Skip to content

Restrict or filter GAL access for OWA users using MSExchQueryBaseDN in Exchange

by admin on March 29th, 2013
When hosting Exchange mailboxes for use purely with Outlook Web Access (OWA) you may wish to limit access to the Global Address List (GAL), so that logged in users can only see a subset of the contacts in the GAL. This would be particularly relevant in hosting environments where mailboxes may be hosted for multiple companies in the same active directory, and you might want users to only see contact information from users for their company, rather than all companies.

A while ago we had a situation where this was a requirement. In our case there were several groups of users who would only be accessing email through OWA, and only needed contact information for a subset of staff. We were able to use custom address lists and the MSExchQueryBaseDN user attribute to solve this problem.

If you run adsiedit.msc and look at the properties of a user object you can scroll down the list of attributes to findMSExchQueryBaseDN.

 

then you could point the MSExchQueryBaseDN attribute to an Organizational Unit, so it would filter contact information for just the users in that OU. It is important in exchange to separate at least domains in separate OU’s.

 

 

No comments yet

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS