Laeeq Qazi's Exchange Server Blog

Exchange Server blog

How to set GAL for mailboxes in OWA for Exchange 2007/2010 in bulk

There is often a need that exchange administrators want they only show a specific Global Address List (GAL) to a group of mailbox users in Outlook Web Access. Microsoft has provided an Active Directory user attribute for this purpose “msExchQueryBaseDN” to do this task for an individual mailbox user, which is also mentioned in the Address List Segregation document Address List Segregation Exchange 2007.

Now here we can limit a user to either see all mail recipients (mailbox,mail contacts, mail users, distribution lists) in a specific Organizational Unit (OU) , or to see an entire GAL, in which case users may be scattered all over the Active Directory.

So if we put the distinguished name of an OU in a user’s “msExchQueryBaseDN”  then that user will only see the recipients from that OU (and sub OUs) in the Global Address List, and if we put the distinguished name of a GAL  in a user’s “msExchQueryBaseDN”  then that user will see all recipients in that GAL.

For manually doing it you will have to use some AD editor like ADSIEdit, which comes with win 2008 server by default in AD environment (for win 2003 you can find and download it with Windows support tools).

For manually setting “msExchQueryBaseDN” attribute for a single user:

1. Open ADSIEDit, and go to properties of your OrganizationalUnit and copy the distiguishedName attribute’s value.

OR

Open Exchange Management Shell and type  Get-GlobalAddressList “Your GAL Name” |FL DistinguishedName  and then copy the the distiguishedName.

2. Now locate your user in ADSIEdit and goto user properties and put the distiguishedName of the OU in the user’s property “msExchQueryBaseDN” and press ok.

3. Now goto OWA and see the  Global Address List (GAL).

But often exchange admins want to set this “msExchQueryBaseDN” attribute in bulk for many users and they dont find a script. So I wrote a PowerShell script so that this task could be performed in bulk for the mailbox users in a specific OU.

For setting  “msExchQueryBaseDN” attribute in bulk for multiple users in an OU:

#Start of the script

#This is OU where all users are placed in AD
$ouDN =”OU=YourOU,DC=ADDomain,DC=com”


#Target distinguished name of the OU
#IF u want to set a GAL instead of OU then put the DN of GAL
$targetDN=$ouDN


$objOU = New-Object System.DirectoryServices.DirectoryEntry
$objOU.path =”LDAP://”+$ouDN


#here just confiming that your DirectoryEntry AD object is valid
write-host $objOU.DistinguishedName


$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$strFilter = “(&(objectCategory=User)(homeMDB=*)(mailNickName=*))”
$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”


$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{
$objUser = $objResult.GetDirectoryEntry()


#setting the attribute
$objUser.msExchQueryBaseDN = $targetDN
$objUser.CommitChanges()


write-host (“`n”+$objUser.DisplayName +” updated”)
}


#End of the script


Note: Now first make the changes to the script lines to work for your Active Directory domain, for it you will have to just change the Distinguished Name of the OU.  Then save above lines of powershell in some txt file and save it with .ps1 extention, e.g. SetUsersGAL.ps1 and put in the Script folder in Exchange installation folder, which is normally “C:\Program Files\Microsoft\Exchange Server\Scripts”. Now open Exchange Management Shell and just enter the name of script file e.g. SetUsersGAL.ps1 and press enter and there you go.


For setting  “msExchQueryBaseDN” attribute in bulk for multiple users in an AD possibly scattered all over, and not in a specific OU:


#This script will set DN of  Default GAL on mailbox users scatterd in all over AD and having some
#specific value in Custom Attribute1, so that we can only modify some specific mailbox users


#Start of the script


#This is  distinguished name of AD domain where all users are placed


$ouDN =”DC=ADDomain,DC=com”


#Target distinguished name of the GAL (Default GAL), here u can put DN of any address list


$targetDN =”CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First  Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ADDomain,DC=,DC=com”


$objOU = New-Object System.DirectoryServices.DirectoryEntry
$objOU.path =”LDAP://”+$ouDN


#here just confiming that your DirectoryEntry AD object is valid
write-host $objOU.DistinguishedName


