Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-04-18

This topic explains how to use ADSI Edit to control which address lists a user can see when they use Microsoft Office Outlook Web Access for Microsoft Exchange Server 2007.

Before You Begin

To perform this procedure, the account you use must be delegated the following:

  • The Account Operator role for the applicable Active Directory containers.

  • The Exchange View-Only Administrator role to use the Exchange Management Shell to find address list names.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

How QuerybaseDN Is Used

The parameter querybaseDN is found on Active Directory user objects. By setting the value of querybaseDN, you can control which address list a user has access to through Outlook Web Access. You do this by assigning the distinguished name of an address list or organizational unit (OU) to the querybaseDN parameter.

The following conditions apply to the use of querybaseDN:

  • If the querybaseDN parameter is not used, the user will have access to the first global address list (GAL) that is listed in the globalAddressList attribute for that user.

  • If the querybaseDN parameter is set to a specific address list, the user will have access only to that address list.

    • If the user uses Select Rooms in the Scheduling Assistant, they will see only resources from the specified address list.

  • If the querybaseDN parameter is set to a specific OU and the displayAddressLists parameter is set to $false, the user will not have access to any address lists. If the querybaseDN parameter is set to a specific OU and the displayAddressLists parameter is set to $true, the user will have access only to users in the OU that is specified by the querybaseDN parameter.

    • If the user uses Select Rooms in the Scheduling Assistant, they will see only resources from the specified OU.

Procedure

To use ADSI Edit to limit the address lists that are available to a user

  1. Open ADSI Edit.

  2. Locate the user for whom you want to set an address list value.

  3. Open the properties for that user, and then add the appropriate value for the querybaseDN parameter.

  4. Save the changes to that user's properties.

To find the distinguished name of an address list or organizational unit

  1. Open ADSI Edit.

  2. Find the address list or OU that you want to use, right-click it, and then click Properties.

  3. Find the distinguished name of the OU.

To use the Exchange Management Shell to find address lists in your organization

  1. Open the Exchange Management Shell.

  2. Enter Get-AddressList to return all the address lists under the All Address Lists container.

For more information about syntax and parameters, see Get-AddressList.

For More Information

For more information about address lists in Exchange 2007, see Managing Address Lists.