Using Offline Address Books
This topic discusses a variety of best practices for using offline address books. It discusses the effects that full offline address books can have on a network, as well as factors that need to be considered when using offline address books. In addition, it discusses the conditions that can cause company-wide full downloads of the offline address book.
Effects of Offline Address Book Downloads on the Network
Given that there are several cases that can cause a large number of full offline address book downloads, you should understand the effect on bandwidth that a large offline address book download will have on the network. The Exchange server can easily handle many download requests for the offline address book. As a result, multiple attempts to download a full offline address book over a slow link can saturate a network. (All the available bandwidth is being used.) When this happens, there are two significant effects:
Applications that need to use the wide area network (WAN) will perform slowly, because they wait for their network requests to traverse the saturated WAN link.
The actual traffic needed on the WAN will increase because individual network requests may time out resulting in additional requests being made.
When the network becomes saturated, the latency increases, not only the time that each client takes to download the offline address book, but the overall duration of the download process. Normally, this means that the data rate for each client is reduced. However, if the latency is too high, remote procedure call (RPC) packets will time out, causing additional RPC requests for the same data to be retrieved. Also, if someone is using Microsoft® Outlook® and the download is canceled or fails, Outlook will delete what has been downloaded and re-attempt the entire download. As a result, more data will be requested, increasing the overall duration of a large set of offline address book downloads.
When Outlook downloads the offline address book from the Exchange server, it will download the offline address book through a series of RPC packets. Each packet is received and acknowledged, and then the next packet is sent. Based on the latency between Outlook and Exchange, a single Outlook client is limited on how fast it can receive and acknowledge each packet. Because of this delay, a single Outlook client may not be able to saturate a network link. However, as more Outlook clients begin to download the offline address book, the combined download rate of all clients could saturate the link. The link will remain saturated until the full offline address books have been downloaded.
The relationship is linear, in that the larger the latency between the Outlook client and the Exchange server, the fewer packets can be received. Fewer clients will be able to download an offline address book before a slow link is saturated. The reverse is also true. If latency is low, more clients are needed to saturate a slow link. The number of Outlook clients that can download the offline address book simultaneously without saturating the WAN will increase as either network latency decreases or network bandwidth increases.
Factors to Consider with Offline Address Books
As a best practice, whether you use a single offline address book or multiple offline address books, it is important to consider a variety of factors that relate to the usage of offline address books. These factors include:
The size of each offline address book in your organization.
The number of offline address book downloads.
The number and frequency of parent distinguished named changes.
Simple Mail Transfer Protocol (SMTP) address mismatches.
The overall number of changes made to the directory.
Other conditions that trigger a full offline address book download.
Address Book Size
For some organizations, the offline address book is a small file that remote users occasionally download. For these organizations, downloading the offline address book is not a concern. However, for some large organizations that have large directories, or for organizations that have deployed Microsoft Office Outlook 2003 in Cached Exchange Mode, it may be a concern, especially if the organizations have consolidated Exchange servers into a regional datacenter.
Offline address book sizes can vary from a few megabytes to a few hundred megabytes. The following factors can affect the size of the offline address book:
The usage of certificates in a company. The more public key infrastructure (PKI) certificates, the larger the offline address book. PKI certificates range from 1 kilobyte (KB) to 3 KB. They are the single largest contributor to the offline address book size.
The number of mail recipients in the Active Directory® directory service.
The number of distribution groups in Active Directory.
The information that a company adds to Active Directory for each mailbox-enabled or mail-enabled object. For example, some organizations populate the address properties on each user; others do not. For information about the address attributes stored by default in the offline address book, see "User Attributes Stored in Offline Address Book Files" in Working with Exchange Server 2003 Stores.
For estimation purposes, the full offline address book size is approximately 1 MB per 1,000 users. If there are user certificates in the offline address book, this will add approximately from 1 to 3 KB per certificate.
In most Exchange environments, it has been estimated that you will see a 30 to 40 percent reduction in full offline address book file sizes after you upgrade your offline address book servers to Exchange Server 2003 SP2 and your Outlook clients to Outlook 2003 SP2. For more information about improvements that have been made in Exchange Server 2003 SP2 and Outlook 2003 SP2, see "Improvements in Exchange Server 2003 SP2 and Outlook 2003 SP2" in Improvements for Offline Address Books.
