- Exchange's Core Components
- Design Goals
- Architecture Similarities
- Terminology Changes
- Architecture Changes
- Directory Services
- Directory Access
- How DSProxy Is Used
- How DS Referral Is Used
- Transport Services
- IIS Integration
- Distributed Configurations
- Addressing with Exchange 2000
- Address Generation
- Directory Connectivity
- Active Directory Connector (ADC)
- Site Replication Service
- Address Lists
- Accessing Filter Rules for Address Lists
- Configuring Filter Rules for Address Lists
- Active Directory Users and Computers
- Creating Users
- Creating Groups
- Creating Contacts
- Managing Users
- Managing Groups
- Managing Contacts
- Tools
- ADSIEDIT
- NTDSUTIL
- Troubleshooting
- DS Referral
- Configuration of Diagnostic Logging
- Displaying Routing and Administrative Groups
Configuring Filter Rules for Address Lists
Using the Find Exchange Recipients dialog box, an administrator can modify the properties of the Address List. Three tabs in the Find Exchange Recipients dialog box can be used to control the membership of the Address List. These tabs are the General tab, the Storage tab, and the Advanced tab.
Five check boxes are on the General tab. These can be used in any combination to restrict or widen the types of objects that you want to include in the query. (See Figure 3.6.)
){kind=link}
Figure 3.6 The first and second check boxes refer to mailbox-enabled and mail-enabled objects, respectively. The last three check boxes refer to specific object types.
The ability to specify the location of the mailbox store is provided with the Storage tab. The query can be executed against every server or a specific server. It is also possible to restrict a query to a specific Mailbox Store. (See Figure 3.7.)
){kind=link}
Figure 3.7 Restricting queries to a single Mailbox store can be very helpful when partitioning departments or companies on the same server or within the same environment.
The Advanced tab is where Filter Rules can be defined. (See Figure 3.8.) The Field drop-down box lists four main categories that contain a plethora of object properties that can be filtered upon. The four main categories are User, Contact, Group, and Public Folder. Look under the user group for an example of the varied types of criteria. The user's home drive, the employee's title, and the pager number are just a few of the values that can be used.
){kind=link}
Figure 3.8 The Filter Rules that are defined on the Advanced tab are translated into an LDAP query. This makes the generation of these lists quick and resource-economical.
After the field is selected, it will appear in the first of the three data fields for the filter that is actively being modified.
Next, the Condition field must be selected. The Boolean functions available from the drop-down box, are Starts with, Ends with, Is (exactly), Is not, Present, and Not present. The last two options (Present and Not present) yield only a true or false result. Because of this, the Value field is grayed out when either of these two options is selected.
The Value field is where the administrator enters the value to be met. If the desire is to return a list of all objects with the value Accounting in the Department field, the value Accounting would be appropriate in the Value field.
With a Filter Rule in place, the Find Now button can be used to test the search criteria. In this example, four user objects were returned because they met the criteria of having the exact value Accounting in the Department field. (See Figure 3.9.)
){kind=link}
Figure 3.9 Remember that multiple queries can be created for a single Address List. From this dialog box, multiple Filter Rules can be created and tested.
After setting up the Filter Rules for the Accounting Address List, it is ready for the clients to use. For this example, a Filter Rule was configured to restrict the Accounting Address List membership to only objects with Accounting in the department field. The view of the address book is illustrated in Figure 3.10.
){kind=link}
Figure 3.10 In the drop-down menu labeled Show Names, a user can select from the different Address Lists that the administrator has created. The user will see subordinate Address Lists as indented lists.
When using the Exchange Service Manager (ESM) to view address lists (refer to Figure 3.3,) right-clicking the Address List itself will produce a pop-up menu. A clever administrator might find this and think that the results of the query can be exported using the Export List option. Unfortunately, this is not the output from this menu item. Only the subitems of the Address List are exported. (See Figure 3.11.) One way to export a list of users and attributes would be to access the directory programmatically via LDAP.
){kind=link}
){kind=link}
Figure 3.11 Only the objects underneath the Address List itself were exported. In this case, branch locations were exported, rather than the list of the users generated by the LDAP query.
TIP
It is possible to hide specific Address Lists from select clients using Windows 2000 Access Control Lists (ACLs). It is also possible to create multiple Global Address Lists (GALs) and share them with specified groups of users. These features will be especially helpful for ISPs that want to host different clients on the same system while keeping them separate.