Re: Virtual List View functionality in ADAM and Outlook
From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 11/04/04
- Next message: Rich Riopel: "Re: ADAM logging"
- Previous message: Dmitri Gavrilov [MSFT]: "Re: LDAP Query From Outlook 2002 to 2003 Server"
- In reply to: Matt Totty (LMCO/USAF): "Re: Virtual List View functionality in ADAM and Outlook"
- Next in thread: Lee Flight: "Re: Virtual List View functionality in ADAM and Outlook"
- Reply: Lee Flight: "Re: Virtual List View functionality in ADAM and Outlook"
- Reply: Al Mulnick: "Re: Virtual List View functionality in ADAM and Outlook"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 4 Nov 2004 11:56:09 -0700
If people from each base live in a separate OU, then you can get away with
setting up multiple LDAP sources, each with a different search base, like
Lee described. Plus you can have one global list that includes everybody.
If you have people that need to appear in multiple address books, then we
might be able to craft something up for you, using showInAB attribute.
However, it will also require changes to Outlook, because it is currently
sends a generic filter (&(cn=*)(mail=*)) for generic LDAP sources. You'd
need it to pass a different filter, similar to the one it uses for AD,
involving (showInAB=AB-name) clause.
-- Dmitri Gavrilov SDE, Active Directory Core This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Matt Totty (LMCO/USAF)" <MattTottyLMCOUSAF@discussions.microsoft.com> wrote in message news:C9C60B82-A063-49C9-AB93-EFB9CAEB576A@microsoft.com... > Thank you gentlemen. > > Dmitri- we do currently use MIIS to bring all of our entries into ADAM from > multiple AD's. I am trying to OFFLOAD the GAL to ADAM so that each instance > of MIIS (15 severs curently) does not have to worry about crunching through 1 > million entries. We currently do a push and pull- and I want to do pulls > only- to ADAM and have the end user hit ADAM for GAL purposes. In our case it > greatly reduces a lot of overhead. Overhead from an MIIS point of view and > also from an AD point of view. Today a million objects- tomorrow millions > more as the Air Force will have a need to integrate other services- NAVY, > Army, into their Global. I see this coming and am trying to come up with a > solution that is going to keep us from failing. Have you ever synchronized a > million entries in MIIS? ;) > > Lee- we only pull contact information- we exclude distribution lists. > > So something to consider from a technical standpoint- I do not want to even > go off on a cost and development tanget- is to somehow integrate features > into Outlook/ADAM that will enable Address Book View functionality. Is this > something that is just too wild to consider? It seems on a high level that > since ADAM and AD are closely married this would be something that is at > least achievable from a technical standpoint. I am not of the school that you > would even want to have a view by base since I can type in a last name and > have the entries appear. But this is the military and they demand it. > > As far as LDAP instances go- We have close to 108 bases- so that is not > going to be a solution. > > For the tactical untis ( people fighting the wars) in the middle east and > elsewhere- they are going to love the fact that they can access the GAL via > ADAM. > > > "Lee Flight" wrote: > > > Following from Dmitri, you can change the name of the service that > > appears in the drop-down. I currently have Outlook 2003 running on > > WinXP with three LDAP address books LDAP1,LDAP2 and LDAP3 > > in the drop-down, respectively pointing to: > > > > an ou in an application partition in an ADAM instance > > > > a container in a different application partition in the same ADAM instance > > > > an ou in an application partition in a different ADAM instance, this one > > is ADAMsync'ed from AD > > > > all instances are on the same WinXP box > > > > A couple of other things to think about are: > > > > what objects you will have in the address list, contacts will be fine > > but you