The method I've outlined for multiple companies or divisions sharing a directory works well but has two minor problems with easy solutions. The first problem is that, by default, Offline Address Lists are rooted in the Store, so when I synchronize my Offline Address List and hit the road, I see all the users in the Store, not just the users in my division or custom address list. Exchange 2000 SP1 fixed this problem by letting you define custom Offline Address Lists just as you define custom recipient policies and custom address lists, so be sure that you're running SP1 or this Offline Address List problem might affect you. Right-click Offline Address Lists, create a new Offline Address List, and give it a descriptive name. As you create this Offline Address List, you'll notice that it doesn't have the same Security tab that many other objects have; it depends on the address list security settings. Figure 6 shows the dialog box you use to select an address list to associate with the Offline Address Lists.
The second problem with partitioning the directory affects Outlook Web Access (OWA) clients. When the OWA client performs a search, the address query starts at an entry point in AD that you can define. By default, no entry point value is specified, which is OK for users who need to search the entire directory but not for hosted users who should see only people in their organization. The good news is that you can control this entry point; the bad news is that you must set it per user and it isn't a user attribute that the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in exposes. Instead, you must use the ADSI Edit utility to edit the property or, better yet, use the AD provisioning tools, which I'll describe in a future article. Using ADSI Edit, you must set the msExchQueryBaseDN user attribute to the DN for the OU that you want the user to search. Here's where you can see the advantage of creating your AD hierarchy such that users are organized by OU.
Finally, here's a tip for using address lists that will benefit almost any organization—host or small business. If you need to take a server or Store offline, you usually send out an email message to all affected users. To prepare for this action in advance, you might create a distribution list (DL). But if you create a DL, you must keep it up-to-date or risk missing a user. Instead, you can create an address list on the fly, building it on the mailbox store property, as Figure 7 shows.
Valuable Lessons
By now, you can see that ASPs, with their hosted Exchange 2000 environments, can teach corporate IT departments some valuable lessons. In my next article, I'll focus on what IT departments can learn from ASPs about managing user accounts and about using AD provisioning tools to automate tasks.