¿Le resultó útil esta página?
¿Tiene comentarios adicionales?
Caracteres restantes: 1500
Exportar (0) Imprimir
Expandir todo
Collapse the table of content
Expand the table of content
Expandir Minimizar

Offline Address Book - Things to Consider


Última modificación del tema: 2006-01-26

Based on an article by Scott Schnoll.

This article covers some of the things that should be considered when planning offline address books in Microsoft® Exchange Server 2003. The information pertains to Exchange Server 2003 SP1.

For some organizations, the offline address book is a small file that remote users occasionally download. For these organizations, downloading the offline address book is not a concern. However, for some large organizations that have large directories, or for organizations that have deployed Microsoft Office Outlook® 2003 in Cached Exchange Mode, it may be a concern, especially if the organizations have consolidated Exchange servers into a regional datacenter.

Offline address book sizes can vary from a few megabytes to a few hundred megabytes. The following factors can affect the size of the offline address book:

  • The usage of certificates in a company. The more public key infrastructure (PKI) certificates, the larger the offline address book. PKI certificates range from 1 kilobyte (KB) to 3 KB. They are the single largest contributor to the offline address book size.
  • The number of mail recipients in the Active Directory® directory service.
  • The number of distribution groups in Active Directory.
  • The information that a company adds to Active Directory for each mailbox-enabled or mail-enabled object. For example, some organizations populate the address properties on each user; others do not. For information about the address attributes stored by default in the offline address book, see "Configuring Exchange Server 2003 Offline Address Books" in Working with the Exchange Server 2003 Stores.

For estimation purposes, the full offline address book size is approximately 1 MB per 1,000 users. If there are user certificates in the offline address book, this will add approximately from 1 to 3 KB per certificate. The size of the offline address book and the available network bandwidth directly relate to the time it will take for all Outlook clients to download the offline address book.

Address book size refers to the size of the compressed offline address book files on the Exchange Server, and not the uncompressed, expanded file size for the offline address book files on the Outlook client.

To determine duration of offline address book downloads, you must first determine the size of your full offline address book. You can use Exchange System Manager to determine the size of the offline address book. In Exchange System Manager, right-click Public Folders, and then click View System Folders. This will display system folders, including the offline address book folders. After expanding the offline address book folder, you will find the OAB Version 3a folder. On the right side, click the Content tab to display the contents of this folder. This list will display the last 30 days of changes. The larger object with multiple attachments is the full offline address book, and the size can be determined by adding up the size of the attachments.

If many Outlook clients are attempting to download the full offline address book at the same time, this activity can take considerable time for all downloads to complete. For example, if an organization has a 10 MB offline address book, with 50 Outlook clients at a remote site, this equates to 500 MB of data to download. Using the full bandwidth of a 256 kilobits per second (Kbps) link (without latency), it would take approximately 4.5 hours to transfer the 500 MB download.

The 4.5 hour value was calculated by dividing 500 MB by 32 kilobytes per second (KBps) (32 KBps = 256 Kbps). This calculation does not take into account any network latency, the extra traffic due to RPC, or any other uses of the network link.

Additionally, because Outlook uses MAPI and RPC to download the offline address book, a small amount of overhead is added to the total download. The latency between Outlook and the Exchange Server computer will limit how much of the overall bandwidth can be used for all the data to be transferred. Overall, each client may not take the entire time, but among all clients, the network will be used for the overall duration of the offline address book download.

This section discusses some of the things that can affect offline address books.

A parent distinguished name is part of a distinguished name (also known as DN) (in x.500 syntax) not including the final relative distinguished name. In the example /o=org/ou=site/cn=Recipients/cn=bob, the parent distinguished name is /o=org/ou=site/cn=Recipients, and the relative distinguished name is /cn=bob. The parent distinguished name table is the set of all parent distinguished names found in the directory. These names come from two attributes: legacyExchangeDN and proxyAddresses starting with "x500:" or "X500:".

The x.500 addresses are included only if they start with /o=orgname, where orgname is the actual name of the local Exchange Server organization, and if the server generating the offline address book is running Exchange Server 2003 SP1. This means x.500 addresses on users migrated from another organization will not be included. A full download is forced when the set of found parent distinguished names changes.

