Tuesday, October 8, 2013

Using Varonis to find misconfigured Exchange mailboxes

One of the wonderful features of Varonis DatAdvantage is the 3d-Users and Groups List report.  On the surface it is just a list of all of the users and groups in the domain, but with the creative use of filters and the Extended Properties, you can answer a lot of useful questions.

For example, during the migration of mailboxes from Exchange 2003 to Exchange 2010, there are mailboxes where certain attributes may not be updated correctly and will become obvious once the old Exchange server is shut down  One of these is the user's homeMTA.  If you look at the field it will be something like this.

CN=Microsoft MTA\0ADEL:097a9a78-54ae-4d27-a101-5daf2d0a30b5,CN=Deleted Objects,CN=Configuration,DC=Company,DC=com

As you can see, the MTA is listed as being deleted and needs to be corrected.  One way to identify these in Varonis is to used the 3d report.

First we have to add homeMTA to the Extended Properties.  As the Active Directory attributes are typically pulled once a night, we need to run the AD Walk and then the Pull AD jobs manually.

Then we can move on to reporting in 3d and develop a query like this:



The key component is to look for the "DEL" phrase in the homeMTA field.

Run this report and now you have a list of mailboxes to fix.

Once again, the 3d-report can be your best friend.