Tuesday, December 28, 2010

How to automate the removal of the values for a user’s msExchUMDtmfMap attribute

We’ve finally completed a company wide migration from a Nortel BCM PBX to OCS 2007 R2 with Exchange UM as their auto attendant and voicemail solution just before the holidays and with migration of all the users to their new telephony solution comes a problem that the manager there and I knew we would need to address. 

Problem

This particular client I’ve been working with over the past year is a law firm that focuses on a variety of services.  One of the practices a partner manages is a group that deals with clients who constantly call for an update on their case and most of the time there are no updates because cases get dragged on by the courts.  In the old Nortel BCM solution, the manager there was able to fully control who the auto attendant can look up when a caller uses the dial by name feature but with Exchange Unified Messaging, the process of generating these lookup entries are automatic.  So what do I mean by automatic?  The way that Exchange Unified Messaging performs lookups for users is actually through the attribute: msExchUMDtmfMap as shown in the following screenshot:

image

image

This can be found using the ADSIedit utility bundled with the Windows Support Tools that allows you to edit the Active Directory database.  All you need to do is open this utility, connect to the domain containing the user object, navigate to the OU and open up the properties window:

image

The process of removing the values this way are quite straight forward but the behavior of Exchange Unified Messaging is to run the GAL Grammar generation according to a schedule and this happens every night.  To see the schedule, you can execute the following PowerShell cmdlet:

Get-UMServer | fl

…which will output something similar to this:

[PS] C:\Documents and Settings\tluk>Get-UMServer | fl

Name                      : UM01
MaxCallsAllowed           : 100
MaxFaxCallsAllowed        : 100
MaxTTSSessionsAllowed     : 50
MaxASRSessionsAllowed     : 50
Status                    : Enabled
Languages                 : {en-US}
DialPlans                 : {someDialPlan}
GrammarGenerationSchedule : {Sun.2:00 AM-Sun.2:30 AM, Mon.2:00 AM-Mon.2:30 AM,
                            Tue.2:00 AM-Tue.2:30 AM, Wed.2:00 AM-Wed.2:30 AM, T
                            hu.2:00 AM-Thu.2:30 AM, Fri.2:00 AM-Fri.2:30 AM, Sa
                            t.2:00 AM-Sat.2:30 AM}
IsValid                   : True
OriginatingServer         : dc03.someCompany.com
ExchangeVersion           : 0.1 (8.0.535.0)
DistinguishedName         : CN=UM01,CN=Servers,CN=Exchange Administrative Gro
                            up (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=
                            Company,CN=Microsoft Exchange,CN=Services,CN=Confi
                            guration,DC=someCompany,DC=com
Identity                  : UM01
Guid                      : 0e5f2012-af0e-4d95-9206-1633deebf38c
ObjectCategory            : someCompany.com/Configuration/Schema/ms-Exch-Exchange
                            -Server
ObjectClass               : {top, server, msExchExchangeServer}
WhenChanged               : 11/10/2010 10:54:27 AM
WhenCreated               : 12/6/2007 12:27:23 AM

[PS] C:\Documents and Settings\tluk>

image

The idea of having to go in and removing the attribute via ADSIedit everyday wasn’t exactly all that appealing to the client so the 2 ideas I had in mind where:

1. Is there a way to disable a specific user during the generation process?

2. Somehow script the removal process with ldifde or csvde.

The answer to question #1 is that there isn’t after confirming it with Microsoft so I followed up with them about using one of the commands for #2 and I got an answer which I fully tested confirming it works.

Solution

The solution I got from Microsoft was to use the ldifde command with a ldf file used for importing.  Start by opening notepad and enter the following:

dn: CN=Terence Luk,OU=Systems Consultants,OU=SomeOU,OU=Employees,DC=someDomain,DC=com

changetype: modify

delete: msExchUMDtmfMap

-

image

**Note that you don’t need the spaces in between the 4 lines above.  They’re there because Windows Live Writer automatically inserted them.  Also note that the dash “-“ is required or the ldifde command will error out.

Save the file as an .ldf file (in this example, I used: RemoveDTMF.ldf).

To test whether you had your syntax and distinguished name entered correctly, you can execute the following command:

ldifde -i -f C:\RemoveDTMF.ldf

image

Once you hit enter, you should see something similar to the following output:

Connecting to "someDC.someDomain.com"

Logging in as current user using SSPI

Importing directory from file "C:\RemoveDTMF.ldf"

Loading entries..