The size of the offline address book and the available network bandwidth directly relate to the time it will take for all Outlook clients to download the offline address book.
Address book size refers to the size of the compressed offline address book files on the Exchange Server, and not the uncompressed, expanded file size for the offline address book files on the Outlook client.
To determine duration of offline address book downloads, you must first determine the size of your full offline address book. You can use Exchange System Manager to determine the size of the offline address book. In Exchange System Manager, right-click Public Folders, and then click View System Folders. This will display system folders, including the offline address book folders. After expanding the offline address book folder, you will find the OAB Version 3a folder. On the right side, click the Content tab to display the contents of this folder. This will display the last 30 days of changes. The larger object with multiple attachments is the full offline address book, and the size can be determined by adding up the size of the attachments.
If many Outlook clients are attempting to download the full offline address book at the same time, this activity can take considerable time for all downloads to complete. For example, if an organization has a 10 MB offline address book, with 50 Outlook clients at a remote site, this equates to 500 MB of data to download. Using the full bandwidth of a 256 kilobits per second (Kbps) link (without latency), it would take approximately 4.5 hours to transfer the 500 MB download.
The 4.5 hour value was calculated by dividing 500 MB by 32 kilobytes per second (KBps) (32 KBps = 256 Kbps). This calculation does not take into account any network latency, the extra traffic due to RPC, or any other uses of the network link.
In addition, because Outlook uses MAPI and RPC to download the offline address book, a small amount of overhead is added to the total download. The latency between Outlook and the Exchange Server computer will limit how much of the overall bandwidth can be used for all the data to be transferred. Overall, each client may not take the entire time, but among all clients, the network will be used for the overall duration of the offline address book download.
Managing Offline Address Book File Sizes
In OAB v4, Exchange Server limits the size of single and multiple valued attributes to prevent abnormally large records from being included in the offline address book. On offline address book servers running Microsoft Exchange Server 2003 Service Pack 2 (SP2), you can configure Exchange Server to limit the size of specific property types within offline address book download files.
These settings only apply to the OAB v4 format generated by Exchange Server 2003 SP2 and used by Microsoft Office Outlook 2003 SP2 and later. Previous offline address book versions used by earlier Outlook clients are unaffected.
To help you track when Exchange Server limits the size of a value based on the settings that are configured, Exchange Server logs events in the Application Log. Specifically, with diagnostic logging level for the Services/MSExchangeSA object set to None, Exchange logs MSExchangeSA event 9320 indicating that information has been limited in the offline address book. There are multiple causes for MSExchangeSA event 9320. For information about troubleshooting MSExchangeSA event 9320, see the event article for that event in the Exchange Server 2003 Event Web site.
With the diagnostic level for the Services/MSExchangeSA object set to Medium, event 9359 is logged identifying the display name and MAPI ID of the property that has been limited.
The following table lists the four property types that you can limit and the default values and lower values that you can configure in the registry.
|Registry key name||Description||Default value (bytes)||Lower limit (bytes)|
OAL V4 String Limit
Single valued text-based Active Directory properties such as Display name, Telephone number, and Office location.
OAL V4 Binary Limit
Single valued binary-encoded Active Directory properties such as userCert.
OAL V4 String Multi Value Limit
Multi-valued text-based Active Directory properties such as Email Addresses, and Business and Home Telephone
OAL V4 Binary Multi Value Limit
Multi-valued binary-encoded Active Directory properties such as userSMIMEcertificate and userCertificate.
For Exchange Server and Outlook to properly operate, a specific set of attributes are not subject to property truncation or size limitations, including the following attributes:
For detailed steps about how to configure Exchange Server registry settings to limit the size of specific property types within offline address book download files, see How to Manage Offline Address Book File Sizes.
Parent Distinguished Name Changes
A parent distinguished name is part of a distinguished name (also known as DN) (in x.500 syntax) not including the final relative distinguished name. In the example /o=org/ou=site/cn=Recipients/cn=bob, the parent distinguished name is /o=org/ou=site/cn=Recipients, and the relative distinguished name is /cn=bob. The parent distinguished name table is the set of all parent distinguished names found in the directory. These names come from two attributes: legacyExchangeDN and proxyAddresses starting with "x500:" or "X500:".