If any one of the follow actions is performed, it can cause Outlook to perform a full offline address book download instead of an incremental or differential download:

  • Manually modifying a legacyExchangeDN attribute to create a parent distinguished name that did not exist previously. For example:
    • In native mode, changing a legacyExchangeDN attribute using an Active Directory editor, such as ADSI Edit, after moving a mailbox across administrative groups.
    • Modifying a legacyExchangeDN attribute correctly, but neglecting to add the previous distinguished name as an x.500 address. In this case, if this were the only object that had that parent distinguished name, the previous parent distinguished name would disappear from the directory.
  • With Exchange Server 5.5 and using the Active Directory Connector (ADC), creating a new container in Exchange Server 5.5 and inserting an object into it, or deleting the last object in an Exchange Server 5.5 container.
  • With Exchange Server 5.5 and using the ADC, and with the ADC set to replicate the container hierarchy to Exchange Server 5.5 (which is the default setting for ADC tools), creating and mail-enabling an object in a new Active Directory container. The ADC will create the new container in Exchange Server 5.5 and back-replicate the new Exchange Server 5.5 distinguished name as the legacyExchangeDN attribute of the Active Directory object. In this way, changes in the Active Directory hierarchy have the potential to add new parent distinguished names.
  • Adding an administrative group. The first mail-enabled object (mailbox, contact, or distribution group) created in this administrative group will cause a new parent distinguished name to show up in the directory.
  • Deleting the last object with a particular parent distinguished name in its legacyExchangeDN or proxyAddresses attribute. For example, three years after consolidating and deleting a site, delete the last mailbox formerly in that site. The x.500 placeholder is gone and changes the content of the parent distinguished name table.
  • Adding, removing, or modifying an x.500 proxy address. The Active Directory Users and Computers tool allows this type of change. If the x.500 address is in the local organization, but the organizational unit (/ou=<sitename>) and containers (/cn=Recipients/cn=<mailnickname>) are new or mistyped, a parent distinguished name will be added or deleted from the table.
  • When migrating users from a separate forest (such as a company merger or separate e-mail forest), adding the old legacyExchangeDN attribute as an x.500 proxy will force a full download of the offline address book if the /o=<orgname> is the same, and a new parent distinguished name is created.

There are some actions that you can take that affect parent distinguished names, but do not cause Outlook to perform a full download of the offline address book. These actions include:

  • Performing site consolidation mailbox moves in a mixed-mode environment   The old parent distinguished name is saved in proxyAddresses attribute and no new parent distinguished names are created.
  • Creating a mail-enabled object using Active Directory Users and Computers   Exchange 2000 Server and Exchange Server 2003 always use the same parent distinguished name (/o=<org>/ou=<admingroup>/cn=Recipients container) because the legacyExchangeDN attribute hierarchy is no longer easily exposed to the user. However, in a mixed-mode Exchange organization, if the newly created object is in a new container, and the Active Directory Connector connection agreement is configured to replicate the hierarchy, a full download of the offline address book can occur.
  • Deleting an administrative group   Mailboxes must be removed from the administrative group before deletion, and deleting the administrative group does not affect the x.500 addresses of existing mail-enabled objects, nor does it affect the legacyExchangeDN attribute of mail recipients.

Changing a user's legacyExchangeDN attribute is a drastic step that, among other things, requires the re-creation of the user's Outlook profile. For Cached Exchange Mode users, this action means re-synchronizing their offline store file (.ost file) and re-downloading their offline address book. However, there are valid reasons for changing a legacyExchangeDN attribute. For example, if you are using Key Management Service to provide certificates for use with digitally signed messages and a user moves between sites, you will need to change their legacyExchangeDN attribute. Key Management Service servers are deployed on a per-site basis, and users must have the correct parent distinguished name to reflect the site from which they are getting a certificate.

You should inspect carefully any modifications to the legacyExchangeDN attribute to prevent typographical mistakes such as the following:

  • Addition or deletion of leading or trailing spaces. If the entry has a leading or trailing space because of a previous change, the leading or trailing space should remain.
  • Verification that the attribute does not contain a colon (:). A common error occurs by copying a legacyExchangeDN attribute from LDP.exe because LDP.exe separates the attribute name from the value by a colon and a space ": ".
  • Misspelling of any one of the container names, especially Recipients.
  • The legacyExchangeDN attribute values should not contain a trailing semicolon. Some tools, such as LDP.exe, use the semicolon to delimit values in a multi-valued attribute.
  • The proxyAddresses attribute is a multi-valued attribute. LDP.exe displays multi-valued attribute values as a string delimited by semicolons, although this is for display only. Do not try to enter a semicolon-delimited list of proxy addresses into your Active Directory editor.
  • The legacyExchangeDN attribute value begins with something other than the following: /o= or /O=

