4.6 The Offline Address Book (OAB)

The OAB is a point-in-time snapshot that holds address and other information about mail-enabled objects fetched from the AD. MAPI clients can download the OAB to enable offline validation of addresses in message headers. In fact, you have to download the OAB before you can do more than just read email offline. Apart from restricting access to a smaller set of properties for users and contacts than they can see in the online GAL, users perceive no practical difference between the GAL and OAB, since the AD is the common source. If you opt to download full details from the OAB, all the information presented on the pages that hold General (Figure 4.23), Phone/Notes, and email address properties is available online or offline. However, any data that depends on pointers to other directory objects is unavailable offline. This includes organizational data, such as pointers to AD objects for managers and their direct reports, and group (distribution list) membership. Distribution groups are collections of pointers to other user, contact, and group objects.

Figure 4.23: Viewing details of a user in the OAB.

Outlook clients fetch the OAB with the Tools-Send/Receive-Download Address Book option, which invokes the dialog shown in Figure 4.24. You can minimize the amount of data downloaded by selecting the "No Details" option, but this makes the OAB much less useful. You can still validate email addresses, but other useful data, such as the X.509 certificates that contain public keys for users registered for advanced security, is only available when you select the "Full Details" option.

Figure 4.24: Options to download the OAB.

As with other synchronization operations, Outlook 2000 and XP use a background thread to download the OAB files, allowing users to continue working while the download proceeds. By comparison, earlier clients "lock" the PC by exclusively downloading until everything is complete. Since any download can take a long time if files are very large, or when you have to use a slow dial-up connection, using a background thread is a much better approach.

Outlook 2002 introduces the concepts of "Send and Receive" groups, which you can use to define how you want synchronization to proceed: which folders to synchronize, filters to apply, and whether or not you want to download the OAB. The default is to download a new copy of the OAB each time you synchronize folders. This is good in that you always have an up-to-date OAB, but any synchronization will take much longer if the OAB is large. After you move to Office XP, review what your send and receive groups are set up to actually copy before launching any synchronization. My preference is to make OAB download an explicit action, so you either should define a special send and receive group that includes the OAB or use the Tools-Send/Receive-Download Address Book option whenever you want an updated copy.

Outlook 2003 downloads the OAB automatically, but only if you elect to use the local cache and have a fast connection. In this case, Outlook checks daily (you cannot change the frequency of this check) to see whether the OAB has changed. If an update is available, Outlook automatically downloads the differences and applies them to the local OAB. If Outlook 2003 discovers that it does not have an OAB available when it first creates an OST file, it attempts to download the OAB from the server. If the download fails, Outlook continues to attempt downloads every hour until it succeeds. The description to date is true for LAN-quality or "Fast" connections. If you connect over a slow connection, such as a dial-up telephone link, you must explicitly instruct Outlook to download the OAB in the normal manner. In either case, you can disable automatic OAB downloads by setting the "DownloadOAB" DWORD registry value to 0. Insert the entry at the following key:

HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\ Cached Mode

Some companies that have large user populations that typically work offline and connect over slow links include the OAB as part of a standard client kit along with Windows and other applications. Each time they install a client kit onto a new PC, it gets a copy of the latest OAB so the user does not have to download the OAB. This approach is very viable, because the OAB is just a set of files and all you have to do is make sure to place the files in the right folder on the PC. People still have to download updated versions to ensure that they can address email to new users, but at least they will only have to download the differences rather than the complete OAB.

An outdated OAB can result in incorrectly addressed messages, either sent to users who are no longer in the organization or who have changed their email address for some reason. It would be good if the Outlook download options provided some idea of the age of the OAB by displaying the date of the last download, since you would then know if the OAB needs a refresh. Even better, Outlook could generate a reminder to download the OAB according to a user-defined schedule or if Outlook considered the OAB to be too outdated to use. Maybe we will see these options appear in a future version, but until then you will have to remember to download the OAB at regular intervals. In most organizations, it is sufficient to download monthly, although it may be a good idea to download more frequently during a migration or other period of flux, such as when companies merge or divest business units.

