Mysterious Mails, Delivery Notices, Bounced mails Vs Outlook Delegates

This is what happened to me on one fine day. An Executive Admin complaints that she was getting Exchange mail delivery notices and bounced mails (NDRs) from an unknown user. 

She said it’s pretty annoying that she sends mails to bunch of users and gets bounced mails from some unknown (or long gone) users. I assured her that I will find out the issue and solution.

I laid back with my tea and thinking about the issue. If she sends mails to someone, but she gets NDRs (delivery notices in other cases) from a user who was not in TO or CC or BCC list. I know that Outlook Delegates are gets mails and meeting requests behalf of whoever delegated. I finished my last sip of tea and said myself, That is it.  "Delegates".

I started wondering about how to find out if anyone is delegated to someone else or not. After a few Live and Google search, I found out Active Directory stores the delegates and delegated users list in User properties. The following properties has the list of delegates,


I wrote a script to find out who’s delegated to whom. I ran my script against the "bunch of users" given by Admin. Voila!!! I found the list of delegates, made some phone calls and fixed the issue.  I informed the admin with the details and she praised "IT is great!!!" as always.

If you are the guy who is sipping your coffee or tea like me thinking about the same issue, Help is on the way here in this blog.

1. Manual Lookup of delegates

1. Open the ADSIEdit.msc by typing it in Start –> Run.
2. Expand Domain [domain name] container and find the user you want to check
3. Right click on the User and select "Properties"
4. Find publicDelegates and publicDelegatesBL properties and check the value

2. Use my Script to find out the delegates

Copy and Paste the following script in Notepad and save as "Delegates.vbs" to an known location.
Open Command prompt, go the directory where you saved the Delegates.vbs file.
Run "CScript Delegates.vbs <UserAccountName>"

e.g., CScript Delegates.vbs JDoe
CScript Delegates.vbs BGates

If you find what you looking for, Thank me.

‘*********                          DELEGATES.VBS                   **********
‘********* Parameters: Active Directory User Account Name           **********
‘*********                                                          **********
‘********* This script displayes User X’s Delegates and who else is **********
‘********* delegated to User X in Exchagne 2000/2003 via Outlook.   **********
‘*********                                                          **********
‘********* Usage: Cscript Delegagtes.vbs JDoe                       **********
‘*********                                                          **********
‘********* Written By: Anand Venkatachalapathy                      **********

Dim rootDSE                 ‘LDAP Direcotry Services Object
Dim DomainContainer         ‘Currently logged On Domain
Dim conn                    ‘ADODB connection object
Dim sUID            ‘Account Name from command line parameter
Dim ldapStrUsers            ‘LDAP Query
Dim rs1                     ‘LDAP Query Result Set
Dim FoundObject             ‘LDAP Query Result value
Dim objArgs                 ‘Commmand line Arguments

‘Find the local logged on AD Domain name
Set rootDSE=GetObject("LDAP://RootDSE")
DomainContainer = rootDSE.Get("defaultNamingContext")

‘If you know your domain name, you may comment the above two lines and
‘Assign your domain name yourself. Uncomment the below line and change
‘the Domain name as below format
‘DomainContainer = "DC=local,DC=company,DC=com"

‘ Connect to Active Service Connection provder
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"

‘Get the command line parameter
Set objArgs = WScript.Arguments

If objArgs.Count = 0 Then
   WScript.Echo "Invalid Arguments!! provide a user account name as below…"
   WScript.Echo "CScript Delegates.vbs jdoe"
End If

sUID =  objArgs(0)  

‘Make a LDAP query string
ldapStrUsers = "<LDAP://" & DomainContainer & ">;(&(&(& (sAMAccountName=" & _
               sUID & ") (| (&(objectCategory=*)(objectClass=*)) ))));adspath;subtree"

‘Run the Query
Set rs1 = conn.Execute(ldapStrUsers)

‘Loop through the result set
While Not rs1.EOF
   Set FoundObject = GetObject (rs1.Fields(0).Value)
   WScript.Echo FoundObject.CN
   WScript.Echo "—————————————-"

   ‘Call the ListDelegates sub routine
   ListDelegates "LDAP://" & FoundObject.distinguishedName, FoundObject.CN

   rs1.MoveNext   ‘Move to next result

‘Free up the memory
Set rs1=Nothing
Set conn = Nothing
Set rootDSE = Nothing

‘********** Sub Routine: ListDelegates                              **********
‘********** Parameters: User’s AD Distinguished Name, Common Name   **********
‘**********                                                         **********
‘********** This sub find the provided user’s delegates and others  **********
‘********** delegated to the same user. Technically, it displays    **********
‘********** PublicDelegates and PublicDelegatesBL values from the   **********
‘********** Active Directory User Properties                        **********
Sub ListDelegates(sDN, sCN)
    Dim oUser   ‘User Object
    Dim objRecip ‘Dummy User Object

    Set oUser = GetObject (sDN)
    Set objRecip = oUser
    WScript.Echo "Users Delegated to " & sCN
    vDelegates = objRecip.publicDelegates
    nDelegates = UBound(vDelegates)
    If nDelegates > 0 Then
        i = 0
        Do While i <= nDelegates
            WScript.Echo vDelegates(i)
            i = i + 1
    End If
    WScript.Echo sCN & " delegated to these users "
    vDelegates = objRecip.publicDelegatesBL
    nDelegates = UBound(vDelegates)
    If nDelegates > 0 Then
        i = 0
        Do While i <= nDelegates
            WScript.Echo vDelegates(i)
            i = i + 1
    End If

    objRecip = Nothing
    oUser = Nothing
End Sub


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s