The x.500 addresses are included only if they start with /o=orgname, where orgname is the actual name of the local Exchange Server organization, and if the server generating the offline address book is running Exchange Server 2003 SP1. This means x.500 addresses on users migrated from another organization will not be included. For Outlook 2003 clients that use OAB v4, differential downloads are used to update the offline address book after changes are made to parent distinguished names. However, for Outlook clients that use OAB v3a or earlier, a full download is forced when the set of found parent distinguished names changes.
If any one of the follow actions is performed, it can cause Outlook to perform a full offline address book download instead of an incremental or differential download:
Manually modifying a legacyExchangeDN attribute to create a parent distinguished name that did not exist previously. For example:
In native mode, changing a legacyExchangeDN attribute using an Active Directory editor, such as ADSI Edit, after moving a mailbox across administrative groups.
Modifying a legacyExchangeDN attribute correctly, but neglecting to add the previous distinguished name as an x.500 address. In this case, if this were the only object that had that parent distinguished name, the previous parent distinguished name would disappear from the directory.
With Exchange Server 5.5 and using the Active Directory Connector (ADC), creating a new container in Exchange Server 5.5 and inserting an object into it, or deleting the last object in an Exchange Server 5.5 container.
With Exchange Server 5.5 and using the ADC, and with the ADC set to replicate the container hierarchy to Exchange Server 5.5 (which is the default setting for ADC tools), creating and mail-enabling an object in a new Active Directory container. The ADC will create the new container in Exchange Server 5.5 and back-replicate the new Exchange Server 5.5 distinguished name as the legacyExchangeDN attribute of the Active Directory object. In this way, changes in the Active Directory hierarchy have the potential to add new parent distinguished names.
Adding an administrative group. The first mail-enabled object (mailbox, contact, or distribution group) created in this administrative group will cause a new parent distinguished name to show up in the directory.
Deleting the last object with a particular parent distinguished name in its legacyExchangeDN or proxyAddresses attribute. For example, three years after consolidating and deleting a site, delete the last mailbox formerly in that site. The x.500 placeholder is gone and changes the content of the parent distinguished name table.
Adding, removing, or modifying an x.500 proxy address. The Active Directory Users and Computers tool allows this type of change. If the x.500 address is in the local organization, but the organizational unit (/ou=<sitename>) and containers (/cn=Recipients/cn=<mailnickname>) are new or mistyped, a parent distinguished name will be added or deleted from the table.
When migrating users from a separate forest (such as a company merger or separate e-mail forest), adding the old legacyExchangeDN attribute as an x.500 proxy will force a full download of the offline address book if the /o=<orgname> is the same, and a new parent distinguished name is created.
There are some actions that you can take that affect parent distinguished names, but do not cause Outlook to perform a full download of the offline address book. These actions include:
Performing site consolidation mailbox moves in a mixed-mode environment The old parent distinguished name is saved in proxyAddresses attribute and no new parent distinguished names are created.
Creating a mail-enabled object using Active Directory Users and Computers Exchange 2000 Server and Exchange Server 2003 always use the same parent distinguished name (/o=<org>/ou=<admingroup>/cn=Recipients container) because the legacyExchangeDN attribute hierarchy is no longer easily exposed to the user. However, in a mixed-mode Exchange organization, if the newly created object is in a new container, and the Active Directory Connector connection agreement is configured to replicate the hierarchy, a full download of the offline address book can occur.
Deleting an administrative group Mailboxes must be removed from the administrative group before deletion, and deleting the administrative group does not affect the x.500 addresses of existing mail-enabled objects, nor does it affect the legacyExchangeDN attribute of mail recipients.
Modifying the legacyExchangeDN Value
Changing a user's legacyExchangeDN attribute is a drastic step that, among other things, requires the re-creation of the user's Outlook profile. For Cached Exchange Mode users, this action means re-synchronizing their offline store file (.ost file) and re-downloading their offline address book. However, there are valid reasons for changing a legacyExchangeDN attribute. For example, if you are using Key Management Service to provide certificates for use with digitally signed messages and a user moves between sites, you will need to change their legacyExchangeDN attribute. Key Management Service servers are deployed on a per-site basis, and users must have the correct parent distinguished name to reflect the site from which they are getting a certificate.