will have problems, I think, if you need to handle Distribution > > Lists that might exist in your Exchange GAL > > > > what credentials that you will be using to bind to the ADAM instance, > > I'm presuming that the outloook clients are domain based. I just wondering > > if there is a way of using permissions for the binding user to return the > > appropriate "view" (if you are using restricted views in that way). > > > > > > Lee Flight > > > > > > "Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in message > > news:e2vZQjfwEHA.3936@TK2MSFTNGP10.phx.gbl... > > > Ah, you are using Outlook. Then your choices are somewhat limited. > > > > > > First of all, you can only have a single "address book" entry per LDAP > > > service in the dropdown. You can certainly point it at ADAM, and it will > > > work just fine (after you apply the QFE and create a subtree-ized index > > > for > > > CN). > > > > > > I guess you can configure multiple LDAP services, pointing to the same > > > ADAM > > > instance, each with a different search base -- this will give you an > > > illusion of multiple address books. I am not sure if you can control the > > > name of the service that appears in the drop-down. The other limitation is > > > that you can not have one user belong to multiple "address books", because > > > you can not have it in two different containers at the same time. > > > > > > However, if you just need to support a single GAL, then you can certainly > > > push it into ADAM. Take a look at adamsync (currently in beta), that will > > > help you to bring data from AD into ADAM and keep it in sync. > > > Alternatively, > > > you can use MIIS to do the syncing. IIFP (MIIS-lite) is free -- it will > > > work > > > for AD-ADAM synchronization. > > > > > > -- > > > Dmitri Gavrilov > > > SDE, Active Directory Core > > > > > > This posting is provided "AS IS" with no warranties, and confers no > > > rights. > > > Use of included script samples are subject to the terms specified at > > > http://www.microsoft.com/info/cpyright.htm > > > > > > "Matt Totty (LMCO/USAF)" <MattTottyLMCOUSAF@discussions.microsoft.com> > > > wrote > > > in message news:761F533D-F25D-4077-BE60-82AAEC4DFBF1@microsoft.com... > > >> We need to be able to present the end user with a drop down view of Air > > > Force > > >> bases using outlook/ADAM. Currently- the user achieves this via an > > > Exchange > > >> address book view based on SMTP address in their respective Active > > >> Directories. If I can somehow do the same thing using Outlook/ADAM, then > > > the > > >> Air Force can effectivly offload thier Global Address List to ADAM. There > > > are > > >> multiple reasons why we would like to do this which I can describe in > > >> more > > >> detail if you wish. But the main point I am trying to make is that we > > >> need > > > to > > >> achieve a similar end user experience with the end user using ADAM as he > > >> would by using the AD/Exchange ABV. If we can even come close that would > > > be > > >> outstanding. > > >> > > >> "Dmitri Gavrilov [MSFT]" wrote: > > >> > > >> > Hmm. ADAM base schema does not include showInAddressBook attribute, > > > which > > >> > means all special logic that exists in AD for this attribute will not > > > work > > >> > (even if you import it). So, you will have to implement your own > > > solution > > >> > based on regular LDAP queries (including VLV, if you need it). > > >> > > > >> > If you define your scenario in more detail, we might be able to > > >> > generate > > >> > some ideas. > > >> > > > >> > -- > > >> > Dmitri Gavrilov > > >> > SDE, Active Directory Core > > >> > > > >> > This posting is provided "AS IS" with no warranties, and confers no > > > rights. > > >> > Use of included script samples are subject to the terms specified at > > >> > http://www.microsoft.com/info/cpyright.htm > > >> > > > >> > "Matt Totty (LMCO/USAF)" <MattTottyLMCOUSAF@discussions.microsoft.com> > > > wrote > > >> > in message news:A2ACA407-6E20-4FE1-BF1D-DE99D61A873A@microsoft.com... > > >> > > Thank you - this