As you can see from Figure 4.25, the six ANSI format *.OAB files that contain the HP OAB (in March 2003) span 211.4 MB. Hidden recipients are not included in the OAB, so this data represents the 285,000 entries (mail-enabled accounts, contacts, and groups) in the HP GAL. Note that Windows hides OAB files by default, so if you want to see them, you have to set Windows Explorer to reveal hidden and system files.

Figure 4.25: OAB local files.

Outlook downloads compressed versions of the OAB files from the server to minimize network demand. For example, DETAILS.OAB is the largest file, since it contains all of the detailed information displayed in the GAL (email addresses and so on). During a full OAB download, Outlook creates a temporary file called DETAILS.TM_. In this case, the compressed details file was approximately 70 MB. After it downloads the compressed versions of the six OAB files, Outlook expands them to create a set of .TMP files, such as DETAILS.TMP. Outlook 2003 works differently, since it creates the .TMP files immediately and then populates their contents. If the download is successful, Outlook renames the .TMP files to replace the old .OAB files, and, as you can see, the 70-MB compressed version of the details file expanded to approximately 124 MB. By comparison, a details file that does not contain the detailed information for GAL entries (an oxy-moron) is 65 MB, so you can expect to double the size of the file if you download the full version.

You can expect the compressed files to expand to between two and three times their original size to create the OAB files. Even with compression, downloading such a large OAB can take a very long time to complete, especially over a slow connection. At HP, even over a WAN link, downloading a complete copy of the OAB can take up to 15 minutes. The time required to fetch the OAB depends on the closeness of the nearest public folder server that holds a replica of the OAB. Clearly, if you have to navigate a transatlantic link to fetch a copy, the time necessary to connect and download increases.

To speed downloads, Exchange 2003 reduces the size of the OAB by eliminating a number of certificates that OABGEN includes when you download an OAB with "full details." Microsoft realized that Outlook never uses these certificates, so there is no point in including them in the OAB. In some organizations, this simple change reduced the size of the OAB by 25 percent to 30 percent, while others will see a smaller reduction. In HP's case, the reduction was around 10 percent.

Unless your OAB is very out-of-date or corrupt in some way, you normally do not need to download the complete OAB. Instead, select the option to download changes since the last download, which means that Outlook downloads a smaller differences file and then applies updates to the local OAB files. The size of the differences file depends on the number of changes applied to the directory, but it should always be much smaller than a full download. For instance, the typical differences file at HP is around 5 MB. However, Outlook always downloads a full copy of the OAB if changes have been made to more than 6 percent (approximately) of the total directory entries since the last full download. For example, when HP merged with Compaq, the directories from the Exchange organizations run on both companies^[3] synchronized to form a common GAL. Obviously, the next time users attempted to download changes to the OAB, a lot more than 6 percent of the directory had changed, so they had to download a complete copy of the OAB. Table 4.8 lists the files that form the OAB. Refer to Figure 4.25 to see the relative sizes of these files.

Within the OAB, distinguished names in the format used by Exchange 5.5^[4] (rather than the format used by the AD) identify objects, and clients write the distinguished names fetched from the OAB into message headers after they validate addresses. Using distinguished names in this way allows the display names of users, contact, or group to change without rendering OAB entries invalid. Using Exchange-format distinguished names may seem strange, but it allows Microsoft to maintain backward compatibility, not only in the OAB but also in MAPI profiles, and allows users to reply to messages originally sent on older servers. An attribute called Legacy-ExchangeDN provides the magic. This attribute stores the older form of distinguished name for AD objects and participates in address validation through the ambiguous name resolution process. Therefore, when an Outlook client reconnects after creating some offline messages, Exchange revalidates the addresses by searching the AD using the LegacyExchangeDN attribute.

4.6.1 OAB generation process

One selected server generates the OAB for an organization, storing the OAB in a system public folder. By default, this is the first server installed in an Exchange organization, but you can move the OAB generation process to any server you like. A component called OABGEN, which runs as part of the System Attendant process, generates the OAB according to the schedule determined for the Default Offline Address List. Most companies generate an update nightly, especially during periods of migration when mailboxes move between servers or other user details are changing rapidly. You may wish to schedule a less frequent update depending on the rate of change within the corporate directory.

