I must say that from all the articles I wrote for MSExchange.org, Shared Hosting with Exchange 2007 was the one I received more comments from (which is good).
Besides the usual help requests, I got some really nice comments and suggestions. One of these suggestions was from Nick Russo and had to do with the AD attribute addressBookRoots.
As you may recall, in part 2 of the article, I state that we must add the distinguished name of each Address List to the addressBookRoots attribute.
Nick alerted me that this could break Offline Address Book creation/replication, so I decided to do some further investigation. Knowledge Base Article 297801 says:
"You cannot specify both a parent container and a child of that parent as an address book root. For example, if you enter All Address Lists as an address book root, it has to be the only address book root. All your other address lists are listed under All Address Lists; if you enter both the parent object and child objects that exist under this parent object, you enter the child objects more than once. When you do so, Check Names and all other Global Address List and NSPI operations do not succeed."
Then I checked my test environment and noticed that, although the picture from the article shows the "All Address Lists", I only have the CONTROL AL and KAOS AL in my lab.
The official document from Microsoft, Configuring Virtual Organizations and Address List Segregation in Exchange 2007, doesn't mention addressBookRoots either.
So, here's my advice:
- Leave the attribute addressBookRoots as it is, everything should work as expected.
- If you decide to add other Address Lists, in case they are a child of "All Address Lists", remove this entry from addressBookRoots as it may break Offline Address Book creation/replication.