Solved

Filter Default GAL for OWA in Exchange 2013 CU5

Posted on 2014-07-30
4
590 Views
Last Modified: 2014-08-27
I am currently running Exchange 2010 sp3 and have a setup where we are providing email services to independent contractors who connect to us for email primarily using webmail.  We do not wish for the contractors to see each other in their address books.  We have long used the msExchQueryBaseDN attribute in AD to specify an OU which has just a couple of corporate mail contacts in it and this is what all users see as the only entries in their address list when using outlook web app.

I have stood up our Exchange 2013 CU5 environment and have moved a few test users over to it.  Unfortunately the directory does not even appear in OWA when composing a new message and brining up the address book (only the user's contacts appear).  If I return the msExchQueryBaseDN attribute to NULL value, the directory appears with ALL objects in it of course.

I initially thought maybe this type of segregation was no longer supported in Exchange 2013, but I found that in fact there is a new powershell command to set it in 2013 (Set-Mailbox -Identity Test User -QueryBaseDN "OU=Corp,DC=Domain,DC=Root").  Previously we had to do this manually in AD.

Should this type of filtering still work?  Any ideas why I'm seeing the behavior I am?

Note that I realize this likely could be handled by doing the following, of which I would only do as a last resort (so please don't suggest these as solutions unless using the msExchQueryBaseDN to filter the GAL is definitively no longer supported):

1) I could create an ABP for every contractor with an address list that contains only them (if I was talking about a handful, this would be OK but not really viable for hundreds).

2) I've seen info out there on filtering the MsExchSearchBase of the Default Global Address List.  I could set this to my OU which contains just the corporate contacts I wish users to see.  I don't know if this would cause any other impact though to my webmail-only users.  I also have a small subset which connect using RPC over HTTPS and we have Address Book Policies setup for each of those offices so that they only see their own office in their Global Address List so I don't think these users would be impacted either, but wanted to throw it out there.
0
Comment
Question by:Tom Giusti
  • 2
4 Comments
 

Author Comment

by:Tom Giusti
ID: 40279133
I have opened a ticket to Microsoft support for clarification since there is almost no information out there regarding this.
0
 

Accepted Solution

by:
Tom Giusti earned 0 total points
ID: 40287713
According to Microsoft:

Our Program Manager’s view on this issue is to use the Address Book Policy. Our PMs have confirmed that the QueryBaseDn attribute is no longer used for GAL segregation in Exchange 2013.

The documentation for the –QueryBaseDN switch  in the Set-Mailbox powershell cmdlet which suggests that we can still use the QueryBaseDn attribute for GAL segregation is wrong, and has been corrected. The updated documentation will be released to TechNet and should go live this week. It will be available here:
http://technet.microsoft.com/en-us/library/bb123981(v=exchg.150).aspx.  After the update, the updated topic should now state that the parameter is reserved for internal Microsoft use.
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
how to add IIS SMTP to handle application/Scanner relays into office 365.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now