Applies to: Exchange Server 2007 SP3, Exchange Server
2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-04-18
This topic explains how to use ADSI Edit to control which address lists a user can see when they use Microsoft Office Outlook Web Access for Microsoft Exchange Server 2007.
Before You Begin
To perform this procedure, the account you use must be delegated the following:
- The Account Operator role for the applicable
Active Directory containers.
- The Exchange View-Only Administrator role to use the
Exchange Management Shell to find address list names.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
How QuerybaseDN Is Used
The parameter querybaseDN is found on Active Directory user objects. By setting the value of querybaseDN, you can control which address list a user has access to through Outlook Web Access. You do this by assigning the distinguished name of an address list or organizational unit (OU) to the querybaseDN parameter.
The following conditions apply to the use of querybaseDN:
- If the querybaseDN parameter is not used, the user will
have access to the first global address list (GAL) that is listed
in the globalAddressList attribute for that user.
- If the querybaseDN parameter is set to a specific
address list, the user will have access only to that address
list.
- If the user uses Select Rooms in the Scheduling
Assistant, they will see only resources from the specified address
list.
- If the user uses Select Rooms in the Scheduling
Assistant, they will see only resources from the specified address
list.
- If the querybaseDN parameter is set to a specific OU and
the displayAddressLists parameter is set to
$false, the user will not have access to any address lists. If the querybaseDN parameter is set to a specific OU and the displayAddressLists parameter is set to$true, the user will have access only to users in the OU that is specified by the querybaseDN parameter.
- If the user uses Select Rooms in the Scheduling
Assistant, they will see only resources from the specified OU.
- If the user uses Select Rooms in the Scheduling
Assistant, they will see only resources from the specified OU.
Procedure
To use ADSI Edit to limit the
address lists that are available to a user
-
Open ADSI Edit.
-
Locate the user for whom you want to set an address list value.
-
Open the properties for that user, and then add the appropriate value for the querybaseDN parameter.
-
Save the changes to that user's properties.
To find the distinguished name
of an address list or organizational unit
-
Open ADSI Edit.
-
Find the address list or OU that you want to use, right-click it, and then click Properties.
-
Find the distinguished name of the OU.
To use the Exchange Management
Shell to find address lists in your organization
-
Open the Exchange Management Shell.
-
Enter Get-AddressList to return all the address lists under the All Address Lists container.
For more information about syntax and parameters, see Get-AddressList.
For More Information
For more information about address lists in Exchange 2007, see Managing Address Lists.