is outstanding information. > > >> > > > > >> > > The last question I have now before I get the patch and begin testing > > > is > > >> > this. > > >> > > > > >> > > Is there a way to create ABV type views within ADAM? It may be a > > > stretch, > > >> > > but this is the final piece of the puzzle before I lay out my > > > proposal. > > >> > The > > >> > > end user would like to be able to drill down by AF base level.Thanks > > > guys. > > >> > > > > >> > > "Dmitri Gavrilov [MSFT]" wrote: > > >> > > > > >> > > > The second bit (contanerized index) is useful for one-level VLV > > >> > searches. > > >> > > > Basically, it is the index on (parentID + attributeValue). This > > > index is > > >> > > > useless for subtree searches, the ones that Outlook does for > > >> > > > generic > > >> > LDAP > > >> > > > sources. > > >> > > > > > >> > > > The new index (subtree-ized index) is on (ancestorID + > > > attributeValue). > > >> > Note > > >> > > > that ancestorID has multiple values, one for each ancestor of the > > > given > > >> > > > node. This index allows to run subtree searches by fixing the > > > ancestorID > > >> > to > > >> > > > the ID of the search base, and then using the corresponding index > > > range > > >> > for > > >> > > > VLV window positioning. > > >> > > > > > >> > > > If there's no index that can be used for VLV, then we perform the > > >> > complete > > >> > > > search and dump the results into a temp table, then use it for > > > window > > >> > > > positioning. However, if the search is too large (more than 10000 > > >> > entries by > > >> > > > default -- defined by an ldap policy), then we fail with > > >> > > > unavailable > > >> > > > extension error. > > >> > > > > > >> > > > -- > > >> > > > Dmitri Gavrilov > > >> > > > SDE, Active Directory Core > > >> > > > > > >> > > > This posting is provided "AS IS" with no warranties, and confers no > > >> > rights. > > >> > > > Use of included script samples are subject to the terms specified > > >> > > > at > > >> > > > http://www.microsoft.com/info/cpyright.htm > > >> > > > > > >> > > > "Lee Flight" <lef@le.ac.uk-nospam> wrote in message > > >> > > > news:#vv5CTMwEHA.3808@TK2MSFTNGP15.phx.gbl... > > >> > > > > What does this kind of index do? I had thought that the 2nd bit > > >> > > > > was for VLV functionality... > > >> > > > > > > >> > > > > Thanks > > >> > > > > Lee Flight > > >> > > > > > > >> > > > > "Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in > > >> > message > > >> > > > > news:OF6YQOKwEHA.3624@TK2MSFTNGP09.phx.gbl... > > >> > > > > > The indexing is done in the background. When the index is > > >> > > > > > built, > > > an > > >> > > > event > > >> > > > > > is > > >> > > > > > logged. > > >> > > > > > > > >> > > > > > To create the index, you need to set the 6th bit (64) of > > >> > searchFlags. > > >> > > > > > SchemaMgmt snapin does not know about this bit, so you'll have > > > to > > >> > use > > >> > > > LDP > > >> > > > > > or > > >> > > > > > ADSIEdit or script it. > > >> > > > > > > > >> > > > > > -- > > >> > > > > > Dmitri Gavrilov > > >> > > > > > SDE, Active Directory Core > > >> > > > > > > > >> > > > > > This posting is provided "AS IS" with no warranties, and > > >> > > > > > confers > > > no > > >> > > > > > rights. > > >> > > > > > Use of included script samples are subject to the terms > > > specified at > > >> > > > > > http://www.microsoft.com/info/cpyright.htm > > >> > > > > > > > >> > > > > > "Matt Totty (LMCO/USAF)" > > >> > <MattTottyLMCOUSAF@discussions.microsoft.com> > > >> > > > > > wrote > > >> > > > > > in message > > >> > news:B007DE46-306A-49BB-BC9B-BCC177A883B8@microsoft.com... > > >> > > > > >> Do you have to stop and restart ADAM for the index to take > > > effect? > > >> > > > > >> Is there a way to monitor the indexing or does it just crunch > > > along > > >> > in > > >> > > > > >> the > > >> > > > > >> background? > > >> > > > > >> > > >> > > > > >> "Dmitri Gavrilov [MSFT]" wrote: > > >> > > > > >> > > >> > > > > >> > There's a hotfix that enables VLV functionality in