Monday, August 03, 2009

Exclude Hidden Mailboxes from User Profile Import

I never knew this before, but seemingly Exchange allows you to mark certain mailboxes as hidden. This prevents them showing up within the Global Address List when someone is doing a name lookup, for example using Outlook "Check Names" functionality.

With Microsoft Office SharePoint Server you can populate your User Profiles by importing account details from Active Directory. I always use a custom LDAP query as the source for the connection. This allows me to be more specific about which Active Directory entries to bring across to SharePoint. There is a great KB article on the Microsoft Support site on how to set this up - http://support.microsoft.com/kb/827754. This article also describes how to filters out Active Directory accounts that have been disabled.

What if you want to also exclude accounts that have been marked as Hidden within Exchange? Well, the LDAP property that you want to look at is called msExchHideFromAddressLists. This is a Boolean property, so in theory we would just include entries where this property = FALSE. It is not quite that simple though. Since this is an optional property, I suspect that it may not exist for every user object. Therefore, testing that it is FALSE will not always work. Not to worry, just test that it is not TRUE. Logically this is equivalent and it turned out to work in my environment.

This means that the User Filter value from the KB article gets updated to:

(&(objectCategory=person)(objectClass=user)( !(userAccountControl:1.2.840.113556.1.4.803:=2))(!(msExchHideFromAddressLists:=TRUE)))

But the fun doesn't end there! Both Windows SharePoint Services and Microsoft Office SharePoint Server have a People-Picker field. This is the field that you use any time you want to assign an Active Directory user to a field, such as in a Task list. Updating your User Profile query has no affect to what the People Picker returns when you perform a search. There is an STSADM command line query that does help though. Gavin Adams has a good blog post that describes this command. Here is the syntax that you can use to exclude the hidden Exchange mailbox accounts:

stsadm -o setproperty -pn peoplepicker-searchadcustomfilter -pv "(|(!(msExchHideFromAddressLists=TRUE))" -url <intranet site address>

Change the text <intranet site address> to the address of the web site. Do not include the angle brackets.