If your organization needs to minimize the effects of the full offline address book downloads across a WAN link, there are some best practices you can employ.
• Limit large sets of full offline address book downloads The first option is to limit large sets of full offline address book downloads as much as possible. The previous section lists conditions that will cause Outlook to download a full offline address book, either through mailbox moves, large changes in the directory, or changes to the parent distinguished name table. As a best practice, you should review these conditions, and determine what can be done to limit the cases that cause a full offline address book download.
If many Outlook clients are downloading the full offline address book on a given day, this may cause high bandwidth usage, especially over a slow link. Although the daily change file is usually small, the full offline address book can be a considerable size because it contains the entire global address list (GAL) by default. Additionally, because the offline address book is downloaded individually by each Outlook client, the impact on the bandwidth used will increase based on the number of Outlook clients downloading the offline address book. For example, if an organization’s full offline address book is 10 MB in size, and 20 Outlook clients at a remote site try to download the full offline address book on the same day, 200 MB of data will be downloaded across the WAN to the remote site.
• Filter certificates to limit the size of the offline address book – In Exchange Server 2003, the Exchange offline address book service (OABGen) has the ability to filter unneeded attributes, including extra certificates that are not used by Outlook. Certificates are the largest single attribute stored in the offline address book. Filtering unneeded certificates can achieve a 35 percent to a 50 percent reduction in the size of the offline address book. For more information see this blog: http://blogs.msdn.com/dgoldman/archive/2006/04/29/OAB-property-filtering-for-Exchange-2003-Service-Pack-2-OAB-Version-4.aspx
There are three different certificate attributes in Active Directory. However, only some of these certificates are used for encrypting and signing e-mail messages. Certificates that are not used by Outlook, such as those used for the Encrypting File System and 802.1x authentication, are filtered from the offline address book. Expired certificates are also filtered from the offline address book. For more information on OAB Certificate filtering see this blog: http://msexchangeteam.com/archive/2005/07/25/408188.aspx
Certificate filtering is enabled by default in Exchange Server 2003 SP1, and no other actions are required to use this feature. If wanted, you can control the certificate filtering behavior by editing the registry on the Exchange server.
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
To configure certificate filtering for offline address books
1. On the Exchange Server computer, open a registry editor, such as Regedit.exe or Regedt32.exe.
2. Navigate to: HKeyLocalMachine\System\CurrentControlSet\Services\MSExchangeSA\Parameters.
3. Right-click Parameters and select New | DWORD value. Name the DWORD value OAL Invalid Cert Behavior.
4. In the right pane, double-click OAL Invalid Cert Behaviour and type the desired value:
- 0 – Filter out expired and invalid certificates (default)
- 1 – Filter out only expired certificates
- 2 – Do not filter the UserCertificate attribute
5. Close the registry editor and restart the Microsoft Exchange System Attendant service for the change to take effect.
• Use OABInteg to find your offending objects – OABInteg now has the ability to detect the size of the oab objects. Running the OABSizer_v3 or OABSizer_v4 tests will display the gal objects and the sizes of all the attributes included. This can help you to reduce the overall size of your OAB. You can dowload OABInteg here: http://gotdotnet.com/Community/UserSamples/Download.aspx?SampleGuid=A2338E73-F521-4071-9B1D-AAF49C346ACD
• Consider using the No Details offline address book for remote Outlook clients – The No Details offline address book is an option for remote Outlook clients that provides them with a minimal offline address book. This offline address book version is small and contains only the display name, primary SMTP address, office location, surname, and mailnickname.
• Benefits – The No Details offline address book is small, so the cost of the download is limited. Note: With the addition of OAB Version 4 we no longer use the No Details method.
• Limitations – Anytime Outlook tries to retrieve details information about an address, Outlook performs an online request directly to Active Directory for the details. Offline access has limited information, so this option is not viable for portable computer users who are primarily offline.
• Consider a remote offline address book-only server for remote Outlook clients – An Exchange public folder server can be installed at a remote site to host an offline address book. All remote clients at this remote site download the offline address book from the local Exchange public folder server.
• Benefits – Downloads of the full offline address book do not affect the WAN. A full mailbox server is not required, so mailbox servers can still be consolidated to a central location.
• Limitations – An extra server is required at the remote site.
• Limit the number of users that access Exchange across a remote link – The effect of the full offline address book download is directly related to the number of users downloading the offline address book. Your organization may need to consider how many remote Outlook clients can be supported across a WAN before the effect of a full offline address book download is too high, and limit the number of remote clients as needed.
• Implement offline address book throttling – You can prevent overloading an Exchange server’s network adapter or the network to which it is attached by using the throttling mechanism introduced in Exchange Server 2003 SP1. This feature allows administrators to limit the network bandwidth used by offline address book downloads by setting a bandwidth threshold.
By default, this throttling feature is turned off. You can activate the feature by adding the registry entry to all public folder servers that host offline address book system folders. For more information, see “Offline Address Book Download Throttling” in Improvements for Offline Address Books.