Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Filter Default GAL for OWA in Exchange 2013 CU5

Posted on 2014-07-30
4
628 Views
Last Modified: 2014-08-27
I am currently running Exchange 2010 sp3 and have a setup where we are providing email services to independent contractors who connect to us for email primarily using webmail.  We do not wish for the contractors to see each other in their address books.  We have long used the msExchQueryBaseDN attribute in AD to specify an OU which has just a couple of corporate mail contacts in it and this is what all users see as the only entries in their address list when using outlook web app.

I have stood up our Exchange 2013 CU5 environment and have moved a few test users over to it.  Unfortunately the directory does not even appear in OWA when composing a new message and brining up the address book (only the user's contacts appear).  If I return the msExchQueryBaseDN attribute to NULL value, the directory appears with ALL objects in it of course.

I initially thought maybe this type of segregation was no longer supported in Exchange 2013, but I found that in fact there is a new powershell command to set it in 2013 (Set-Mailbox -Identity Test User -QueryBaseDN "OU=Corp,DC=Domain,DC=Root").  Previously we had to do this manually in AD.

Should this type of filtering still work?  Any ideas why I'm seeing the behavior I am?

Note that I realize this likely could be handled by doing the following, of which I would only do as a last resort (so please don't suggest these as solutions unless using the msExchQueryBaseDN to filter the GAL is definitively no longer supported):

1) I could create an ABP for every contractor with an address list that contains only them (if I was talking about a handful, this would be OK but not really viable for hundreds).

2) I've seen info out there on filtering the MsExchSearchBase of the Default Global Address List.  I could set this to my OU which contains just the corporate contacts I wish users to see.  I don't know if this would cause any other impact though to my webmail-only users.  I also have a small subset which connect using RPC over HTTPS and we have Address Book Policies setup for each of those offices so that they only see their own office in their Global Address List so I don't think these users would be impacted either, but wanted to throw it out there.
0
Comment
Question by:Tom Giusti
  • 2
4 Comments
 

Author Comment

by:Tom Giusti
ID: 40279133
I have opened a ticket to Microsoft support for clarification since there is almost no information out there regarding this.
0
 

Accepted Solution

by:
Tom Giusti earned 0 total points
ID: 40287713
According to Microsoft:

Our Program Manager’s view on this issue is to use the Address Book Policy. Our PMs have confirmed that the QueryBaseDn attribute is no longer used for GAL segregation in Exchange 2013.

The documentation for the –QueryBaseDN switch  in the Set-Mailbox powershell cmdlet which suggests that we can still use the QueryBaseDn attribute for GAL segregation is wrong, and has been corrected. The updated documentation will be released to TechNet and should go live this week. It will be available here:
http://technet.microsoft.com/en-us/library/bb123981(v=exchg.150).aspx.  After the update, the updated topic should now state that the parameter is reserved for internal Microsoft use.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This article explains how to install and use the NTBackup utility that comes with Windows Server.
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question