There is often a need that exchange administrators want they only show a specific Global Address List (GAL) to a group of mailbox users in Outlook Web Access. Microsoft has provided an Active Directory user attribute for this purpose “msExchQueryBaseDN” to do this task for an individual mailbox user, which is also mentioned in the Address List Segregation document Address List Segregation Exchange 2007.
Now here we can limit a user to either see all mail recipients (mailbox,mail contacts, mail users, distribution lists) in a specific Organizational Unit (OU) , or to see an entire GAL, in which case users may be scattered all over the Active Directory.
So if we put the distinguished name of an OU in a user’s “msExchQueryBaseDN” then that user will only see the recipients from that OU (and sub OUs) in the Global Address List, and if we put the distinguished name of a GAL in a user’s “msExchQueryBaseDN” then that user will see all recipients in that GAL.
For manually doing it you will have to use some AD editor like ADSIEdit, which comes with win 2008 server by default in AD environment (for win 2003 you can find and download it with Windows support tools).
For manually setting “msExchQueryBaseDN” attribute for a single user:
1. Open ADSIEDit, and go to properties of your OrganizationalUnit and copy the distiguishedName attribute’s value.
Open Exchange Management Shell and type Get-GlobalAddressList “Your GAL Name” |FL DistinguishedName and then copy the the distiguishedName.
2. Now locate your user in ADSIEdit and goto user properties and put the distiguishedName of the OU in the user’s property “msExchQueryBaseDN” and press ok.
3. Now goto OWA and see the Global Address List (GAL).
But often exchange admins want to set this “msExchQueryBaseDN” attribute in bulk for many users and they dont find a script. So I wrote a PowerShell script so that this task could be performed in bulk for the mailbox users in a specific OU.
For setting ”msExchQueryBaseDN” attribute in bulk for multiple users in an OU:
#Start of the script
- How to recreate Primary Hierarchy Public Folder Mailbox in Exchange 2013
- How to log ‘Exchange Management Shell’ session in Exchange 2010\2013
- Cannot invoke pipeline because runspace is not in the Opened state
- Create Mailbox on Exchange Server 2013 using C#
- No snap-ins have been registered for Windows PowerShell version 3
- Send Email via PowerShell cmdlet Send-MailMessage
- 2010 in review
- How to remove client permissions from a public folder and all its children?
- How to remove all group memberships for one exchange mailbox user
- How to uninstall Exchange Server 2007
- How to set GAL for mailboxes in OWA for Exchange 2007/2010 in bulk
- Update Rollup 2 for Exchange Server 2010 (KB979611)