You should inspect carefully any modifications to the legacyExchangeDN attribute to prevent typographical mistakes such as the following:
Addition or deletion of leading or trailing spaces. If the entry has a leading or trailing space because of a previous change, the leading or trailing space should remain.
Verification that the attribute does not contain a colon (:). A common error occurs by copying a legacyExchangeDN attribute from LDP.exe because LDP.exe separates the attribute name from the value by a colon and a space ": ".
Misspelling of any one of the container names, especially Recipients.
The legacyExchangeDN attribute values should not contain a trailing semicolon. Some tools, such as LDP.exe, use the semicolon to delimit values in a multi-valued attribute.
The proxyAddresses attribute is a multi-valued attribute. LDP.exe displays multi-valued attribute values as a string delimited by semicolons, although this is for display only. Do not try to enter a semicolon-delimited list of proxy addresses into your Active Directory editor.
The legacyExchangeDN attribute value begins with something other than the following:
/o= or /O=
If you discover a malformed legacyExchangeDN attribute, you must carefully research the proper corrective measure. For Outlook 2003 clients that use OAB v3a or earlier, full downloads of the offline address book are triggered because of changes to the legacyExchangeDN attributes, and changing from one invalid parent distinguished name to another invalid parent distinguished name will cause a download to occur. However, Outlook clients that use OAB v4 can use differential downloads to update the offline address book after changes are made to legacyExchangeDN attributes.
Entries with invalid legacyExchangeDN attributes may not have an adverse effect on your environment, but trying to correct the entry can cause problems if not performed correctly.
Overall Number of Directory Changes
Company-wide full downloads of the offline address book may result from too many changes in the directory to attributes that are stored by the offline address book. By default, Outlook compares the total size of the compressed Changes.oab files on the server that are required to update the client offline address book to the total size of all the compressed full offline address book files on the server.
Outlook Clients That Use OAB v2 and v3a
For Outlook clients that use OAB v2 and v3a, if the size of the Changes.oab files is one-eighth (or more) the size of the full offline address book files, Outlook will initiate a full offline address book download.
For example, if the current Outlook client sequence of the offline address book is 4 and the server sequence of the offline address book is 10, Outlook will first obtain the total size of the compressed Changes.oab files on the server that are required to reach sequence 10. That is, Outlook will obtain the size of the compressed Changes.oab files for sequences 5 through 10. Outlook will then obtain the total size of all the compressed full offline address book files on the server, including the templates. If the size of the Changes.oab files is greater than one-eighth the size of the full offline address book files, Outlook will download the full offline address book instead of the incremental files.
Some small changes to recipient attributes will cause all information about a recipient to be included in the Changes.oab file. The following are examples of these small changes:
Updating phone numbers to reflect a new area code on a large set of recipients
Adding an additional proxy address on a large set of users
Therefore, changing just a few bytes on each of half of your recipients could create a Changes.oab file that is larger than one-eighth your full offline address book.
For detailed instructions about how to modify the one-eighth rule, see How to Modify the One-Eighth Rule.
Outlook Clients That Use OAB v4
For Outlook clients that use OAB v4, if the size of the Changes.oab files is one-half (or more) the size of the full offline address book files, Outlook will initiate a full offline address book download. For more information about improvements that have been made in OAB v4, see "Improvements in Exchange Server 2003 SP2 and Outlook 2003 SP2" in Improvements for Offline Address Books.
For more information about the attributes that are included in the offline address book, see the topic "Setting up Servers to Support Offline Address Books" in Working with Exchange Server 2003 Stores (http://go.microsoft.com/fwlink/?LinkId=47595).
Other Conditions That Cause Full Download
In addition to the conditions described earlier, there are other circumstances in which Outlook will perform a full offline address book download. These include:
There is no offline address book on the client computer. This condition may occur if Outlook has not performed an initial complete synchronization.
