Monday, August 17, 2009
August Sydney SharePoint User Group - Tuesday 17th
I hate it when we have a "Not to be missed" session and I can't make it. This is one of those topics that you won't see covered off in Microsoft online content but is at the core of what SharePoint is aiming to achieve for businesses.
Monday, August 03, 2009
Exclude Hidden Mailboxes from User Profile Import
I never knew this before, but seemingly Exchange allows you to mark certain mailboxes as hidden. This prevents them showing up within the Global Address List when someone is doing a name lookup, for example using Outlook "Check Names" functionality.
With Microsoft Office SharePoint Server you can populate your User Profiles by importing account details from Active Directory. I always use a custom LDAP query as the source for the connection. This allows me to be more specific about which Active Directory entries to bring across to SharePoint. There is a great KB article on the Microsoft Support site on how to set this up - http://support.microsoft.com/kb/827754. This article also describes how to filters out Active Directory accounts that have been disabled.
What if you want to also exclude accounts that have been marked as Hidden within Exchange? Well, the LDAP property that you want to look at is called msExchHideFromAddressLists. This is a Boolean property, so in theory we would just include entries where this property = FALSE. It is not quite that simple though. Since this is an optional property, I suspect that it may not exist for every user object. Therefore, testing that it is FALSE will not always work. Not to worry, just test that it is not TRUE. Logically this is equivalent and it turned out to work in my environment.
This means that the User Filter value from the KB article gets updated to:
(&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2))(!(msExchHideFromAddressLists:=TRUE)))
But the fun doesn't end there! Both Windows SharePoint Services and Microsoft Office SharePoint Server have a People-Picker field. This is the field that you use any time you want to assign an Active Directory user to a field, such as in a Task list. Updating your User Profile query has no affect to what the People Picker returns when you perform a search. There is an STSADM command line query that does help though. Gavin Adams has a good blog post that describes this command. Here is the syntax that you can use to exclude the hidden Exchange mailbox accounts:
stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -pv "(|(!(msExchHideFromAddressLists=TRUE))" -url <intranet site address>
Change the text <intranet site address> to the address of the web site. Do not include the angle brackets.