ADAM. Get > > >> > 838474 > > >> > > > or > > >> > > > > >> > a > > >> > > > > >> > later hotfix (e.g. 840901). Note you will need to create a > > > new > > >> > index > > >> > > > > >> > (subtree-ized index on cn attribute). > > >> > > > > >> > > > >> > > > > >> > -- > > >> > > > > >> > Dmitri Gavrilov > > >> > > > > >> > SDE, Active Directory Core > > >> > > > > >> > > > >> > > > > >> > This posting is provided "AS IS" with no warranties, and > > > confers > > >> > no > > >> > > > > > rights. > > >> > > > > >> > Use of included script samples are subject to the terms > > > specified > > >> > at > > >> > > > > >> > http://www.microsoft.com/info/cpyright.htm > > >> > > > > >> > > > >> > > > > >> > "Matt Totty (LMCO/USAF)" <Matt Totty > > >> > > > > > (LMCO/USAF)@discussions.microsoft.com> > > >> > > > > >> > wrote in message > > >> > > > > > news:B06762D3-1114-46C6-8D84-1F55BDF229AC@microsoft.com... > > >> > > > > >> > > I have an ADAM instance with 800-900K objects. > > >> > > > > >> > > > > >> > > > > >> > > It serves as the LDAP repository for all of our connected > > > MIIS > > >> > > > > > servers. > > >> > > > > >> > > What we have found is that it is very difficult at best to > > >> > perform > > >> > > > > >> > > any > > >> > > > > >> > type > > >> > > > > >> > > of bulk operation on an MIIS server with a million > > >> > > > > >> > > objects. > > >> > It's a > > >> > > > > >> > management > > >> > > > > >> > > nightmare. > > >> > > > > >> > > > > >> > > > > >> > > We are primarily using MIIS as a GAL synchronization > > > mechanism > > >> > and > > >> > > > > > plan to > > >> > > > > >> > > use it for workflow provisioning type scenarios in the > > > future. > > >> > > > > >> > > > > >> > > > > >> > > To alleviate the GAL issue and a host of others, I thought > > > it > > >> > would > > >> > > > > >> > > be > > >> > > > > >> > > interesting to experiment connecting directly from a > > >> > > > > >> > > client > > > to > > >> > an > > >> > > > > >> > > ADAM > > >> > > > > >> > > instance with all of the objects. > > >> > > > > >> > > > > >> > > > > >> > > To make this solution work, I need a smiliar look and feel > > > as > > >> > users > > >> > > > > >> > > currently get with their AD/Exchange GAL implementati ons. > > >> > > > > >> > > > > >> > > > > >> > > I have noticed that the virtual list view fucntionality > > > doesn > > >> > not > > >> > > > > >> > > work > > >> > > > > >> > > properly when connecting to ADAM. Every time I connect I > > > get an > > >> > > > > >> > unavailable > > >> > > > > >> > > critical extension error. > > >> > > > > >> > > > > >> > > > > >> > > Are there any plans to integrate the outlook client closer > > > with > > >> > > > ADAM > > >> > > > > > and > > >> > > > > >> > to > > >> > > > > >> > > include the VLV fucntionality to support this number of > > > users? > > >> > > > > >> > > > > >> > > > > >> > > There are third party tools and directories that we can > > > also > > >> > play > > >> > > > > >> > > with > > >> > > > > > to > > >> > > > > >> > > get this solution to work- and we have proven one already. > > > But > > >> > > > things > > >> > > > > >> > would > > >> > > > > >> > > be much simpler if they ran "out of the box". Any opinions > > > or > > >> > > > > > direction is > > >> > > > > >> > > appreciated. > > >> > > > > >> > > > > >> > > > > >> > > Thanks > > >> > > > > >> > > > >> > > > > >> > > > >> > > > > >> > > > >> > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > >> > > > >> > > > > > > > > > > > > >
- Next message: Rich Riopel: "Re: ADAM logging"
- Previous message: Dmitri Gavrilov [MSFT]: "Re: LDAP Query From Outlook 2002 to 2003 Server"
- In reply to: Matt Totty (LMCO/USAF): "Re: Virtual List View functionality in ADAM and Outlook"
- Next in thread: Lee Flight: "Re: Virtual List View functionality in ADAM and Outlook"
- Reply: Lee Flight: "Re: Virtual List View functionality in ADAM and Outlook"
- Reply: Al Mulnick: "Re: Virtual List View functionality in ADAM and Outlook"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
