from Here
You will notice that the code above references a text file called exclude.txt this file should contain the values of the distinguishedNames that you wish to exclude from the process of disabling IMAP on a separate line – for example:
What I suggest for people wishing to implement this is to out this script either on a Domain controller or Exchange server, and the schedule it as a re-occurring task using the “Scheduled Tasks” wizard (you can configure a batch file to run every 10 minutes or so which runs the script).