Laeeq Qazi's Exchange Server Blog

Exchange Server blog

How to set GAL for mailboxes in OWA for Exchange 2007/2010 in bulk

There is often a need that exchange administrators want they only show a specific Global Address List (GAL) to a group of mailbox users in Outlook Web Access. Microsoft has provided an Active Directory user attribute for this purpose “msExchQueryBaseDN” to do this task for an individual mailbox user, which is also mentioned in the Address List Segregation document Address List Segregation Exchange 2007.

Now here we can limit a user to either see all mail recipients (mailbox,mail contacts, mail users, distribution lists) in a specific Organizational Unit (OU) , or to see an entire GAL, in which case users may be scattered all over the Active Directory.

So if we put the distinguished name of an OU in a user’s “msExchQueryBaseDN”  then that user will only see the recipients from that OU (and sub OUs) in the Global Address List, and if we put the distinguished name of a GAL  in a user’s “msExchQueryBaseDN”  then that user will see all recipients in that GAL.

For manually doing it you will have to use some AD editor like ADSIEdit, which comes with win 2008 server by default in AD environment (for win 2003 you can find and download it with Windows support tools).

For manually setting “msExchQueryBaseDN” attribute for a single user:

1. Open ADSIEDit, and go to properties of your OrganizationalUnit and copy the distiguishedName attribute’s value.

OR

Open Exchange Management Shell and type  Get-GlobalAddressList “Your GAL Name” |FL DistinguishedName  and then copy the the distiguishedName.

2. Now locate your user in ADSIEdit and goto user properties and put the distiguishedName of the OU in the user’s property “msExchQueryBaseDN” and press ok.

3. Now goto OWA and see the  Global Address List (GAL).

But often exchange admins want to set this “msExchQueryBaseDN” attribute in bulk for many users and they dont find a script. So I wrote a PowerShell script so that this task could be performed in bulk for the mailbox users in a specific OU.

For setting  “msExchQueryBaseDN” attribute in bulk for multiple users in an OU:

#Start of the script

#This is OU where all users are placed in AD
$ouDN =”OU=YourOU,DC=ADDomain,DC=com”


#Target distinguished name of the OU
#IF u want to set a GAL instead of OU then put the DN of GAL
$targetDN=$ouDN


$objOU = New-Object System.DirectoryServices.DirectoryEntry
$objOU.path =”LDAP://”+$ouDN


#here just confiming that your DirectoryEntry AD object is valid
write-host $objOU.DistinguishedName


$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$strFilter = “(&(objectCategory=User)(homeMDB=*)(mailNickName=*))”
$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”


$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{
$objUser = $objResult.GetDirectoryEntry()


#setting the attribute
$objUser.msExchQueryBaseDN = $targetDN
$objUser.CommitChanges()


write-host (“`n”+$objUser.DisplayName +” updated”)
}


#End of the script


Note: Now first make the changes to the script lines to work for your Active Directory domain, for it you will have to just change the Distinguished Name of the OU.  Then save above lines of powershell in some txt file and save it with .ps1 extention, e.g. SetUsersGAL.ps1 and put in the Script folder in Exchange installation folder, which is normally “C:\Program Files\Microsoft\Exchange Server\Scripts”. Now open Exchange Management Shell and just enter the name of script file e.g. SetUsersGAL.ps1 and press enter and there you go.


For setting  “msExchQueryBaseDN” attribute in bulk for multiple users in an AD possibly scattered all over, and not in a specific OU:


#This script will set DN of  Default GAL on mailbox users scatterd in all over AD and having some
#specific value in Custom Attribute1, so that we can only modify some specific mailbox users


#Start of the script


#This is  distinguished name of AD domain where all users are placed


$ouDN =”DC=ADDomain,DC=com”


#Target distinguished name of the GAL (Default GAL), here u can put DN of any address list


$targetDN =”CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First  Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ADDomain,DC=,DC=com”


$objOU = New-Object System.DirectoryServices.DirectoryEntry
$objOU.path =”LDAP://”+$ouDN


#here just confiming that your DirectoryEntry AD object is valid
write-host $objOU.DistinguishedName


$objSearcher = New-Object System.DirectoryServices.DirectorySearcher


#This filter will get all mailbox users who have “myCompany” as their CustomAttribute1 in Exchange/AD
$strFilter = “(&(objectCategory=User)(homeMDB=*)(mailNickName=*)(extentionAttribute1=myCompany))”


