################################################################################# # # The sample scripts are not supported under any Microsoft standard support # program or service. The sample scripts are provided AS IS without warranty # of any kind. Microsoft further disclaims all implied warranties including, without # limitation, any implied warranties of merchantability or of fitness for a particular # purpose. The entire risk arising out of the use or performance of the sample scripts # and documentation remains with you. In no event shall Microsoft, its authors, or # anyone else involved in the creation, production, or delivery of the scripts be liable # for any damages whatsoever (including, without limitation, damages for loss of business # profits, business interruption, loss of business information, or other pecuniary loss) # arising out of the use of or inability to use the sample scripts or documentation, # even if Microsoft has been advised of the possibility of such damages # ################################################################################# # The purpose of this script is to check for certain types of LDAP filters that may cause # Exchange 2007 setup to fail. The script looks at all address lists, global address lists, # and recipient policies. # # Requirements: This script can be run from any machine in the same forest as the Exchange # organization. It does not require any Exchange 2007 tools to be installed - just plain # Powershell. # # Syntax: # .\CheckFilters # # If the script is in the path you can eliminate the ".\". function CheckFilter([string]$filter) { $foundProblems = $false for ($x = 0; $x -lt $filter.Length; $x++) { if ($filter[$x] -eq " ") { continue } $thisChar = $filter[$x] if (($lastChar -eq "&" -or $lastChar -eq "|" -or $lastChar -eq "!") -and $thisChar -ne "(") { "Warning: an attribute name is immediately preceded by a logical operator." $foundProblems = $true } if ($lastChar -eq "(" -and ($thisChar -eq "h" -or $thisChar -eq "H")) { # this might be homeMDB comparison... find out if ($filter.Substring($x, 8).ToLower() -eq "homemdb=") { # yep it's homeMDB... is it a DN comparison? if ($filter[$x + 8] -ne "*") { $domainPos = $filter.IndexOf(",DC=", $x) # now see if there are any parentheses in that range of chars $substring = $filter.Substring($x, $domainPos - $x) $parenPos = $substring.IndexOf("(") if ($parenPos -gt -1) { "Warning: a homeMDB value contains parentheses." $foundProblems = $true } } } } $lastChar = $thisChar } if (!($foundProblems)) { "Filter is good." } } # Find the Exchange org object $rootDSE = [ADSI]"LDAP://RootDSE" $configNC = [ADSI]("LDAP://" + $rootDSE.configurationNamingContext) $proplist = @("distinguishedName", "name", "purportedSearch") $orgFinder = new-object System.DirectoryServices.DirectorySearcher($configNC, "(objectClass=msExchOrganizationContainer)", $proplist, [System.DirectoryServices.SearchScope]::Subtree) $org = $orgFinder.FindOne().GetDirectoryEntry() # First look at all Address Lists and Recipient Policies that have not yet been upgraded $alFinder = new-object System.DirectoryServices.DirectorySearcher($org, "(&(|(objectClass=addressBookContainer)(objectClass=msExchRecipientPolicy))(purportedSearch=*))", $proplist, [System.DirectoryServices.SearchScope]::Subtree) $alFinder.PageSize = 100 $alResults = $alFinder.FindAll() foreach ($result in $alResults) { ("Evaluating: " + $result.Properties["name"][0]) CheckFilter $result.Properties["purportedsearch"][0] }