Restricting Address Lists for Exchange 2010 OWA users

If you have multiple Address lists in your Exchange environment, you may not want these address lists to be visible to all OWA users.  The problem with OWA is that you cannot restrict address lists with ACLs since the Exchange box is requesting the information for the OWA users.  You have to edit the msExchQueryBaseDN of the user object you want to limit visibility to.

The first step is to find the DN name of the address list that you want to be visible to the users:

  • Using ADSIEDIT.msc, navigate to the configuration container >SERVICES > MICROSOFT EXCHANGE > ADDRESS LISTS CONTAINER
  • Highlight the Address list that you want to use as a scope for the user, go to properties, and double click the distinguishedName attribute of the address list
  • Copy the “Value” of the distinguishedName attribute as you will use this

In Active Directory Users and Computers, go to the properties of the user you want to restrict the OWA address list for.  Make sure you have the Advanced Features option selected in ADUC for viewing.

  • Go to “Attribute Editor” tab and find the msExchQueryBaseDN attribute.
  • Paste the value that you copied from the first step above into this attribute for the user.

The user will now be restricted to this scope only when they click on the To: field of a new message in OWA.

Back to top button