Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

XCCC: How to Restrict OWA Address View Searches


View products that this article applies to.

Summary

This article describes how to restrict Exchange 2000 Outlook Web Access (OWA) address view searches.

↑ Back to the top


More information

WARNING: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

If you access e-mail using Exchange 2000 OWA, you do not have the user rights for Active Directory that are applied to folder queries. This setting effectively enables you to see all users in the Active Directory directory service regardless of the Access Control Lists (ACLs) that have been assigned.

In an Exchange 2000 application service provider (ASP) environment, if you are an administrator, you can restrict users from viewing the address lists to their own organizational unit, but not the entire global address list. Use the msExchQueryBaseDN attribute on each user that uses Exchange 2000 OWA to control the scope of searches that OWA performs. This attribute is not exposed in Exchange Server Microsoft Management Console (MMC). To configure this attribute, use Adsiedit.exe, which is available on the Windows 2000 CD-ROM. To install Adsiedit.exe:
  1. Extract Adsiedit.dll from the Support.cab file in the Support\Tools folder on the Windows 2000 Server CD-ROM.
  2. Copy this file to the Winnt\System32 folder.
  3. At a command prompt, type regsvr32 adsiedit.dll.
  4. Add the ADSIEdit snap-in to MMC.
To restrict OWA address view searches:
  1. Start the ADSIEdit snap-in, and then click Connect To on the Action menu.
  2. Click Domain NC.
  3. Click a computer or domain to connect to, or click OK to use the domain or server that you are logged into, and then click OK to accept these settings

    In this example, use ASPHosting.com.
  4. Click DC=ASPHosting, dc=COM.
  5. Locate and click the Customer1.com organizational unit, and then right-click the user to which you want to set viewing restrictions.
  6. Click msExchQueryBaseDN in the Select a property to view box.
  7. Copy the LDAP address that represents that user's organizational unit in the Edit attribute box. For example, ou=customer1, DC=ASPhosting, dc=COM.
  8. Click Set, and then click OK.

↑ Back to the top


Keywords: KB272197, kbhowto

↑ Back to the top

Article Info
Article ID : 272197
Revision : 5
Created on : 2/26/2007
Published on : 2/26/2007
Exists online : False
Views : 258