Address books based on OU

surprise.alberto · Joined: 05 Aug 2007 Posts: 1

In Exchange 5.5 I had one address book for each container (OU). Since I
migrated to Exchange 2k3 I have only one Global Address List. I would like to
recreate one address book for each container (i.e. 1 for Suppliers and 1 for
Customers). How can I do?

I can create a query-based distribution group because I can filter object by
container; but I do not know how to do so for Address lists. Moreover I would
not like to set any additional Attribute.

Archived from group: microsoft>public>exchange>applications

surprise.alberto · Joined: 05 Aug 2007 Posts: 3

My users are using Outlook. Can they see only one offline address book at a
time?

OU helps me in organizing contacts and finding them quickly. Why did you
wrote "if you really want to go through the pain"? Don't you think it is
useful to group the contacts in some way?

"Dave Goldman [MSFT]" wrote:

> Exchange 5.5 used address book views and Exchange 2000 and all other
> versions use Offline Address Books which is a copy of the gal. If you really
> want to go through the pain you can create an Offline Address List with a
> customer filter (tied to a custom attribute on a user) and have separate
> address lists. Using the msExchQueryBaseDN attribute will only work if the
> users are using OWA. OWA and Outlook clients view the GAL differently and
> you can not restrict users of Outlook to do this unless you are (A. Using a
> HMC - Hosting solution, or B. Creating custom filtered OAB's for your
> users).
>
> If you choose option B. you will need to set the msExchUseOAB attribute on
> your users ad object to override the one that we read from the information
> store to force them to download that particular OAB. Users will always
> download the OAB that is associated with their mailbox store, unless you set
> that attribute.
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> Dgoldman
> http://blogs.msdn.com/dgoldman
>
>
> "surprise.alberto" wrote in
> message @microsoft.com...
> > In Exchange 5.5 I had one address book for each container (OU). Since I
> > migrated to Exchange 2k3 I have only one Global Address List. I would like
> > to
> > recreate one address book for each container (i.e. 1 for Suppliers and 1
> > for
> > Customers). How can I do?
> >
> > I can create a query-based distribution group because I can filter object
> > by
> > container; but I do not know how to do so for Address lists. Moreover I
> > would
> > not like to set any additional Attribute.
>
>

surprise.alberto · Joined: 05 Aug 2007 Posts: 3

I agree with you: it is better if everyone can have full access to the GAL. I
do not want to restrict the access to the GAL, but only providing additional
address lists to improve the user-experience of finding a customer or a
supplier!

I would like that every user has 3 address lists: one with all address, one
with addresses of suppliers and one with addresses of customers. The default
for everybody is the first one, but everybody should be able to see also
other address books.

The first 2 steps that you described are for creating an address book: I
understand that this is a manual way and I do not like it as well. Is there
any other way to select the contacts in an OU without adding this custom
attribute?

The other steps are for assigning a default address book to the single user:
I do not want to do this, therefore I ignore these part of the procedure.
However some doubts arise by your comments: if it is so complicated to
distribute address books to Outlook clients, are they created only for
hosting purposes?

"Dave Goldman [MSFT]" wrote:

> What you want to do is considered hosting which does this for you but is a
> separate solution from the typical exchange installation. What I mean going
> through the pain is that this is manual process and can take a lot of time
> to do, see example below:
>
> 1. Stamp each object in a particular organizational unit with a custom
> attribute (say custom attribute 10 - sales).
> 2. Then create your OAB with the search filter that searches based on custom
> attribute 10 that is equal to sales
> 3. Then either create a separate mailbox store for each group so they can
> download that OAB that is stamped on the store (which you probably cant do
> due to limitations of having 20 stores max), so you will then need to:
> 4. Stamp each user in each OUR with the distinguishedName of the OAB that
> they are going to download. If these are just say sales users then you would
> need to modify the msExchUseOAB attribute and populate that with the
> distinguishedName from the Sales OAB. This way when the Outlook client logs
> in to the information store and tries to obtain the distinguishedName so
> they can download the OAB we will see that we are pre-populate with a
> distinguishedName and download just that OAB.
> 5. Then if you want to get in to permissions so no one can see each others
> you have to figure out how to do this. I wont give any recommendations on
> this because I highly suggest that you don't try this due to the
> ramifications that come with trying to perform these steps.
>
> Personally I don't think so because unless you are hosting or have some
> reasons for your users not to see everybody I think it is useful for them to
> have full access to the global address list. If you have a business
> justification that requires this, then you will have to do it otherwise I
> think you are ok the way you are.
>