You can modify the properties of the Default Offline Address List to change the OAB server, include other address lists (the default is to build the OAB from the GAL-see Figure 4.26), or change the schedule that the System Attendant follows when it updates the OAB. You can also force an immediate rebuild of the OAB by selecting the list and using the "Rebuild" option from the context-sensitive menu. For example, you may find that the public folder does not contain any OAB data (some bugs have caused this in the past), or you might have added a large amount of new directory entries and wish to generate a fresh OAB.

Figure 4.26: OAB properties via ESM.

On an Exchange 2000 server, the System Attendant process generates the OAB files as posts (with attachments) in a public folder called "OAB Version 2" (Figure 4.27). Version 2 indicates that an earlier format exists, but this format is now obsolete and you only need an OAB in this format if you have to support Exchange 4.0 and 5.0 servers. In an Exchange 2003 environment, you will also find an "OAB Version 3" folder to contain the new unicode-format version of the OAB, which is currently only supported by Outlook 2003. Each time OABGEN runs, it creates a new, full version of the OAB in one post and another post that contains the differences between the current full version of the OAB and the previous version. Thus, the public folder ends up containing a set of posts: one for the full OAB and one for the set of differences. Attachments to the posts contain the full detail information that clients can opt to download.

Figure 4.27: The OAB public folder.

When clients connect to request an OAB download, they fetch either the full OAB or just the message objects in the OAB folder that contain the differences since the last time they updated their on-disk copy of the OAB.

The client downloads the OAB data to temporary files in the directory where it stores the OAB files, and then decompresses the information before applying changes to the client files. Alternatively, if a full OAB is required, the client downloads the data and decompresses it into the set of OAB files on disk. Note that Outlook 2003 and Outlook 2003 allow only one type of download per day. In other words, if you opt to download the OAB with no details and then decide that you really should have taken the full OAB, you have to wait until the next day before Outlook is able to download the full OAB.

If you have multiple administrative groups in your organization, you will probably want to create copies of the OAB on more than one server, so that users can connect to a server in a local routing group to fetch a copy of the OAB. Exchange uses normal public folder replication to replicate copies of the OAB data to different servers around the organization. To minimize network traffic and speed client downloads, you should arrange to replicate copies of the OAB to a server in every routing group. To view the current replication status, proceed as follows:

• Select the administrative group that holds the default public folder hierarchy.

• Select "View System Folders" from the context-sensitive menu.

• Expand the Offline Address Book folder.

• Select the folder named o=org/cn=addrlists/cn=oabs/cn=Default Offline Address List (the internal pointer to the OAB Version 2 and OAB Version 3 folders) and view its properties.

Figure 4.28 shows the view of the OAB folder through ESM (Exchange 2003). In this case, there are two subfolders: one for the version of the OAB used by pre-Outlook 2003 clients (OAB Version 2) and one for the uni-code-format version that Outlook 2003 can use (OAB Version 3). You can click on the Replication tab to list the current servers to which Exchange is replicating the OAB. To add a new server, select the OAB, view its properties, and then use the Add button to add a server to the replica list. Replication normally proceeds at the same schedule used for other public folders. In some cases, administrators place public folders in a specific administrative group to isolate the management tasks associated with public folders, such as replication. This is a good technique to use if you want to restrict public folder management and stop people from creating excessive replication traffic or setting up multiple public folder hierarchies.

Figure 4.28: OAB replica synchronization.

In passing, it is worth noting that the other entries (beginning with EX:/ O=) listed underneath the Offline Address Book folder shown in Figure 4.28 are legacy versions of the OAB generated by Exchange 5.5 sites. The Exchange OAB is an organizational-wide entity, while previous versions generated an OAB per site. Once an administrative group is fully migrated to Exchange 2000 or 2003, you can safely remove the OAB for the original Exchange 5.5 site.

If you have problems generating or replicating the OAB, you may have a corrupt set of files in the system folder. You can either regenerate the OAB through the "rebuild" option or delete and recreate the offline address list in the Offline Address Lists container. In either case, you should increase diagnostic logging to maximum for the OAL Generator component for the MSExchangeSA (System Attendant) service beforehand to see if anything is reported in the event log.

^[3] . At the time, HP ran Exchange 5.5 and Compaq ran Exchange 2000.

^[4] . For example: /O=Organization/OU=Site-Name/CN=Recipients/CN=Tony-Redmond.