I would like to search the Exchange 2003 mailboxes in my organization for mailboxes where "SELF" has the Allow "Associated external account" box checked.Is there a query that I can execute in Active Directory Users and Computers or some other method that will yield this information readily ?ThanksSam

If you don't want to script it, probably ADFIND (from www.joeware.net) is your best option. The command would look something like this: adfind -default -f "(&(samaccounttype=805306368)(msexchmailboxsecuritydescriptor=*))" msexchmailboxsecuritydescriptor -sddl++ -resolvesids -sddlfilter allow;;[ASSOC EXT ACC];;;SELF -csv Tony

Thaks for that info Tony. I have adfind but I was really hoping to have a simple query that Help Desk staff could use via a Saved Search in the Active Directory Users and Computers MMC.?Sam

Hi SamYes, it would be nice to have something like that in Active Directory Users and Computers. Unfortunately, it isn't available. I suspect this is because it's not a simple LDAP query. The Exchange permissions are wrapped up in the msexchmailboxsecuritydescriptor attribute, which is really just a binary blob. There are tools available to decode the attribute, but not via LDAP. Others may have better ideas, but if you don't want to deploy ADFIND to your Help Desk staff I think you are going to have to script something for them.Tony

On Thu, 29-Oct-09 23:03:17 GMT, sime3000 wrote:>>>I would like to search the Exchange 2003 mailboxes in my organization for mailboxes where "SELF" has the Allow "Associated external account" box checked.Is there a query that I can execute in Active Directory Users and Computers or some other method that will yield this information readily ?ThanksSam I suppose you could use the old NoMas.exe tool. IIRC, if you don't runit in 'fix' mode it'll show you the disabled user mailboxes that don'tAEA permission and the active user mailboxesthat DO have SELF assigned the AEA permission. It'll also make sure(if you ask it to) that the mailbox permissions in the AD match thosein the mailbox (and fix it if you tell it to).---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP