Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-07-23
You can use ADSI Edit to control which address lists are available to users when they use Outlook Web App for Microsoft Exchange Server 2010.
Looking for other advanced management tasks for Outlook Web App? Check out Managing Outlook Web App Advanced Features.
Use ADSI Edit to limit the address lists that are available to a user
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.
- Open ADSI Edit.
- Locate the user for whom you want to set an address list
value.
- Open the properties for that user, and then add the appropriate
value for the querybaseDN parameter.
- Save the changes to that user's properties.
How QuerybaseDN Is Used
The querybaseDN parameter is found on Active Directory user objects. By setting the value of querybaseDN, you can control which address list a user has access to through Outlook Web App. You do this by assigning the distinguished name of an address list or organizational unit (OU) to the querybaseDN parameter.
The following conditions apply to the use of querybaseDN:
- If the querybaseDN parameter isn't used, the user will
have access to the first global address list (GAL) that's listed in
the globalAddressList attribute for that user.
- If the querybaseDN parameter is set to a specific
address list, the user will have access only to that address
list.
- If the user uses Select Rooms in the Scheduling
Assistant, they'll see only resources from the specified address
list.
- If the user uses Select Rooms in the Scheduling
Assistant, they'll see only resources from the specified address
list.
- If the querybaseDN parameter is set to a specific OU and
the displayAddressLists parameter is set to
$false
, the user won't have access to any address lists. If the querybaseDN parameter is set to a specific OU and the displayAddressLists parameter is set to$true
, the user will have access only to users in the OU that is specified by the querybaseDN parameter.
- If the user uses Select Rooms in the Scheduling
Assistant, they'll see only resources from the specified OU.
- If the user uses Select Rooms in the Scheduling
Assistant, they'll see only resources from the specified OU.
Use ADSI Edit to find the distinguished name of an address list or organizational unit
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Outlook Web App virtual directories" entry in the Client Access Permissions topic.
- Open ADSI Edit.
- Find the address list or OU that you want to use, right-click
it, and then click Properties.
- Find the distinguished name of the address list or OU.
Use the Shell to find address lists in your organization
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Address lists" entry in the Mailbox Permissions topic.
Enter Get-AddressList to return all the address lists under the All Address Lists container.
For more information about syntax and parameters, see Get-AddressList.