Dave Goldman [MSFT] · Joined: 05 Aug 2007 Posts: 24

Exchange 5.5 used address book views and Exchange 2000 and all other
versions use Offline Address Books which is a copy of the gal. If you really
want to go through the pain you can create an Offline Address List with a
customer filter (tied to a custom attribute on a user) and have separate
address lists. Using the msExchQueryBaseDN attribute will only work if the
users are using OWA. OWA and Outlook clients view the GAL differently and
you can not restrict users of Outlook to do this unless you are (A. Using a
HMC - Hosting solution, or B. Creating custom filtered OAB's for your
users).

If you choose option B. you will need to set the msExchUseOAB attribute on
your users ad object to override the one that we read from the information
store to force them to download that particular OAB. Users will always
download the OAB that is associated with their mailbox store, unless you set
that attribute.

--
This posting is provided "AS IS" with no warranties, and confers no rights.

Dgoldman
http://blogs.msdn.com/dgoldman

"surprise.alberto" wrote in
message @microsoft.com...
> In Exchange 5.5 I had one address book for each container (OU). Since I
> migrated to Exchange 2k3 I have only one Global Address List. I would like
> to
> recreate one address book for each container (i.e. 1 for Suppliers and 1
> for
> Customers). How can I do?
>
> I can create a query-based distribution group because I can filter object
> by
> container; but I do not know how to do so for Address lists. Moreover I
> would
> not like to set any additional Attribute.

Dave Goldman [MSFT] · Joined: 05 Aug 2007 Posts: 24

What you want to do is considered hosting which does this for you but is a
separate solution from the typical exchange installation. What I mean going
through the pain is that this is manual process and can take a lot of time
to do, see example below:

1. Stamp each object in a particular organizational unit with a custom
attribute (say custom attribute 10 - sales).
2. Then create your OAB with the search filter that searches based on custom
attribute 10 that is equal to sales
3. Then either create a separate mailbox store for each group so they can
download that OAB that is stamped on the store (which you probably cant do
due to limitations of having 20 stores max), so you will then need to:
4. Stamp each user in each OUR with the distinguishedName of the OAB that
they are going to download. If these are just say sales users then you would
need to modify the msExchUseOAB attribute and populate that with the
distinguishedName from the Sales OAB. This way when the Outlook client logs
in to the information store and tries to obtain the distinguishedName so
they can download the OAB we will see that we are pre-populate with a
distinguishedName and download just that OAB.
5. Then if you want to get in to permissions so no one can see each others
you have to figure out how to do this. I wont give any recommendations on
this because I highly suggest that you don't try this due to the
ramifications that come with trying to perform these steps.

Personally I don't think so because unless you are hosting or have some
reasons for your users not to see everybody I think it is useful for them to
have full access to the global address list. If you have a business
justification that requires this, then you will have to do it otherwise I
think you are ok the way you are.

--
This posting is provided "AS IS" with no warranties, and confers no rights.