$objSearcher = New-Object System.DirectoryServices.DirectorySearcher


#This filter will get all mailbox users who have “myCompany” as their CustomAttribute1 in Exchange/AD
$strFilter = “(&(objectCategory=User)(homeMDB=*)(mailNickName=*)(extentionAttribute1=myCompany))”


$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”


$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{
$objUser = $objResult.GetDirectoryEntry()


#setting the attribute
$objUser.msExchQueryBaseDN = $targetDN
$objUser.CommitChanges()
write-host (“`n”+$objUser.DisplayName +” updated”)
}


#End of the script


Note: Now first make the changes to the script lines to work for your Active Directory domain, for it you will have to just change the Distinguished Name of the $ouDN and put the DN of your AD Domain. Also change the DN of the GAL in $targetDN according to your need. Then save above lines of powershell in some txt file and save it with .ps1 extention, e.g. SetUsersGAL.ps1 and put in the Script folder in Exchange installation folder, which is normally “C:\Program Files\Microsoft\Exchange Server\Scripts”. Now open Exchange Management Shell and just enter the name of script file e.g. SetUsersGAL.ps1 and press enter and there you go.


Hope that it helps you.


Regards,
Laeeq Qazi
Advertisements

April 11, 2010 - Posted by | Exchange 2007, Exchange 2010 | , , , ,

10 Comments »

  1. […] […]

    Pingback by LDAP script to block exchange address lists | September 10, 2010 | Reply

  2. I can’t get the “For setting ”msExchQueryBaseDN” attribute in bulk for multiple users in an OU” script to work.

    Having entered my DN’s for the specific OU and to the specific address list it tried to edit all of the whole top level OU. Also it couldn’t commit the changes so nothing was entered into the fields. 😦

    I really need a working script to fill in this field!

    Comment by Jenny Dibsdale | September 10, 2010 | Reply

  3. Hi,

    Please email me your script at laeeq.qazi[at]gmail[dot]com, i would try to correct it, it really works.

    Regards,
    Laeeq Qazi

    Comment by exchangegeek | September 19, 2010 | Reply

  4. msExchQueryBaseDN seems to be broken in Exchange 2010 SP1. When set the Outlook client shows no GAL but you can still search for users and it renders them in the results.

    Comment by Omar Armenteros | October 13, 2010 | Reply

  5. […] How to set GAL for mailboxes in OWA for Exchange 2007/2010 in bulk April 2010 4 comments and 1 Like on WordPress.com, 3 […]

    Pingback by 2010 in review « Laeeq Qazi' Exchange Server 2007/2010 Blog | January 2, 2011 | Reply

  6. […] How to set GAL for mailboxes in OWA for Exchange 2007/2010 in bulk (via Laeeq Qazi’ Exchange Server 2007/2010 Blog) April 27, 2011 mcloum Leave a comment Go to comments There is often a need that exchange administrators want they only show a specific Global Address List (GAL) to a group of mailbox users in Outlook Web Access. Microsoft has provided an Active Directory user attribute for this purpose "msExchQueryBaseDN" to do this task for an individual mailbox user, which is also mentioned in the Address List Segregation document Address List Segregation Exchange 2007. Now here we can limit a user to either see … Read More […]

    Pingback by How to set GAL for mailboxes in OWA for Exchange 2007/2010 in bulk (via Laeeq Qazi’ Exchange Server 2007/2010 Blog) « The helpdesk is now closed! | April 27, 2011 | Reply

  7. hello!,I love your writing so so much! proportion we be in contact extra approximately your post on AOL? I need an expert in this area to resolve my problem. May be that is you! Looking forward to see you.

    Comment by group policy software | December 8, 2011 | Reply

    • hi,
      Thanks fr appreciation. What help do you need from me? Please send an email to laeeq.qazi[at]gmail.com.

      Comment by exchangegeek | December 8, 2011 | Reply

  8. Nice one… its great solutions

    Comment by Mahendra Patel | January 17, 2012 | Reply

  9. […] 3. Although I have not tested this sites instructions you can try updating user’s in bulk. But you would have to use a Script and create one per Company, to see steps please click here. […]

    Pingback by ## Global Address List (Exchange Server) + MS Outlook common Issues and Solutions | October 18, 2013 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: