Creating a dynamic distribution group based on any Active Directory attribute in exchange 2010

Taken from Marcs blog @ http://blog.marcturner.co.uk, I didn’t need to use this but wanted to keep it as a reference.

A Common requirement I’m sure for most businesses is to be able to send a mail to all users who are located in a specific building.

A dynamic distribution group based on the office attribute is surely the answer – well yes it is, but not using the Exchange Management Console.

I have the office attribute set for each user within active directory

However, if you use the exchange management console to build your query, its options are limited and does not include the office attribute.

Although using the EMC it isn’t possible, it can be done in powershell.

The new-dynamicdistributiongroup cmdlet doesn’t natively support anything other than the attributes you see listed in the EMC, however you can use a recipientfilter to specify any attribute you like.
The command below will create a dynamic distribution group called “Users in Example Office name” which will contain any user with the office location set to “Example office Name”
New-DynamicDistributionGroup -Name "Users in Example Office Name" -OrganizationalUnit "domain.net\users" -RecipientFilter { ((RecipientType -eq 'UserMailbox') –and (Office -eq 'Users in example office name')) }
This command can be extended futher using the –and variable. The command below would create the same dynamic distribution group, only the members would be those who are in the “Example office name” building AND their manager is James Bond
New-DynamicDistributionGroup -Name "Users in Example Office Name" -OrganizationalUnit "domain.net\users" -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (Manager –eq 'James Bond') –and (Office -eq 'Users in example office name')) }

Find All Locked-Out Accounts

This explain how, by the use of Active Directory Saved Queries, you can quickly get a list of all locked out user accounts.

1. Open the Active Directory Users and Computers console
2. Right-click on Saved Queries in the console tree and select New –> Query.
3. Type a name and description for the query
4. Specify a query root (where in your namespace your query begins searching)
5. Click the Define Query button.
6. Since there’s no default option for finding locked-out accounts in the Common Queries box, select Custom Search instead to open the Find Custom Search box. Then select the Advanced tab and enter the following LDAP string in the Enter LDAP Query textbox:

(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))

7. Click OK twice to create and run the saved query.