Dgoldman
http://blogs.msdn.com/dgoldman

"surprise.alberto" wrote in
message @microsoft.com...
> My users are using Outlook. Can they see only one offline address book at
> a
> time?
>
> OU helps me in organizing contacts and finding them quickly. Why did you
> wrote "if you really want to go through the pain"? Don't you think it is
> useful to group the contacts in some way?
>
> "Dave Goldman [MSFT]" wrote:
>
>> Exchange 5.5 used address book views and Exchange 2000 and all other
>> versions use Offline Address Books which is a copy of the gal. If you
>> really
>> want to go through the pain you can create an Offline Address List with a
>> customer filter (tied to a custom attribute on a user) and have separate
>> address lists. Using the msExchQueryBaseDN attribute will only work if
>> the
>> users are using OWA. OWA and Outlook clients view the GAL differently and
>> you can not restrict users of Outlook to do this unless you are (A. Using
>> a
>> HMC - Hosting solution, or B. Creating custom filtered OAB's for your
>> users).
>>
>> If you choose option B. you will need to set the msExchUseOAB attribute
>> on
>> your users ad object to override the one that we read from the
>> information
>> store to force them to download that particular OAB. Users will always
>> download the OAB that is associated with their mailbox store, unless you
>> set
>> that attribute.
>>
>> --
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> Dgoldman
>> http://blogs.msdn.com/dgoldman
>>
>>
>> "surprise.alberto" wrote in
>> message @microsoft.com...
>> > In Exchange 5.5 I had one address book for each container (OU). Since I
>> > migrated to Exchange 2k3 I have only one Global Address List. I would
>> > like
>> > to
>> > recreate one address book for each container (i.e. 1 for Suppliers and
>> > 1
>> > for
>> > Customers). How can I do?
>> >
>> > I can create a query-based distribution group because I can filter
>> > object
>> > by
>> > container; but I do not know how to do so for Address lists. Moreover I
>> > would
>> > not like to set any additional Attribute.
>>
>>

Dave Goldman [MSFT] · Joined: 05 Aug 2007 Posts: 24

Contacts get stamped with different MAPI properties so you should be able to
add contacts to your filter. And if you skip adding the msExchUseOAB
attribute your uses will only download the oab that is associated with the
mailbox store they reside on. This is the only way around it unless you want
to create a mailbox store for each group of users or move to a hosting
solution.

--
This posting is provided "AS IS" with no warranties, and confers no rights.

Dgoldman
http://blogs.msdn.com/dgoldman

"surprise.alberto" wrote in
message @microsoft.com...
>I agree with you: it is better if everyone can have full access to the GAL.
>I
> do not want to restrict the access to the GAL, but only providing
> additional
> address lists to improve the user-experience of finding a customer or a
> supplier!
>
> I would like that every user has 3 address lists: one with all address,
> one
> with addresses of suppliers and one with addresses of customers. The
> default
> for everybody is the first one, but everybody should be able to see also
> other address books.
>
> The first 2 steps that you described are for creating an address book: I
> understand that this is a manual way and I do not like it as well. Is
> there
> any other way to select the contacts in an OU without adding this custom
> attribute?
>
> The other steps are for assigning a default address book to the single
> user:
> I do not want to do this, therefore I ignore these part of the procedure.
> However some doubts arise by your comments: if it is so complicated to
> distribute address books to Outlook clients, are they created only for
> hosting purposes?
>
> "Dave Goldman [MSFT]" wrote:
>
>> What you want to do is considered hosting which does this for you but is
>> a
>> separate solution from the typical exchange installation. What I mean
>> going
>> through the pain is that this is manual process and can take a lot of
>> time
>> to do, see example below:
>>
>> 1. Stamp each object in a particular organizational unit with a custom
>> attribute (say custom attribute 10 - sales).
>> 2. Then create your OAB with the search filter that searches based on
>> custom
>> attribute 10 that is equal to sales
>> 3. Then either create a separate mailbox store for each group so they can
>> download that OAB that is stamped on the store (which you probably cant
>> do
>> due to limitations of having 20 stores max), so you will then need to:
>> 4. Stamp each user in each OUR with the distinguishedName of the OAB that
>> they are going to download. If these are just say sales users then you
>> would
>> need to modify the msExchUseOAB attribute and populate that with the
>> distinguishedName from the Sales OAB. This way when the Outlook client
>> logs
>> in to the information store and tries to obtain the distinguishedName so
>> they can download the OAB we will see that we are pre-populate with a
>> distinguishedName and download just that OAB.
>> 5. Then if you want to get in to permissions so no one can see each
>> others
>> you have to figure out how to do this. I wont give any recommendations on
>> this because I highly suggest that you don't try this due to the
>> ramifications that come with trying to perform these steps.
>>
>> Personally I don't think so because unless you are hosting or have some
>> reasons for your users not to see everybody I think it is useful for them
>> to
>> have full access to the global address list. If you have a business
>> justification that requires this, then you will have to do it otherwise I
>> think you are ok the way you are.
>>
>

surprise.alberto · Joined: 05 Aug 2007 Posts: 3

Really sorry, but the situation is still not clear for me:
- you said that users using Outlook 2k3 will download ONLY the default oab
of the mailbox store (or the one written in msExchUseOAB attribute of the
user)
- in "Understanding Address Lists" and following chapters of E2k3AdminGuide
is written "Client applications, such as Outlook 2003, display the AVAILABLE
address lists that Exchange provides"
What is true?
I have downloaded the English version of the admin guide to use the exact
words; probably what I need is called a subcategory of the address book.

