Disabling IMAP for New Users, but maintaining the existing IMAP settings…

A little while ago I saw this post in the MSExchange Forums which was basically was asking was it possible to disable IMAP for new users when created in Active Directory, but in the case of the Executives, leave the IMAP settings intact (due to that fact that one of them had purchased an iPhone – yuck!)

I liked the look of this post and wanted to answer, but when thinking about it -it became apparent that this is quite hard to do even though I had the basic idea that it could perhaps be accomplished by some form of script, there were some finer details of how the script should run and how we could take into account existing IMAP settings.

During my research I came across the following script on Glens Exchange Dev Blog which explains how you can enable and disable POP3 and IMAP on a per user basis, this was great as with some adaption these could be used to disable IMAP globally in AD (thanks Glen – as always you have what we need), now all I needed was a method to exclude people from the disable process.

In the end I decided to have a Sub in the script that would open a text file – exclude.txt which contains a lists of distinguishedNames that we which to read back into the Sub and re-enable the IMAP settings.

Now that the script had been logically thought out this is what I came up with in terms of the code:

Set objRootDSE = GetObject(”LDAP://rootDSE“)
strADsPath = “LDAP://” & objRootDSE.Get(”defaultNamingContext”)

Set objDomain = GetObject(strADsPath)

Set objCommand = CreateObject(”ADODB.Command”)
Set objConn = CreateObject(”ADODB.Connection”)
objConn.Open “Provider=ADsDSOObject;”
Set objCommand.ActiveConnection = objConn
objCommand.CommandText = “SELECT distinguishedName,samAccountName FROM “+”‘”+strADsPath+”‘”+” WHERE objectClass = ‘user’”
objCommand.Properties(”searchscope”) = 2
objCommand.Properties(”Page Size”) = 1000
Set objRecordSet = objCommand.Execute

While Not objRecordSet.EOF

ChangeVal(objRecordSet.Fields(”distinguishedName”))
objRecordSet.MoveNext

Wend

FindExcluded

Sub ChangeVal(strDN)

qstring = “LDAP://” & strDN
set objUser = GetObject(qstring)
objUser.PutEx 2, “protocolSettings”,ARRAY(”IMAP4§0§1§4§ISO-8859-1§0§1§0§0″)
objUser.setinfo

Set objUser = Nothing

End Sub

Sub FindExcluded

Set objFSO = CreateObject(”Scripting.FileSystemObject”)
Set objFile = objFSO.OpenTextFile(”exclude.txt”, 1)

Do Until objFile.AtEndOfStream
strLine = objFile.ReadLine
qstring = “LDAP://” & strLine ‘Thanks Glen
set objUser = GetObject(qstring)
objUser.PutEx 2, “protocolSettings”,ARRAY(”IMAP4§1§1§4§ISO-8859-1§0§1§0§0″)
objUser.setinfo

Loop
ObjFile.Close

Set objFSO = Nothing
Set objFile = Nothing

End Sub

You can download a copy of this code from Here

You will notice that the code above references a text file called exclude.txt this file should contain the values of the distinguishedNames that you wish to exclude from the process of disabling IMAP on a separate line – for example:

CN=Andy,CN=Users,DC=ldn,DC=com
CN=Maria,CN=Users,DC=ldn,DC=com

What I suggest for people wishing to implement this is to out this script either on a Domain controller or Exchange server, and the schedule it as a re-occurring task using the “Scheduled Tasks” wizard (you can configure a batch file to run every 10 minutes or so which runs the script).

Sharing is caring!:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.