1 entry modified successfully.

The command has completed successfully

C:\>

image

Now when you browse the properties of the user object, you should see the variable with the value set as <Not Set>:

image

image

If you want to retest this again, you can force Exchange to regenerate these values for the users in the dialplan by executing:

galgrammargenerator.exe -d dialPlanName

This command can be found in the <drive where you’ve installed Exchange>\Program Files\Microsoft\Exchange Server\Bin.  Once executed, this will generate the DTMF mappings for all the UM enabled users within the dial plan you’ve specified and output something similar to the following:

E:\Program Files\Microsoft\Exchange Server\Bin>GALGRAMMARGENERATOR.exe -d officeDialPlan

======================

GalGrammarGenerator started. Time: 12/27/2010 8:00:02 PM

GalGrammarGenerator finished. Time: 12/27/2010 8:00:03 PM

E:\Program Files\Microsoft\Exchange Server\Bin>

image

From here on, you should be able to create a batch file that executes this command with the .ldf file you’ve created to remove the DTMF mappings for as many users as you like through scheduling this with Windows Scheduled Tasks:

image

It’s important to note that in order to execute this ldifde command, you will need the appropriate permissions to the domain so the account you specify for the scheduled task will need permissions to remove the values of this attribute for users.

Potential problems you may encounter

While testing this ldifde command out, I ran into 3 problems that I thought is worth mentioning here:

Potential Problem #1 – Incorrect Distinguished Name entered

If you did not type in the distinguished name properly for the ldf file, you will receive the following output when executing ldifde command:

C:\>Ldifde -i -f C:\RemoveDTMF.ldf

Connecting to "someDC.someDomain.com"

Logging in as current user using SSPI

Importing directory from file "C:\RemoveDTMF.ldf"

Loading entries.

Add error on line 1: No Such Object

The server side error is "Directory object not found."

0 entries modified successfully.

An error has occurred in the program

No log files were written. In order to generate a log file, please

specify the log file path via the -j option.

C:\>

image

If you receive this error, you probably have the incorrect DN (distinguished name) specified for the user object in your ldf file. To avoid errors especially when the domain has a lot of OUs nested, I would suggest opening up the user object’s properties to copy and paste the distinguishedName attribute value:

image

Potential Problem #2 – Missing “-“ in the ldf file

image

If you forget to include the “-“ at the end of the the 3 lines entered in the ldf file, you will receive the following error:

C:\>ldifde -i -f c:\RemoveDTMF.ldf

Connecting to "someDC.someDomain.com"

Logging in as current user using SSPI

Importing directory from file "c:\RemoveDTMF.ldf"

Loading entries.

There is a syntax error in the input file

Failed on line 3. The last token starts with 'm'.

The change-modify entry is missing the terminator '-'.

0 entries modified successfully.

An error has occurred in the program

No log files were written. In order to generate a log file, please

specify the log file path via the -j option.

C:\>

image

Simply include the “-“ (without the quotes) at the end of the 3 lines you’ve specified for the user and this error will go away.

Potential Problem #3 – There are no values for the msExchUMDtmfMap attribute

You will receive the following error from the ldifde command if the user object you specify does not have any values in the msExchUMDtmfMap attribute:

C:\>Ldifde -i -f C:\RemoveDTMF.ldf

Connecting to "someDC.someDomain.com"

Logging in as current user using SSPI

Importing directory from file "C:\RemoveDTMF.ldf"

Loading entries.

Add error on line 1: No Such Attribute

The server side error is "The attribute specified in the operation is not presen

t on the object."

0 entries modified successfully.

An error has occurred in the program

No log files were written. In order to generate a log file, please

specify the log file path via the -j option.

C:\>

image

While there really isn’t any harm done here, you should try to schedule this task sometime after the attribute values have been created for the user.

1 comment:

Aries Purwantoro said...

Hi.
My name is Aries.

Can you help me?
I want to modify several attributes in one DN like this
Job title from Department Head become Division Head
Department from Human Resources become Marketing
Office from Jakarta become Bali

so I set
dn: CN=tes2012,OU=User,DC=contoso,DC=com
changetype: modify
replace: title
title: Division Head

and what next ??

thanks for your help