The Problem:

To hide a set of users from the GAL but to still display everyone else. The wanted users are spread over SERVER001, 002 & 003 with the unwanted people on SERVER004 wich doesn’t allow us to use variables

The default query maker doesn’t allow you to specify “users not on this server” but only “users on this server”

The solution:

A custom LDAP query created by hand rather than with the “wizard”.

To enter a custom query:

  • In the Exchange System Manager go to the “recipients – Global Address lists”
  • Select the GAL you want to change
  • In the “Find exchange recipients” pick “Custom Search”
  • Move to the advanced tab
  • Paste your custom query in

See this MSDN article for a list of MS LDAP switches.

Basically the ones you have to worry about are:

& is AND
! is NOT
| is OR

After taking a basic query as generated by the default query builder and having a fiddle around with it I ended up with the following (formatted for readability)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
(&
	    (&
	    	    (&
	    	    	    (mailnickname=*)
	    	    	    (|
	    	    	    	    (&
	    	    	    	    	    (objectCategory=person)
	    	    	    	    	    (objectClass=user)
	    	    	    	    	    (!
	    	    	    	    	    	nbsp(msExchHomeServerName=*SERVER004)
	    	    	    	    	    )
	    	    	    	    )
	    	    	    	    (&
	    	    	    	    	    (objectCategory=person)
	    	    	    	    	    (objectClass=contact)
	    	    	    	    )
	    	    	    	    (objectCategory=group)
	    	    	    	    (objectCategory=publicFolder)
	    	    	    	    (objectCategory=msExchDynamicDistributionList)
	    	    	    )
	    	    )
	    )
 )

As I understand it this means:

Select all objects that have a mailbox (mail nickname) and are any of the following – a group, a public folder, a distribution list or a person who doesn’t have a mailbox on the server ending with SERVER004.

Note: When pasting LDAP into the query box it can’t contain tabs or carriage returns.

(&(&(&(&(mailnickname=*)(|(&(objectCategory=person)(objectClass=user)(!(msExchHomeServerName=*SERVER004)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList))))))