Easy Custom Address Lists in Exchange 2003

So, you need to make a custom address list (address book) for your Microsoft Outlook users with Microsoft Exchange Server 2003. This is one of those things where it's pretty easy to get what you want until you need a list with more than just one object type (users, contacts, groups, etc.). If you want an address list to include more than just one type, you'll have to do a custom LDAP query. Another reason you may have to do a custom LDAP query is if you want an "OR" in your conditional statement; in other words, you need to have an "either/or" condition (e.g., you want users who are part of either Group A or Group B).

Most of you probably don't want to have to learn all about LDAP query writing just to get the right items to appear in your Outlook address list. This article should get you going quickly by showing you a couple shortcuts to getting the query you want. We will outline:

Read on for the tutorial...

Step 1

The first thing you need to know how to do is create your address list. There are a number of tutorials on this that you can look up, but here are the basic steps:

  1. Load up Exchange System Manager
  2. Navigate to Recipients -> All Address Lists
  3. Right-click on All Address Lists and select New -> Address List...
  4. Give the address list a name and click Finish

Step 2

Next, open the Properties of the address list and select the Modify... button to create your query. By default, you will notice the Find: drop-down menu has Exchange Recipients selected. Go ahead and change that to Users, Contacts, and Groups.


Now, use the three tabs to create a query for your list. If you don't need anything complex such as was mentioned earlier, you can use this tool to do your entire LDAP query for you, click OK and you're done. Of course, if that was the case, you probably wouldn't need this article.

Chances are, you are going to need a more complex query. In that case, use the wizard to do just the first part of your query to get partial results, saving you from having to write the entire thing from scratch and producing a starting template for you to edit later. I recommend focusing on the third Advanced tab to get what you want. Click the Field drop-down button and start with your query for User, Group, or Contact. Then select your condition for that type. 

In our example we will create a list that contains entries that match at least one of the following three conditions:

  1. Users with a description field of "Consultant"
  2. Groups with a description field of "Consultant"
  3. Users who are members of a distribution group called "Smart People"

So, to start with, we will have the wizard create a LDAP query for just the first condition. On the Advanced tab, click the Field drop-down and select User -> Description. Change the condition to Is (exactly) and enter "Consultant" as your value. Finally, click Add to set this as one of your criterias.


This is the part where I explain why we need to create a custom LDAP query rather than just use this wizard that Microsoft supplies. The issue we have is that if you try to add in another condition, it always interprets it as an AND type connection between it and the first condition. It's a shame Microsoft didn't program a simple drop-down that let's you select OR, NOT, etc. as well, but that's just how it is. So, we can't just add in the second condition of our example because that's a different object type (group vs user) or even the third condition because it would only show users who match both those conditions.

So, just leave the wizard with only the first condition inserted and click OK (feel free to click the Find Now button first to preview the results). What you will see is a shaded text box that contains your query that matches just the first condition. Copy this text into a text editor because this is your starting point. It should look something like the following:




Now, here's your basic LDAP query lesson. You'll notice that the query begins with a bunch of & symbols. This is your logical AND to combine your conditions. The syntax format is not If(Condition A)&(Condition B)as you may be used to, but rather &(Condition A)(Condition B). You can also have more than two conditions in the statement such as &(Condition A)(Condition B)(Condition C). This should help things make a little more sense as you look at the code. The other thing we now need to know is that the symbol for a logical OR is the pipe symbol |. That's about all the detail we need to get into at the moment. If you want a few more LDAP query basics, check out this Microsoft TechNet article.

Going back to our query, it may look complicated, but most of it is just telling Exchange to make sure that it doesn't pull in something stupid to the list. Trimming it down, we only have a 3-way condition where it basically says:

&(Exchange Filters and Checks)(objectCategory=user)(description=Consultant)


To begin, let's modify the query to include groups as well as users to meet our second condition. Just change the following:


Find: (objectCategory=user)(description=Consultant)

Change To: (|(&(objectCategory=user)(description=Consultant))(&(objectCategory=group)(description=Consultant)))


Notice we add in an & to the original part and surround it with parnetheses to separate it out (highlighted  yellow). Then we duplicate it changing the objectCategory for the duplicate to "group" (highlighted  green). Then we use the pipe symbol for a logical OR and place parentheses around them (highlighted aqua). Easy! The final code should be the following:



If you wanted any object with the description of "Consultant" and not just users or groups, you would simply have deleted the entire objectCategory section to remove that condition completely.Next, we will change the query again to add in our third condition: to include users who are members of a distribution group called "Smart People"


Find: (|(&(objectCategory=user)(description=Consultant))(&(objectCategory=group)(description=Consultant)))

Change To: (|(|(&(objectCategory=user)(description=Consultant))(&(objectCategory=group)(description=Consultant)))(memberOf=cn=Smart People,ou=People,dc=MyDomain,dc=com))


Again, we precursor everthing with an open parenthesis and added in the logical OR pipe symbol. Then we added our new condition (memberOf=cn=Smart People,ou=People,dc=MyDomain,dc=com) and then finished with a close parenthesis.

When using the memberOf condition, you must use the Distinguished Name (DN).

Our query then ends up looking as follows:


(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14))))(|(|(&(objectCategory=user)(description=Consultant))(&(objectCategory=group)(description=Consultant)))(memberOf=cn=Smart People,ou=People,dc=MyDomain,dc=com))))


Step 3

Finally, we need to take our modified query and use it in our address list.

  1. Open the Properties of the address list and select the Modify... button
  2. Change the Find: drop-down menu to Custom Search
  3. Open the Advanced tab
  4. Paste in your LDAP query
  5. Test with the Find Now button
  6. If satisfied with the sample results, click OK
  7. Click OK again to save the address list properties

Hopefully, things aren't all that grim anymore!


Tag: microsoft microsoft exchange ldap outlook address book exchange address list

Comments (11)

The Grim Admin