#################################################################################
#
# The sample scripts are not supported under any Microsoft standard support
# program or service. The sample scripts are provided AS IS without warranty
# of any kind. Microsoft further disclaims all implied warranties including, without
# limitation, any implied warranties of merchantability or of fitness for a particular
# purpose. The entire risk arising out of the use or performance of the sample scripts
# and documentation remains with you. In no event shall Microsoft, its authors, or
# anyone else involved in the creation, production, or delivery of the scripts be liable
# for any damages whatsoever (including, without limitation, damages for loss of business
# profits, business interruption, loss of business information, or other pecuniary loss)
# arising out of the use of or inability to use the sample scripts or documentation,
# even if Microsoft has been advised of the possibility of such damages
#
#################################################################################
# The purpose of this script is to check for certain types of
LDAP filters that may cause
# Exchange 2007 setup to fail. The script looks at all address lists, global address lists,
# and recipient policies.
#
# Requirements: This script can be run from any machine in the same forest as the Exchange
# organization. It does not require any Exchange 2007 tools to be installed - just plain
# Powershell.
#
# Syntax:
# .\CheckFilters
#
# If the script is in the path you can eliminate the ".\".
function CheckFilter([string]$filter)
{
$foundProblems = $false
for ($x = 0; $x -lt $filter.Length; $x++)
{
if ($filter[$x] -eq " ")
{
continue
}
$thisChar = $filter[$x]
if (($lastChar -eq "&" -or $lastChar -eq "|" -or $lastChar -eq "!") -and $thisChar -ne "(")
{
"Warning: an attribute name is immediately preceded by a logical operator."
$foundProblems = $true
}
if ($lastChar -eq "(" -and ($thisChar -eq "h" -or $thisChar -eq "H"))
{
# this might be homeMDB comparison... find out
if ($filter.Substring($x, 8).ToLower() -eq "homemdb=")
{
# yep it's homeMDB... is it a DN comparison?
if ($filter[$x + 8] -ne "*")
{
$domainPos = $filter.IndexOf(",DC=", $x)
# now see if there are any parentheses in that range of chars
$substring = $filter.Substring($x, $domainPos - $x)
$parenPos = $substring.IndexOf("(")
if ($parenPos -gt -1)
{
"Warning: a homeMDB value contains parentheses."
$foundProblems = $true
}
}
}
}
$lastChar = $thisChar
}
if (!($foundProblems))
{
"Filter is good."
}
}
# Find the Exchange org object
$rootDSE = [ADSI]"
LDAP://RootDSE"
$configNC = [ADSI]("LDAP://" + $rootDSE.configurationNamingContext)
$proplist = @("distinguishedName", "name", "purportedSearch")
$orgFinder = new-object System.DirectoryServices.DirectorySearcher($configNC, "(objectClass=msExchOrganizationContainer)", $proplist, [System.DirectoryServices.SearchScope]::Subtree)
$org = $orgFinder.FindOne().GetDirectoryEntry()
# First look at all Address Lists and Recipient Policies that have not yet been upgraded
$alFinder = new-object System.DirectoryServices.DirectorySearcher($org, "(&(|(objectClass=addressBookContainer)(objectClass=msExchRecipientPolicy))(purportedSearch=*))", $proplist, [System.DirectoryServices.SearchScope]::Subtree)
$alFinder.PageSize = 100
$alResults = $alFinder.FindAll()
foreach ($result in $alResults)
{
("Evaluating: " + $result.Properties["name"][0])
CheckFilter $result.Properties["purportedsearch"][0]
}
