Creating a Distribution List from the Results of a Query

Platform SDK: Active Directory, ADSI, and Directory Services

Creating a Distribution List from the Results of a Query

This example creates a distribution list with the results of a query for all mailboxes (using the organizationalPerson class) whose city attribute (l) is set to "New York".

Dim objRecipients As IADsContainer
Dim objNewDL As IADs
Dim ADOConn As ADODB.Connection
Dim ADOCommand As New ADODB.Command
Dim RS As ADODB.Recordset

Set objRecipients = GetObject(strRecipientsPath)

Set ADOconn = CreateObject("ADODB.Connection")
ADOconn.Provider = "ADSDSOObject"
ADOconn.Open "Active Directory Provider"
 
strADOQueryString = "<LDAP://Server>;
        (&(objectClass=organizationalPerson)(l=New York));ADsPath;subtree"
 
Set RS = ADOconn.Execute(strADOQueryString)
 
'Check to see if any records were found
If Not RS.EOF Then
    'Create a new DL
    Set objNewDL = objRecipients.Create("groupOfNames", "cn=NewDL")
 
    'Set the props
    objNewDL.Put "cn", CStr(strDisplayname)
    objNewDL.Put "uid", CStr(strAliasName)
    objNewDL.Put "mail", CStr(strSMTPAddr)
    objNewDL.Put "owner", "cn=user,cn=Recipients,ou=Site,o=Org"
    objNewDL.SetInfo
 
    While Not RS.EOF 'add every mailbox in the RS to the DL
        objNewDL.Add RS.Fields(0).Value
        RS.MoveNext
    Wend
 
End If
 
RS.Close
Set ADOConn = Nothing
Set ADOCommand = Nothing
Set RS = Nothing
Set objRecipients = Nothing
Set objNewDL = Nothing

If you want to set the Owner property on the distribution list, which allows a user to change the membership of the distribution list from the Outlook® client, you must set the Owner ("owner" in LDAP) attribute to the distinguished name of the owner's mailbox. You must also set the security descriptor for the distribution list object granting the owner's Windows NT account Modify User Attributes and Send As rights to the object. To do this, you must use either the Win32 API or the ADsSecurity object provided in the ADSI resource kit.

Notes: When using LDAP calls to an Exchange Server, you can only get the memberOf attribute if you are authenticated as the service account. Additionally, you can get the memberOf attribute on a mailbox only if you are authenticated as the primary Windows NT account of the mailbox. This is to prevent people from doing a query on the memberOf attribute and finding all the distribution lists the user is a member of, including those that have the HIDEDLMEMBERSHIP flag set.

This example is specific to Exchange Server version 5.5 and below, and is not upwardly compatible with Exchange 6.0. Management and access of Exchange 6.0 Servers should be made through the CDO Exchange Management interfaces instead.