Keeping Mail server accounts in sync with AD Users

[jdyck]

OK, I’ve setup an IMAP mail server on OS X server (a test box for now), and set it to use an OD group that consists of a bunch of AD groups. I’ve also added the Apple_Mail_User attribute to the AD schema to allow me the ability to set mail quotas for AD users.

Everything is working fantastic…. except….

I want this all to keep in sync with our AD users. We have a lot of new people coming in, old people leaving, etc. I’d like to be able to delete the AD user when someone leaves, and have that folder deleted on the Mail server.

Unfortunately, the way things seem to work by default, when I delete the AD user, they are no longer able to log into their email, but their folders remain on the server.

I *can* go in, edit the permissions on their folder, then delete them with SirAdmin (and I’m sure with the command line Cyradmin), but that’s not a very efficient system.

Any ideas for automating this? When an AD account gets deleted, the mailbox for that user also gets deleted?

Thanks in advance.

[jdyck]

Anybody? I’m just about ready to order a fancy new X-Serve for this, but am hesitant if it’s going to mean that much maintenance work as people leave…

[mgnicks]

Hello JDyck,

I am also looking into adding the mail attribute to the ad schema, but am unsure as to how to go about it.

How should the attribute be entered into the schema. I cannot find any information on how the entries should look, and i don’t really know where to start since it will be the first time i will have done this. Any help would be fantastic.

I have registered the dll for the ad schema snap-in already and looked around but that is all. I will also be testing this on a test AD first!!

I was looking at just enabling mail through the SACL but I also require the quota function.

Thanks for any help that you can give.

😀

[Author]

Posts