Unity users not showing in AD Users & Computers?

 26 Aug 2007 02:38:10 pm

Some user object created or modified by Cisco Unity fail to show in Active Directory Users and Computers unless Advanced Features is enabled.

In addition to simple view issues some tools (i.e. Microsoft’s own ADMT) fail to locate user accounts. This is how I ran into the issue this weekend, trying to do a migration for one of our customers. Fortunately for them only about 100 mailboxes were affected.

As I understand it this is thanks to Cisco Unity (confirmed in 4.2.1 and 5.x). Looking at the Directory attributes it modifies (AD attriutes unity has access to) you’ll notice that the Unity attribute AVP_HIDDEN_IN_DIRECTORY is listed for both the msExchHideFromAddressLists (which stops a user from getting displayed in the Exchange address lists that someone would look at in Outlook) as well as the showInAdvancedViewOnly attribute (which stops it from getting displayed in a host of other places). Although I haven’t been able to do extensive testing I’m fairly confident now that when you set a user as hidden from the directory in Unity it’s modifying both attributes in AD and that is the root of the problem.

So the question is how to fix it?
What I ended up doing was to use ldifde.exe to export the user objects where the attribute was set to true:

Code :
> ldifde -f hidden_users.ldf -r "(&(objectClass=user)(showInAdvancedViewOnly=TRUE))" -l showInAdvancedViewOnly

Next I used PowerShell to parse the LDF file and give me a list of the DNs of the users to fix:
Code :
> Get-Content hidden_users.ldf | where { $_ -like “dn:*” } | Out-File Users-to-fix.txt

And assembled a quick PowerShell script to generate a new LDF for import:
Code :
Fix-hidden-users.ps1
---------------------------------
Get-Content $fixusers | foreach-Object -process {
Write-Output $_ >> fixed_users.ldf
Write-Output "changetype: modify" >> fixed_users.ldf
Write-Output "replace: showInAdvancedViewOnly" >> fixed_users.ldf
Write-Output "showInAdvancedViewOnly: FALSE" >> fixed_users.ldf
Write-Output "-" >> fixed_users.ldf
Write-Output "" >> fixed_users.ldf }

Set the filename variable and run it:
Code :
> Set-Variable fixusers Users-to-fix.txt
> .fix-hidden-users.ps1

Lastly use ldifde.exe again to import the changes:
Code :
> ldifde -i -f fixed_users.ldf


As usual the typical disclaimers apply. There may be a good reason that your accounts are hidden so do your homework first; you also may want to consider limiting the scope of your LDF export by specifying the base DN with the -d switch. Any damage you cause you cause by using the above tasks/scripts is your own problem, USE AT YOUR OWN RISK!

Good Luck!

Erik Szewczyk

Category : Active Directory | Posted By : Erik | Comments [0] | Trackbacks [0]


Trackbacks

The URI to TrackBack this entry is :
http://spyordie007.com/trackback.php/18




Comments

Add Your Comment

Subject

Comments

Name

Email Address (Optional)

Home Page (Optional)

Security Code
Click to display security code
Note:Security Code valid for only 10 minutes!
Need to enable javascript & accept cookies to work
Please enter the security code as displayed :



NOTE: All comments are now moderated and will not immediatly appear.