There is a differential file missing on the server. Outlook cannot update to the current version without it. This behavior may occur if one of the following conditions is true:
You did not start Outlook (to log on to your Exchange mailbox) for more than 30 days. The server policy permits only 30 days of differential files.
There was an error on the server, and it did not generate the differential file for a day.
The version on the server and the version on the client do not match. There is a more recent version of the offline address book present on the server. For example, Version 4 (Unicode offline address book) is now available, and you previously downloaded a Version 3a offline address book.
Applying changes to the offline address book failed. For example, differential files are corrupted on the server. Corruption may occur if the server goes down during differential file generation.
One or more offline address book files are not present on the client computer. For example, a user accidentally deletes one of the offline address book files on the user's computer.
A previous full download failed, and Outlook has to start from the beginning.
You manually download the full offline address book.
The public folder store containing the only copy of the offline address book is lost, and replaced with a new database and new offline address book. To prevent this from occurring, it is recommended that you replicate the offline address book folders to at least two public folder servers (the original server and one replica).
When Outlook 2003 is initially deployed in Cached Exchange Mode, it will download a full offline address book. If you are initially deploying a large number of Outlook clients using Cached Exchange Mode, this will cause a large download of the full offline address book as a new offline address book is downloaded by each new install of Outlook 2003.
The public folder that Outlook uses for the offline address book is based on the msExchUseOAB attribute of the private information store. If a mailbox is moved to a different server with a different offline address book, Outlook will download a new offline address book. If a large number of mailboxes are moved between mailbox stores and the target store is configured to use a different offline address list, this will cause a full offline address book download for these mailboxes.
When a mailbox is moved from an Exchange Server 5.5 server to an Exchange Server 2003 server, the Exchange Server 2003 server will direct Outlook to a newer Unicode version of the offline address book. For all mailboxes moved from an Exchange Server 5.5 server to an Exchange Server 2003 server, Outlook will download a new offline address book. If a large number of mailboxes are moved from Exchange Server 5.5 to Exchange Server 2003, this will trigger a large number of full offline address book downloads for these mailboxes.
When a user has multiple MAPI profiles on the same Outlook client computer and they switch between the two profiles that both use Cached Exchange Mode, multiple full offline address book downloads of the same offline address book files will occur. Outlook supports only one offline address book per user account on a computer. If you have multiple profiles, only one profile can download the offline address book. If you have to use two or more profiles that use Cached Exchange Mode, make sure that one of the profiles is configured to not download the offline address book.
Minimizing Offline Address Book Download Effect on Network
If your organization needs to minimize the effects of the full offline address book downloads across a WAN link, there are some best practices you can employ using Exchange Server 2003 SP1.
Limit large sets of full offline address book downloads The first option is to limit large sets of full offline address book downloads as much as possible. The previous section lists conditions that will cause Outlook to download a full offline address book, either through mailbox moves, large changes in the directory, or changes to the parent distinguished name table. As a best practice, you should review these conditions, and determine what can be done to limit the cases that cause a full offline address book download.
If many Outlook clients are downloading the full offline address book on a given day, this may cause high bandwidth utilization, especially over a slow link. Although the daily change file is usually small, the full offline address book can be a considerable size because it contains the entire global address list (GAL) by default. In addition, because the offline address book is downloaded individually by each Outlook client, the impact on the bandwidth used will increase based on the number of Outlook clients downloading the offline address book. For example, if an organization's full offline address book is 10 megabytes MB in size, and 20 Outlook clients at a remote site try to download the full offline address book on the same day, 200 MB of data will be downloaded across the WAN to the remote site.
Filter certificates to limit the size of the offline address book In Exchange Server 2003, the Exchange offline address book service (OABGen) has the ability to filter unneeded attributes, including extra certificates that are not used by Outlook. Certificates are the largest single attribute stored in the offline address book. Filtering unneeded certificates can achieve a 35 percent to a 50 percent reduction in the size of the offline address book.
There are three different certificate attributes in Active Directory. However, only some of these certificates are used for encrypting and signing e-mail messages. Certificates that are not used by Outlook, such as those used for the Encrypting File System and 802.1x authentication, are filtered from the offline address book. Expired certificates are also filtered from the offline address book.
