mystuff

Your IP Address is: 38.107.191.102
Last site update: 23 March 2009
You are visitor number: 

  home | wsname | wallpaper creator | delphi stuff | vb script stuff | other stuff | contact me

Google
Web Site
Set Exchange Mailbox Limits by Group Membership - 12 December 2005


Introduction

This describes a process for providing a more granular method of managing user mailbox limits than is available by using the functionality in Exchange Server 2003.

Design Goals

  1. The process provides a more granular selection criteria than is generally available using the built in store and global limit functionality
  2. The process does not rely on a database or static files for data storage
  3. Active Directory will be leveraged where possible without modification to the schema or default permissions
  4. The process produces minimal overhead on critical systems such as Active Directory and Exchange servers
  5. Process is automated and is run at an interval determined by organisational requirements
  6. Process easily managed and maintained by helpdesk staff
  7. Secure � the process runs using an account which is delegated least privilege required to perform its function
     

Solution Structure

The solution is based on three main components:  

  1. Visual Basic Script : The application is written in Visual Basic Script.
  2. Active Directory Groups : Active Directory groups are created to represent the storage limits available to users. Users that are not members of the any groups use the default storage limits placed on the Exchange databases in which their mailboxes reside.
  3. Scheduled Tasks : The task scheduler is used to run the process at the required intervals under the appropriate security context
     

Solution Structure

When the process runs it queries Active Directory for all groups that start with a predetermined string (currently set to �Exchange Mailbox Size Limit ��). The �notes� field of the group is used to contain key words that represent the various message limits to be applied to its members. The process then evaluates each mail enabled user in the Active Directory Domain and checks to see if they belong to any of the groups. If they are found to be a member of one of the groups the user�s mDBUseDefaults attribute is set to false and the group limits are applied to the user. If the user is not a member of any groups the mDBUseDefaults attribute is set to true and any limits that have been applied are cleared, in this instance the user�s limits will be inherited from the database limits. The process only updates the user object if changes are required so replication traffic from this process should be minimal.
All actions are logged into a text file which is written in the temporary folder of the user context performing the operation. This file is automatically rolled over if it becomes larger than 512 Kbytes.
 

Figure 1: Process Overview

Next >