Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Filter Default GAL for OWA in Exchange 2013 CU5

Posted on 2014-07-30
4
Medium Priority
?
696 Views
Last Modified: 2014-08-27
I am currently running Exchange 2010 sp3 and have a setup where we are providing email services to independent contractors who connect to us for email primarily using webmail.  We do not wish for the contractors to see each other in their address books.  We have long used the msExchQueryBaseDN attribute in AD to specify an OU which has just a couple of corporate mail contacts in it and this is what all users see as the only entries in their address list when using outlook web app.

I have stood up our Exchange 2013 CU5 environment and have moved a few test users over to it.  Unfortunately the directory does not even appear in OWA when composing a new message and brining up the address book (only the user's contacts appear).  If I return the msExchQueryBaseDN attribute to NULL value, the directory appears with ALL objects in it of course.

I initially thought maybe this type of segregation was no longer supported in Exchange 2013, but I found that in fact there is a new powershell command to set it in 2013 (Set-Mailbox -Identity Test User -QueryBaseDN "OU=Corp,DC=Domain,DC=Root").  Previously we had to do this manually in AD.

Should this type of filtering still work?  Any ideas why I'm seeing the behavior I am?

Note that I realize this likely could be handled by doing the following, of which I would only do as a last resort (so please don't suggest these as solutions unless using the msExchQueryBaseDN to filter the GAL is definitively no longer supported):

1) I could create an ABP for every contractor with an address list that contains only them (if I was talking about a handful, this would be OK but not really viable for hundreds).

2) I've seen info out there on filtering the MsExchSearchBase of the Default Global Address List.  I could set this to my OU which contains just the corporate contacts I wish users to see.  I don't know if this would cause any other impact though to my webmail-only users.  I also have a small subset which connect using RPC over HTTPS and we have Address Book Policies setup for each of those offices so that they only see their own office in their Global Address List so I don't think these users would be impacted either, but wanted to throw it out there.
0
Comment
Question by:Tom Giusti
  • 2
2 Comments
 

Author Comment

by:Tom Giusti
ID: 40279133
I have opened a ticket to Microsoft support for clarification since there is almost no information out there regarding this.
0
 

Accepted Solution

by:
Tom Giusti earned 0 total points
ID: 40287713
According to Microsoft:

Our Program Manager’s view on this issue is to use the Address Book Policy. Our PMs have confirmed that the QueryBaseDn attribute is no longer used for GAL segregation in Exchange 2013.

The documentation for the –QueryBaseDN switch  in the Set-Mailbox powershell cmdlet which suggests that we can still use the QueryBaseDn attribute for GAL segregation is wrong, and has been corrected. The updated documentation will be released to TechNet and should go live this week. It will be available here:
http://technet.microsoft.com/en-us/library/bb123981(v=exchg.150).aspx.  After the update, the updated topic should now state that the parameter is reserved for internal Microsoft use.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
In this post, we will learn to set up the Group Naming policy and will see how it is going to impact the Display Name and the Email addresses of the Group.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month15 days, 1 hour left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question