"Dave Goldman [MSFT]" wrote:

> Contacts get stamped with different MAPI properties so you should be able to
> add contacts to your filter. And if you skip adding the msExchUseOAB
> attribute your uses will only download the oab that is associated with the
> mailbox store they reside on. This is the only way around it unless you want
> to create a mailbox store for each group of users or move to a hosting
> solution.
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> Dgoldman
> http://blogs.msdn.com/dgoldman
>
>
> "surprise.alberto" wrote in
> message @microsoft.com...
> >I agree with you: it is better if everyone can have full access to the GAL.
> >I
> > do not want to restrict the access to the GAL, but only providing
> > additional
> > address lists to improve the user-experience of finding a customer or a
> > supplier!
> >
> > I would like that every user has 3 address lists: one with all address,
> > one
> > with addresses of suppliers and one with addresses of customers. The
> > default
> > for everybody is the first one, but everybody should be able to see also
> > other address books.
> >
> > The first 2 steps that you described are for creating an address book: I
> > understand that this is a manual way and I do not like it as well. Is
> > there
> > any other way to select the contacts in an OU without adding this custom
> > attribute?
> >
> > The other steps are for assigning a default address book to the single
> > user:
> > I do not want to do this, therefore I ignore these part of the procedure.
> > However some doubts arise by your comments: if it is so complicated to
> > distribute address books to Outlook clients, are they created only for
> > hosting purposes?
> >
> > "Dave Goldman [MSFT]" wrote:
> >
> >> What you want to do is considered hosting which does this for you but is
> >> a
> >> separate solution from the typical exchange installation. What I mean
> >> going
> >> through the pain is that this is manual process and can take a lot of
> >> time
> >> to do, see example below:
> >>
> >> 1. Stamp each object in a particular organizational unit with a custom
> >> attribute (say custom attribute 10 - sales).
> >> 2. Then create your OAB with the search filter that searches based on
> >> custom
> >> attribute 10 that is equal to sales
> >> 3. Then either create a separate mailbox store for each group so they can
> >> download that OAB that is stamped on the store (which you probably cant
> >> do
> >> due to limitations of having 20 stores max), so you will then need to:
> >> 4. Stamp each user in each OUR with the distinguishedName of the OAB that
> >> they are going to download. If these are just say sales users then you
> >> would
> >> need to modify the msExchUseOAB attribute and populate that with the
> >> distinguishedName from the Sales OAB. This way when the Outlook client
> >> logs
> >> in to the information store and tries to obtain the distinguishedName so
> >> they can download the OAB we will see that we are pre-populate with a
> >> distinguishedName and download just that OAB.
> >> 5. Then if you want to get in to permissions so no one can see each
> >> others
> >> you have to figure out how to do this. I wont give any recommendations on
> >> this because I highly suggest that you don't try this due to the
> >> ramifications that come with trying to perform these steps.
> >>
> >> Personally I don't think so because unless you are hosting or have some
> >> reasons for your users not to see everybody I think it is useful for them
> >> to
> >> have full access to the global address list. If you have a business
> >> justification that requires this, then you will have to do it otherwise I
> >> think you are ok the way you are.
> >>
> >
>
>

Dave Goldman [MSFT] · Joined: 05 Aug 2007 Posts: 24

If the msExchUseOAB attribute is not populates on the user it will get this
value from the mailbox store that the user resides on which is by default -
the default offline address list. Outlook will build a hierarchical view of
all of the address lists when it logs on (All Contacts, All Users, etc) and
the user can see from each of these, unless they are restricted by
permissions which I do not suggest.

--
This posting is provided "AS IS" with no warranties, and confers no rights.