$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = “Subtree”


$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{
$objUser = $objResult.GetDirectoryEntry()


#setting the attribute
$objUser.msExchQueryBaseDN = $targetDN
$objUser.CommitChanges()
write-host (“`n”+$objUser.DisplayName +” updated”)
}


#End of the script


Note: Now first make the changes to the script lines to work for your Active Directory domain, for it you will have to just change the Distinguished Name of the $ouDN and put the DN of your AD Domain. Also change the DN of the GAL in $targetDN according to your need. Then save above lines of powershell in some txt file and save it with .ps1 extention, e.g. SetUsersGAL.ps1 and put in the Script folder in Exchange installation folder, which is normally “C:\Program Files\Microsoft\Exchange Server\Scripts”. Now open Exchange Management Shell and just enter the name of script file e.g. SetUsersGAL.ps1 and press enter and there you go.


Hope that it helps you.


Regards,
Laeeq Qazi
Advertisements

April 11, 2010 Posted by | Exchange 2007, Exchange 2010 | , , , , | 10 Comments

Update Rollup 2 for Exchange Server 2010 (KB979611)

Microsoft has released Update Rollup 2 for Microsoft Exchange Server 2010. The update rollup was released on February 18, 2010 but published date on download page is March 4, 2010.

Details: http://support.microsoft.com/Default.aspx?kbid=979611

Download: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=6d3ae3e0-3982-46d6-9e9c-7d7d63fae565

Regards,

Laeeq Qazi

March 6, 2010 Posted by | Exchange 2010 | Leave a comment

Manually Generating Offline Address Book on Exchange 2007/2010

An Exchange offline address book (OAB) is an Address Book that contains one or more address lists. It is availalble to Exchange Client softwares (e.g Outlook 2007) when users are not connected to Exchange Server and are offline.

OABs are not generated frequently in  a day because OAB generation process consumes much system resources if they contain hundreds of email addresses. Instead they are normally generated once or twice in a day depending upon the size of the OAB and need of the organization owning that OAB.

Sometimes its necessary to immediately generate the OAB when a new email address is added to Exchange System, so that the new email address is immediately available to outlook (or) other clients through downloading the latest OAB.

For immediate OAB generation and distribution (both PF, and web based distribution through CAS) I do following steps:

1. Run Update-OfflineAddressbook “offline address book”  in Exchange Management Shell. e.g

Update-OfflineAddressbook “Default offline address book”

2. Restart System Attendant Service on the OAB Generation Server (Mailbox Server). This service is responsible for generating the OAB by communicating with Active Directory infrastructure.

3. Either run following command in EMS

Update-FileDistributionService “CASServerName”

or just restart File Distribution Service on CAS Server.

File distribution service copies the OAB from the Mailbox Server, where System Attendant Service puts OAB in a shared folder “C:\Program Files\Microsoft\Exchange Server\ExchangeOAB”. Outlook clients then download the OAB from CAS published OAB Virtual Directory.

I hope that this post is helpful for you.

Best regards,

February 13, 2010 Posted by | Exchange 2007, Exchange 2010 | 11 Comments

‘Enable Local Continous Replication’ not shown for Storage Group

Hi,

  Sometimes  you want to enable Local Continuous Replication (LCR)  for a Storage Group, but Exchange doesn’t show the option to Enable it. Mainly there are two reasons for it.

1. The Storage Group contains more than 1 Exchange Database (Mailbox or Public Folder)

2. The Storage Group contains only one Database .

Enable-LCR-Not-Shown

Enable-LCR-Not-Shown

First scenario is acceptable because Exchange doesn’t allow to Enbale LCR for a Storage Group that contains more than one Exchange Database. There is a problem with second scenario where a Storage Group contains only one Exchange Database but Exchange doesn’t show the option to Enable LCR. After a long research I found that this happens when the Folder representing Storage Group contains more than one .edb file. When we delete an Exchange Database, corresponding .edb file is not deleted automatically. So it causes the ‘Enable LCR’ option not to be shown. So I deleted the garbage .edb file(s) from the Storage Group folder on the disk, and then refreshed the console, which then showed me ‘Enable LCR’ option.

December 31, 2008 Posted by | Exchange 2007 | 3 Comments