05-29-2014 03:35 PM - edited 03-03-2019 07:26 AM
I have a C170 Ironport running version 8.0.1-023
My existing LDAP query "(|(mail={a})(proxyAddresses=smtp:{a}))" works like a charm. I've attempted to change the query so that it can detect if the AD account is disabled. I've used this query as suggested from another website (see below): "(&(|(mail={a})(proxyAddresses=smtp:{a}))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" and the test feature fails every time.
Interestingly, I've also tested this query using dsquery from the domain controller, and that works fine.
Any ideas on how to get this feature working on the Ironport? I'd love to bounce all emails for disabled accounts.
This is the site that had the suggested query: http://www.looke.ch/wp/ironport-esa-ldap-accept-query-disabled-ad-accounts
Any help is appreciated.
06-07-2016 08:28 AM
Did you find a solution to this? I saw another post from 2008 that says to use 514 instead of 2.
06-07-2016 02:25 PM
No, I remember at the time, that I tried all of those, but the query was never accepted. My solution was to do it at the Exchange server. If an account is located in "Disabled" OU, then the email is bounced to the originator.
There have been several updates to the ironport software, so it might work now, but my solution is working for my needs, and I don't have time to dig into it now.
06-07-2016 03:27 PM
After searching and testing for a couple hours I got it. The syntax that works for a user that only has disabled checked is "(&(|(mail={a})(proxyAddresses=smtp:{a}))(!(userAccountControl=514)))". I then expanded to included users that are disabled and have the password never expires checked and that syntax is "(&(|(mail={a})(proxyAddresses=smtp:{a}))(!(userAccountControl=514))(!(userAccountControl=66050)))".
These values are based on adding the decimal values from AD.
https://support.microsoft.com/en-us/kb/305144
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide