Microsoft KB Archive/311154

= Outlook Web Access segmentation in Exchange 2000 Server =

Article ID: 311154

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q311154



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
This article describes Microsoft Outlook Web Access (OWA) segmentation.



MORE INFORMATION
OWA segmentation provides the ability to selectively enable features of OWA. For example, you can disable or enable mail, Calendaring, Contacts, public folders, Calendar reminders, new mail notification, and Microsoft Internet Explorer 5 support according to service offering. Administrators can segment OWA into different support offerings in Exchange 2000 Server Service Pack 2 (SP2) and later. You can segment OWA on a per-server or a per-user basis. Per-user settings override per-server settings, if both are in place.

Segmenting OWA for Each Server
To segment OWA on a per-server basis, edit the registry on the back-end server where the mailbox is located. If the back-end server is a clustered server, modify the registry on each node in the same manner.

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

You can segment OWA on a per-server basis by adding a registry value that is not present by default. To add this value:  Start Registry Editor (Regedt32.exe). Locate and click the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeWEB\OWA

 On the Edit menu, click Add Value, and then add the following registry value:

Value name: DefaultMailboxFolderSet

Data type: REG_DWORD

Radix: click Decimal

Value data: See the information following these steps

 Quit Registry Editor.

For the REG_DWORD value, type a decimal value based on the bit mask table in the Exchange 2000 Help file (Exadmin.chm). The table displays the decimal values for all of the OWA features. (You can also type the REG_DWORD value in hexadecimal format, as long as the values that are listed in the bit mask table are converted to hexadecimal and the Hex button is selected when you type the value. To convert the decimal value to hexadecimal, use the Calc.exe program in Scientific view.)

To determine the correct REG_DWORD value, calculate the sum of the individual values for each feature that you want to enable. For example, according to the table in the Exchange 2000 Help, the decimal value for messaging is 1, the decimal value for new mail notification is 256, and the decimal value for rich client interface is 512. 1 + 256 + 512 = 769. 769 decimal = 301 hexadecimal. Therefore, to enable these features, type a decimal value of 769 (or the hexadecimal equivalent) in the Data box of the REG_DWORD value. If you type a decimal value, the Dec button must be selected, and if you type the corresponding hexadecimal value, the Hex button must be selected. You must restart the Information Store service for this change to take effect.

Segmenting OWA for Each User
You can configure OWA segmentation on a per-user basis by adding an Active Directory attribute that is not present by default after the installation of Exchange 2000 SP2: the msExchMailboxFolderSet attribute. You need to modify the Active Directory schema to add this attribute. You can modify the Active Directory schema with an Ldifde file manually, or with a Microsoft Visual Basic script. Both are included in the Exchange 2000 SP2 folder structure in the Support\OWASchema folder.

Manually Extending the Active Directory Schema
NOTE: The person who updates the schema in your organization must be a member of the Schema Admins group.

To manually extend the Active Directory schema:  Identify the domain controller that holds the Schema master role.For additional information about how to identify the server that holds the Schema master role, click the article number below to view the article in the Microsoft Knowledge Base:

234790 How to Find FSMO Role Holders (Servers)

</li> On the Schema master server, set the Schema Update Allowed value to 1:  Start Registry Editor (Regedt32.exe).</li> Locate the Schema Update Allowed value under the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

</li> On the Edit menu, click Binary, type 1, and then click OK.</li> Quit Registry Editor.</li></ol> </li> Import the Owa-schema.ldf file. The person who updates the schema in your organization must be a member of the Schema Admins group.

At a command prompt, type the following command, where [Schema Master DNS name] is the fully qualified domain name (FQDN) of your organization's Schema Master FSMO server:

ldifde -i -k -c <SchemaContainerDN> cn=Schema,cn=Configuration,cn=[Domain],cn=[Root] -s [Schema Master DNS name] -f [Drive:]\SUPPORT\OWASCHEMA\OWA-SCHEMA.LDF.

NOTE: The preceding command is one path with no line breaks; it has been wrapped for readability.

For example, if a company's domain name is adatum.com, the command would be:

ldifde -i -k -c <SchemaContainerDN> cn=Schema,cn=Configuration,cn=adatum,cn=com -s dc.adatum.com -f d:\support\owaschema\owa-schema.ldf.

Because Ldifde writes log files, you must run this command from a folder with read and write privileges.</li> Set the appropriate value on the user's msExchMailboxFolderSet attribute. To do so, you need to use the Microsoft Windows 2000 utility ADSI Edit.

WARNING: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

Use ADSI Edit to set the appropriate value on the user's msExchMailboxFolderSet attribute. See the bit mask table in the Exchange 2000 Help file for valid values for this attribute. For additional information about how to modify this attribute on a user object, see the following section.</li></ol>

Extending the Active Directory Schema with the Owa-schema.vbs Script
The Owa-schema.vbs script locates the Active Directory Schema Master, disables the schema update lock, updates the schema, and then re-enables the schema lock automatically.

To extend the Active Directory schema with the Owa-schema.vbs script that is included with Exchange 2000 SP2:  Copy the Owa-schema.vbs and Owa-schema.ldf files from the Support\Owaschema folder of Exchange 2000 SP2 to a folder that you have read and write privileges for.</li> At a command prompt, in the new folder, type cscript OWA-SCHEMA.VBS.

The output is similar to:

<pre class="fixed_text">D:\support\OWASCHEMA>cscript owa-schema.vbs Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Schema Extension Tool to add msExchMailboxFolderSet attribute Requires OWA-SCHEMA.LDF Finding Schema Master... Schema Master is: SERVERNAME.MICROSOFT.COM Connecting to registry on SERVERNAME.MICROSOFT.COM Checking to see if Schema Update Lock is enabled... Schema update lock is set in registry. Changing setting... Schema updates are enabled in registry. Spawning LDIFDE to update schema... Schema extension complete. Check LDIF.LOG and LDIF.ERR for details. Re-enabling Schema update lock on SERVERNAME.MICROSOFT.COM Schema update lock restored. Schema updates are now disabled.

If the ADSI Edit Microsoft Management Console (MMC) snap-in is open when you run this script, you may need to quit and restart ADSI Edit to see this new attribute.</li></ol>

After you update the Active Directory schema, and the schema changes replicate throughout the Active Directory forest, use ADSI Edit to set the appropriate value on the user's msExchMailboxFolderSet attribute. See the bit mask table in the Exchange 2000 Help file for the bit mask values that determine this value.

For example, according to the table, the decimal value for messaging is 1, the decimal value for new mail notification is 256, and the decimal value for Internet Explorer 5 rich client user interface is 512. To enable these three features for an OWA user, give the msExchMailboxFolderSet attribute a decimal value of 769. The per-user settings take effect immediately if they are newly implemented. Changes to existing per-user settings take effect once the DS Access cache is cleared, which by default occurs every 10 minutes. Do not enter this value in hexadecimal format. You must enter the per-user attribute in decimal format.

Using ADSI Edit to Modify the &quot;msExchangeMailboxFolderSet&quot; Attribute of a User Object
To use ADSI Edit to modify the msExchangeMailboxFolderSet attribute of a user object:  Copy the Adsiedit.dll file from the Windows 2000 Support\Reskit\Netmgmt\Dstool folder to the %SystemRoot%\System32 folder.</li> At a command prompt, use the change directory command to change to the %SystemRoot%\System32 folder.</li> Type the following command:

regsvr32 adsiedit.dll

</li> Click Start, click Run, type MMC, and then click OK.</li> <li>On the Console menu, click Add/Remove Snap-in.</li> <li>Click Add, click ADSI Edit, click Add, click Close, and then click OK.</li> <li>In the console root, in the ADSI Edit window, click ADSI Edit.</li> <li>On the Action menu, click Connect to.</li> <li>In the Naming Context box, click Domain NC.</li> <li>Expand Domain NC until you see the organizational unit in which the user object resides, for example:

Domain NC\DC = microsoft,DC=com\CN=Users\<User Object>

</li> <li>Right-click the user object, and then click Properties.</li> <li>In the Select a property to view list, click the msExchMailboxFolderSet attribute.</li> <li>Set this attribute to the decimal value that you want to use for per-user OWA segmentation.</li></ol>

Notes and Reminders
You can enter per-server registry values as hexadecimal or decimal values. However, you must enter the per-user Active Directory attribute values in decimal values. The bit mask table in the Exadmin.chm file lists the values for each feature in decimal format. For additional information about extending the Active Directory schema for OWA segmentation purposes, see the Web version of the Exchange 2000 SP2 Help (Exadmin.chm) from the following Microsoft Web site:

http://www.microsoft.com/exchange/

After you find the Help topic, search for &quot;OWA and segmentation.&quot;

Additional query words: tiered licensing, provisioning

Keywords: kbhowto KB311154

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.