Laeeq Qazi's Exchange Server Blog

Exchange Server blog

How to set GAL for mailboxes in OWA for Exchange 2007/2010 in bulk

There is often a need that exchange administrators want they only show a specific Global Address List (GAL) to a group of mailbox users in Outlook Web Access. Microsoft has provided an Active Directory user attribute for this purpose “msExchQueryBaseDN” to do this task for an individual mailbox user, which is also mentioned in the Address List Segregation document Address List Segregation Exchange 2007.

Now here we can limit a user to either see all mail recipients (mailbox,mail contacts, mail users, distribution lists) in a specific Organizational Unit (OU) , or to see an entire GAL, in which case users may be scattered all over the Active Directory.

So if we put the distinguished name of an OU in a user’s “msExchQueryBaseDN”  then that user will only see the recipients from that OU (and sub OUs) in the Global Address List, and if we put the distinguished name of a GAL  in a user’s “msExchQueryBaseDN”  then that user will see all recipients in that GAL.

For manually doing it you will have to use some AD editor like ADSIEdit, which comes with win 2008 server by default in AD environment (for win 2003 you can find and download it with Windows support tools).

For manually setting “msExchQueryBaseDN” attribute for a single user:

1. Open ADSIEDit, and go to properties of your OrganizationalUnit and copy the distiguishedName attribute’s value.

OR

Open Exchange Management Shell and type  Get-GlobalAddressList “Your GAL Name” |FL DistinguishedName  and then copy the the distiguishedName.

2. Now locate your user in ADSIEdit and goto user properties and put the distiguishedName of the OU in the user’s property “msExchQueryBaseDN” and press ok.

3. Now goto OWA and see the  Global Address List (GAL).

But often exchange admins want to set this “msExchQueryBaseDN” attribute in bulk for many users and they dont find a script. So I wrote a PowerShell script so that this task could be performed in bulk for the mailbox users in a specific OU.

For setting  “msExchQueryBaseDN” attribute in bulk for multiple users in an OU:

#Start of the script

#This is OU where all users are placed in AD
$ouDN =”OU=YourOU,DC=ADDomain,DC=com”


#Target distinguished name of the OU
#IF u want to set a GAL instead of OU then put the DN of GAL
$targetDN=$ouDN


$objOU = New-Object System.DirectoryServices.DirectoryEntry
$objOU.path =”LDAP://”+$ouDN


#here just confiming that your DirectoryEntry AD object is valid
write-host $objOU.DistinguishedName


$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$strFilter = “(&(objectCategory=User)(homeMDB=*)(mailNickName=*))”
$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”


$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{
$objUser = $objResult.GetDirectoryEntry()


#setting the attribute
$objUser.msExchQueryBaseDN = $targetDN
$objUser.CommitChanges()


write-host (“`n”+$objUser.DisplayName +” updated”)
}


#End of the script


Note: Now first make the changes to the script lines to work for your Active Directory domain, for it you will have to just change the Distinguished Name of the OU.  Then save above lines of powershell in some txt file and save it with .ps1 extention, e.g. SetUsersGAL.ps1 and put in the Script folder in Exchange installation folder, which is normally “C:\Program Files\Microsoft\Exchange Server\Scripts”. Now open Exchange Management Shell and just enter the name of script file e.g. SetUsersGAL.ps1 and press enter and there you go.


For setting  “msExchQueryBaseDN” attribute in bulk for multiple users in an AD possibly scattered all over, and not in a specific OU:


#This script will set DN of  Default GAL on mailbox users scatterd in all over AD and having some
#specific value in Custom Attribute1, so that we can only modify some specific mailbox users


#Start of the script


#This is  distinguished name of AD domain where all users are placed


$ouDN =”DC=ADDomain,DC=com”


#Target distinguished name of the GAL (Default GAL), here u can put DN of any address list


$targetDN =”CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First  Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ADDomain,DC=,DC=com”


$objOU = New-Object System.DirectoryServices.DirectoryEntry
$objOU.path =”LDAP://”+$ouDN


#here just confiming that your DirectoryEntry AD object is valid
write-host $objOU.DistinguishedName


$objSearcher = New-Object System.DirectoryServices.DirectorySearcher


#This filter will get all mailbox users who have “myCompany” as their CustomAttribute1 in Exchange/AD
$strFilter = “(&(objectCategory=User)(homeMDB=*)(mailNickName=*)(extentionAttribute1=myCompany))”


$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”


$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{
$objUser = $objResult.GetDirectoryEntry()


#setting the attribute
$objUser.msExchQueryBaseDN = $targetDN
$objUser.CommitChanges()
write-host (“`n”+$objUser.DisplayName +” updated”)
}


#End of the script


Note: Now first make the changes to the script lines to work for your Active Directory domain, for it you will have to just change the Distinguished Name of the $ouDN and put the DN of your AD Domain. Also change the DN of the GAL in $targetDN according to your need. Then save above lines of powershell in some txt file and save it with .ps1 extention, e.g. SetUsersGAL.ps1 and put in the Script folder in Exchange installation folder, which is normally “C:\Program Files\Microsoft\Exchange Server\Scripts”. Now open Exchange Management Shell and just enter the name of script file e.g. SetUsersGAL.ps1 and press enter and there you go.


Hope that it helps you.


Regards,
Laeeq Qazi

April 11, 2010 Posted by | Exchange 2007, Exchange 2010 | , , , , | 10 Comments

   

Follow

Get every new post delivered to your Inbox.

Join 151 other followers