Certificate filtering is enabled by default in Exchange Server 2003 SP1, and no other actions are required to use this feature. If wanted, you can control the certificate filtering behavior by editing the registry on the Exchange server.
For detailed instructions, see How to Configure Certificate Filtering for Offline Address Books.
Consider using the No Details offline address book for remote Outlook clients The No Details offline address book is an option for remote Outlook clients that provides them with a minimal offline address book. This offline address book version is small and only contains the display name, primary SMTP address, office location, surname, and mailnickname.
Benefits The No Details offline address book is small, so the cost of the download is limited.
Limitations Any time Outlook tries to retrieve details information about an address, Outlook performs an online request directly to Active Directory for the details. Offline access has limited information, so this option is not viable for portable computer users that are primarily offline.
OAB v4 does not have a No Details mode. Therefore, using the No Details option has no affect for clients that use OAB v4.
Consider a remote offline address book-only server for remote Outlook clients An Exchange public folder server can be installed at a remote site to host an offline address book. All remote clients at this remote site download the offline address book from the local Exchange public folder server.
Benefits Downloads of the full offline address book do not impact the WAN. A full mailbox server is not required, so mailbox servers can still be consolidated to a central location.
Limitations An extra server is required at the remote site.
Limit the number of users that access Exchange across a remote link The impact of the full offline address book download is directly related to the number of users downloading the offline address book. Your organization may need to consider how many remote Outlook clients can be supported across a WAN before the impact of a full offline address book download is too high, and limit the number of remote clients as needed.
Implement offline address book throttling You can prevent overloading an Exchange server's network adapter or the network to which it is attached by using the throttling mechanism introduced in Exchange Server 2003 SP1. This feature allows administrators to limit the network bandwidth used by offline address book downloads by setting a bandwidth threshold.
By default, this throttling feature is turned off. You can activate the feature by adding the registry entry to all public folder servers that host offline address book system folders. For more information, see "Offline Address Book Download Throttling" in Improvements for Offline Address Books.
Generating a Full Offline Address Book Download File When a Differences File Cannot Be Generated
In Exchange Server 2003 SP2, in some cases, although Exchange Server determines that a differences download is more efficient, Exchange Server may be unable to generate a differences file for clients that do not use OAB v4. In versions of Exchange Server earlier than Exchange Server 2003 SP2, a full offline address book download is always forced in this case.
Only Outlook 2003 clients that run Outlook 2003 SP2 in the Unicode format use OAB v4. For information about different versions of the offline address book, and the client and server versions used with each, see "Exchange Server 2003 and Office Outlook 2003 Offline Address Book Compatibility" in Deployment Scenarios for Outlook 2003.
Under the following conditions, Exchange Server will not automatically force a full offline address book download:
Outlook clients do not use OAB v4.
The offline address book server running Exchange Server 2003 SP2 determines that a differences download is more efficient.
A differences file cannot be generated on a server running Exchange Server 2003 SP2.
Instead, Exchange Server logs MSExchangeSA event 9360 indicating that it was unable to produce a differences file and will not produce a full offline address book file. The description in the event specifies what changed in the directory that caused the problem. In this case, your users will not be able to receive offline address book updates until the problem is corrected. The following is an example event for MSExchangSA event 9360:
OALGen encountered an error while generating the Changes.oab file for version 2 and 3 differential downloads of address list '\Global Address List'. The offline address list has not been updated so clients will not be able to download the current set of changes. Check other logged events to find the cause of this error.
If the cause of the problem was intentional or cannot be resolved, you can edit the registry to force OALGen to post a full offline address list. After the list is created, the registry key should be removed to prevent further full downloads.
If you notice that the change in the directory was intentional, you may want to change the default behavior of the offline address book server so that full offline address book downloads are generated when a differences download cannot be generated.
OAB v4 (when used by Outlook clients that run Outlook 2003 SP2 in the Unicode format) resolves the issues that prevent the server from generating a differences file.
For more information about offline address book performance improvements in Exchange Server 2003 SP2 and Outlook 2003 SP2, see "Improvements in Exchange Server 2003 SP2 and Improvements in Outlook 2003 SP2" in Improvements for Offline Address Books.