cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1389
Views
1
Helpful
3
Replies

ironport ldap accept-query for disabled Active Directory Accounts

MIKE DEDMON
Level 1
Level 1

I have a C170 Ironport running version 8.0.1-023

My existing LDAP query "(|(mail={a})(proxyAddresses=smtp:{a}))" works like a charm. I've attempted to change the query so that it can detect if the AD account is disabled. I've used this query as suggested from another website (see below): "(&(|(mail={a})(proxyAddresses=smtp:{a}))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" and the test feature fails every time.

 

Interestingly, I've also tested this query using dsquery from the domain controller, and that works fine.

 

Any ideas on how to get this feature working on the Ironport? I'd love to bounce all emails for disabled accounts.

This is the site that had the suggested query: http://www.looke.ch/wp/ironport-esa-ldap-accept-query-disabled-ad-accounts

 

Any help is appreciated.

3 Replies 3

dkorell
Level 1
Level 1

Did you find a solution to this? I saw another post from 2008 that says to use 514 instead of 2.

No, I remember at the time, that I tried all of those, but the query was never accepted. My solution was to do it at the Exchange server. If an account is located in "Disabled" OU, then the email is bounced to the originator.

There have been several updates to the ironport software, so it might work now, but my solution is working for my needs, and I don't have time to dig into it now.

After searching and testing for a couple hours I got it. The syntax that works for a user that only has disabled checked is "(&(|(mail={a})(proxyAddresses=smtp:{a}))(!(userAccountControl=514)))". I then expanded to included users that are disabled and have the password never expires checked and that syntax is "(&(|(mail={a})(proxyAddresses=smtp:{a}))(!(userAccountControl=514))(!(userAccountControl=66050)))".

These values are based on adding the decimal values from AD.

https://support.microsoft.com/en-us/kb/305144

Review Cisco Networking for a $25 gift card