GAL segregation based on Organizational unit (OU)
Creating a GAL based on OU filter is not an easy task.
I was recently working on an issue to segregate the GAL based on OU because of multiple domains hosted in a single AD Forest
There are multiple ways of doing the segregation using ldap query and using different attributes but this option sounds me very easy and simple.
Open Adsiedit.msc
Browse to Configuration–> CN=Microsoft Exchange –> CN=ORG –> CN=Address Lists Container –> All Global Address List –>
Right click Global Address List and go to Properties.
Look for the Addribute name MsExchSearchBase and add the OU in the following format
CN=Users,DC=Domain,DC=Domain.
Check the screenshot.
Click apply, then ok. Close Adsiedit. Now this Gal will be restricted to this OU.
To make it more useful let us take a situation. You are into an issue where the requirement is to make an external contact visible in group membership from outlook and not visible in GAL. Microsoft has confirmed that this is a product by design if an object is selected “hide from Exchange Address Lists” and this is a member of a distribution Group then this object will receive the email, will be visible the distribution group membership in OWA but it will not be visible in outlook in the distribution group membership. So we need a work around to make our customer happy.
Follow the steps:
- Created the group 123 in the Users OU.
- Created the User TestGAL1 in the Users OU.
- Created the contact testgc2 in the Users OU
Created the contact tg3 in test container
Configured msExchSearchBase attribute with the value Users ou DN.
Tested in the outlook
-123 is the group
-Tg3 is the contact in the non searchbase OU which is showing as member of the DL but not showing in the GAL.
MsExchSearchBase is one the nice and simple attribute which allows you to restrict you GAL query.
Prabhat Nigam
Team @MSExchangeGuru
January 23rd, 2013 at 11:39 pm
Excellent