If you discover a malformed legacyExchangeDN attribute, you must carefully research the proper corrective measure. Full downloads of the offline address book are triggered because of changes to the legacyExchangeDN attributes, and changing from one invalid parent distinguished name to another invalid parent distinguished name will cause a download to occur. Entries with invalid legacyExchangeDN attributes may not have an adverse effect on your environment, but trying to correct the entry can cause problems if not performed correctly.

Company-wide full downloads of the offline address book may result from too many changes in the directory. Currently, the threshold for too many changes is based on the size of the Changes.oab file in comparison to the set of full offline address book files. If the Changes.oab file is one-eighth (or more) the size of the full offline address book, Outlook will initiate a full offline address book download.

Some small changes (such as updating phone numbers to reflect a new area code on a large set of users, adding a new attribute such as 'Departments' to all users in Active Directory, or adding a new address type or a new address book) will cause all information about a recipient to be included in the Changes.oab file. Therefore, changing just a few bytes on each of half of your recipients would create a Changes.oab file that is larger than one-eighth your full offline address book.

The "one-eighth rule" can be modified through the registry. For more information, see the "Under what conditions will Outlook perform a full Offline Address Book download?" section in Microsoft Knowledge Base article 841273, "Administering the Offline Address Book in Outlook 2003."

In addition to the conditions described earlier, there are other circumstances in which Outlook will perform a full offline address book download. These include:

  • There is no offline address book on the client computer. This condition may occur if Outlook has not performed an initial complete synchronization.
  • There is a differential file missing on the server. Outlook cannot update to the current version without it. This behavior may occur if one of the following conditions is true:
    • You did not start Outlook (to log on to your Exchange mailbox) for more than 30 days. The server policy permits only 30 days of differential files.
    • There was an error on the server, and it did not generate the differential file for a day.
  • The version on the server and the version on the client do not match. There is a more recent version of the offline address book present on the server. For example, Version 3a (Unicode offline address book) is now available, and you previously downloaded a Version 2 offline address book.
  • Applying changes to the offline address book failed. For example, differential files are corrupted on the server. Corruption may occur if the server goes down during differential file generation.
  • One or more offline address book files are not present on the client computer. For example, a user accidentally deletes one of the offline address book files on the user's computer.
  • A previous full download failed, and Outlook has to start from the beginning.
  • You manually download the full offline address book.
  • The public folder store containing the only copy of the offline address book is lost, and replaced with a new database and new offline address book. To prevent this from occurring, it is recommended that you replicate the offline address book folders to at least two public folder servers (the original server and one replica).
  • When Outlook 2003 is initially deployed in Cached Exchange Mode, it will download a full offline address book. If you are initially deploying a large number of Outlook clients using Cached Exchange Mode, this will cause a large download of the full offline address book as a new offline address book is downloaded by each new install of Outlook 2003.
  • The public folder that Outlook uses for the offline address book is based on the msExchUseOAB attribute of the private information store. If a mailbox is moved to a different server with a different offline address book, Outlook will download a new offline address book. If a large number of mailboxes are moved between mailbox stores and the target store is configured to use a different offline address list, this will cause a full offline address book download for these mailboxes.
  • When a mailbox is moved from an Exchange Server 5.5 server to an Exchange Server 2003 server, the Exchange Server 2003 server will direct Outlook to a newer Unicode version of the offline address book. For all mailboxes moved from an Exchange Server 5.5 server to an Exchange Server 2003 server, Outlook will download a new offline address book. If a large number of mailboxes are moved from Exchange Server 5.5 to Exchange Server 2003, this will trigger a large number of full offline address book downloads for these mailboxes.
  • When a user has multiple MAPI profiles on the same Outlook client computer and they switch between the two profiles that both use Cached Exchange Mode, multiple full offline address book downloads of the same offline address book files will occur. Outlook supports only one offline address book per user account on a computer. If you have multiple profiles, only one profile can download the offline address book. If you have to use two or more profiles that use Cached Exchange Mode, make sure that one of the profiles is configured to not download the offline address book.

If your organization needs to minimize the effects of the full offline address book downloads across a WAN link, there are some best practices you can employ using Exchange Server 2003 SP1.

  • Limit large sets of full offline address book downloads   The first option is to limit large sets of full offline address book downloads as much as possible. The previous section lists conditions that will cause Outlook to download a full offline address book, either through mailbox moves, large changes in the directory, or changes to the parent distinguished name table. As a best practice, you should review these conditions, and determine what can be done to limit the cases that cause a full offline address book download.
    If many Outlook clients are downloading the full offline address book on a given day, this may cause high bandwidth usage, especially over a slow link. Although the daily change file is usually small, the full offline address book can be a considerable size because it contains the entire global address list (GAL) by default. Additionally, because the offline address book is downloaded individually by each Outlook client, the impact on the bandwidth used will increase based on the number of Outlook clients downloading the offline address book. For example, if an organization's full offline address book is 10 MB in size, and 20 Outlook clients at a remote site try to download the full offline address book on the same day, 200 MB of data will be downloaded across the WAN to the remote site.
  • Filter certificates to limit the size of the offline address book   In Exchange Server 2003, the Exchange offline address book service (OABGen) has the ability to filter unneeded attributes, including extra certificates that are not used by Outlook. Certificates are the largest single attribute stored in the offline address book. Filtering unneeded certificates can achieve a 35 percent to a 50 percent reduction in the size of the offline address book.
    There are three different certificate attributes in Active Directory. However, only some of these certificates are used for encrypting and signing e-mail messages. Certificates that are not used by Outlook, such as those used for the Encrypting File System and 802.1x authentication, are filtered from the offline address book. Expired certificates are also filtered from the offline address book.
    Certificate filtering is enabled by default in Exchange Server 2003 SP1, and no other actions are required to use this feature. If wanted, you can control the certificate filtering behavior by editing the registry on the Exchange server.
    Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
    To configure certificate filtering for offline address books
    1. On the Exchange Server computer, open a registry editor, such as Regedit.exe or Regedt32.exe.

    2. Navigate to: HKeyLocalMachine\System\CurrentControlSet\Services\MSExchangeSA\Parameters.

    3. Right-click Parameters and select New | DWORD value. Name the DWORD value OAL Invalid Cert Behavior.

    4. In the right pane, double-click OAL Invalid Cert Behavior and type the desired value:

      0 - Filter out expired and invalid certificates (default)

      1 - Filter out only expired certificates

      2 - Do not filter the UserCertificate attribute

    5. Close the registry editor and restart the Microsoft Exchange System Attendant service for the change to take effect.

  • Consider using the No Details offline address book for remote Outlook clients   The No Details offline address book is an option for remote Outlook clients that provides them with a minimal offline address book. This offline address book version is small and contains only the display name, primary SMTP address, office location, surname, and mailnickname.
    • Benefits   The No Details offline address book is small, so the cost of the download is limited.
    • Limitations   Anytime Outlook tries to retrieve details information about an address, Outlook performs an online request directly to Active Directory for the details. Offline access has limited information, so this option is not viable for portable computer users who are primarily offline.
  • Consider a remote offline address book-only server for remote Outlook clients   An Exchange public folder server can be installed at a remote site to host an offline address book. All remote clients at this remote site download the offline address book from the local Exchange public folder server.
    • Benefits   Downloads of the full offline address book do not affect the WAN. A full mailbox server is not required, so mailbox servers can still be consolidated to a central location.
    • Limitations   An extra server is required at the remote site.
  • Limit the number of users that access Exchange across a remote link   The effect of the full offline address book download is directly related to the number of users downloading the offline address book. Your organization may need to consider how many remote Outlook clients can be supported across a WAN before the effect of a full offline address book download is too high, and limit the number of remote clients as needed.
  • Implement offline address book throttling   You can prevent overloading an Exchange server's network adapter or the network to which it is attached by using the throttling mechanism introduced in Exchange Server 2003 SP1. This feature allows administrators to limit the network bandwidth used by offline address book downloads by setting a bandwidth threshold.

By default, this throttling feature is turned off. You can activate the feature by adding the registry entry to all public folder servers that host offline address book system folders. For more information, see "Offline Address Book Download Throttling" in Improvements for Offline Address Books.

¿Te ha resultado útil?
(Caracteres restantes: 1500)
Gracias por sus comentarios
© 2015 Microsoft