Dgoldman
http://blogs.msdn.com/dgoldman

"surprise.alberto" wrote in
message @microsoft.com...
> Really sorry, but the situation is still not clear for me:
> - you said that users using Outlook 2k3 will download ONLY the default oab
> of the mailbox store (or the one written in msExchUseOAB attribute of the
> user)
> - in "Understanding Address Lists" and following chapters of
> E2k3AdminGuide
> is written "Client applications, such as Outlook 2003, display the
> AVAILABLE
> address lists that Exchange provides"
> What is true?
> I have downloaded the English version of the admin guide to use the exact
> words; probably what I need is called a subcategory of the address book.
>
> "Dave Goldman [MSFT]" wrote:
>
>> Contacts get stamped with different MAPI properties so you should be able
>> to
>> add contacts to your filter. And if you skip adding the msExchUseOAB
>> attribute your uses will only download the oab that is associated with
>> the
>> mailbox store they reside on. This is the only way around it unless you
>> want
>> to create a mailbox store for each group of users or move to a hosting
>> solution.
>>
>> --
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> Dgoldman
>> http://blogs.msdn.com/dgoldman
>>
>>
>> "surprise.alberto" wrote in
>> message @microsoft.com...
>> >I agree with you: it is better if everyone can have full access to the
>> >GAL.
>> >I
>> > do not want to restrict the access to the GAL, but only providing
>> > additional
>> > address lists to improve the user-experience of finding a customer or a
>> > supplier!
>> >
>> > I would like that every user has 3 address lists: one with all address,
>> > one
>> > with addresses of suppliers and one with addresses of customers. The
>> > default
>> > for everybody is the first one, but everybody should be able to see
>> > also
>> > other address books.
>> >
>> > The first 2 steps that you described are for creating an address book:
>> > I
>> > understand that this is a manual way and I do not like it as well. Is
>> > there
>> > any other way to select the contacts in an OU without adding this
>> > custom
>> > attribute?
>> >
>> > The other steps are for assigning a default address book to the single
>> > user:
>> > I do not want to do this, therefore I ignore these part of the
>> > procedure.
>> > However some doubts arise by your comments: if it is so complicated to
>> > distribute address books to Outlook clients, are they created only for
>> > hosting purposes?
>> >
>> > "Dave Goldman [MSFT]" wrote:
>> >
>> >> What you want to do is considered hosting which does this for you but
>> >> is
>> >> a
>> >> separate solution from the typical exchange installation. What I mean
>> >> going
>> >> through the pain is that this is manual process and can take a lot of
>> >> time
>> >> to do, see example below:
>> >>
>> >> 1. Stamp each object in a particular organizational unit with a custom
>> >> attribute (say custom attribute 10 - sales).
>> >> 2. Then create your OAB with the search filter that searches based on
>> >> custom
>> >> attribute 10 that is equal to sales
>> >> 3. Then either create a separate mailbox store for each group so they
>> >> can
>> >> download that OAB that is stamped on the store (which you probably
>> >> cant
>> >> do
>> >> due to limitations of having 20 stores max), so you will then need to:
>> >> 4. Stamp each user in each OUR with the distinguishedName of the OAB
>> >> that
>> >> they are going to download. If these are just say sales users then you
>> >> would
>> >> need to modify the msExchUseOAB attribute and populate that with the
>> >> distinguishedName from the Sales OAB. This way when the Outlook client
>> >> logs
>> >> in to the information store and tries to obtain the distinguishedName
>> >> so
>> >> they can download the OAB we will see that we are pre-populate with a
>> >> distinguishedName and download just that OAB.
>> >> 5. Then if you want to get in to permissions so no one can see each
>> >> others
>> >> you have to figure out how to do this. I wont give any recommendations
>> >> on
>> >> this because I highly suggest that you don't try this due to the
>> >> ramifications that come with trying to perform these steps.
>> >>
>> >> Personally I don't think so because unless you are hosting or have
>> >> some
>> >> reasons for your users not to see everybody I think it is useful for
>> >> them
>> >> to
>> >> have full access to the global address list. If you have a business
>> >> justification that requires this, then you will have to do it
>> >> otherwise I
>> >> think you are ok the way you are.
>> >>
>> >
>>
>>