Friday, January 05, 2007

How to create Contact Objects in the Active Directory

I've had a few questions on this, so I figured I'd answer it out right. If you want to use the White List with contact objects that have external email addresses, you need to create contact objects for them.

To Create a contact object for an external user, you have to:

  1. Click Start, Administration Tools, Active Directory Users and Computers.

  2. Expand your domain.local, MyBusiness, Users, and select SBUsers.

    (Of course you can place them almost anywhere in the AD and they will show up. I mearly suggest this location as it's the holding place for all your users as well, helps keep things organized.)

  3. In the right hand pane, right-click and choose New and select Contact.

  4. The new Contact Object Wizard opens, enter the First name, last name, etc. and click Next.

  5. Ensure Create an Exchange e-mail address is selected and click Modify.

  6. From the list of New Email addresses, select SMTP Address and click Ok.

  7. On the General tab, enter the email address of the external receiptient, and click Ok, then click Next followed by Finish.

Now you're contact object will exist in the GAL. You can start using it to create your whitelists or distribution lists immediately on the server. However, you won't notice the contact object showing up on clients until the Offline Address Book has been built on the server, and the Outlook clients has downloaded it. Once downloaded, you'll notice that all contact objects have a little globe next to it, so they are easily identifiable in the GAL.

Hope this helps with any questions regarding adding Contacts to your system.


Manoj said...

Hi, I have some questions regarding contact objects.

whether contact object is similar to user object? can we authenticat against the AD using a contact object?
If we can use the contact object for authentication,how can we provide the password for the contact object?

In a multiple forest scenario, where we have many primary forests having user objects in it, and then we have a central forest, which holds the contact objects representing the user objects in the primary forests.The synchronization of central forest and primary forests are done using MIIS.

in the above scenario if i get the contact object in to my application, by connecting to the central forest,the how can I authenticate against the Central forest using the contact object?

Please help me to get a solution to it.

Sean Daniel said...

Hi Manoj,

Seems like your developing a very large application, which isn't my forte.

However, I can tell you that contact objects cannot be used for authentication. They are simply a relay-type object, primarily for mail and contact information for those who are users on the system. Think of it like creating a contact object in Outlook, that person cannot log onto your system, but they do hold a lot of information and you can email it.

Make sense?

For your scenario to work, at a high level, you'll have to implement trusts between your forests, or have MIIS sync user accounts too. (I'm not even sure if that's possible btw, I'm a small business guy and we don't use MIIS).

Sorry I can't be of more assistance.


Tim Barrett said...

Hey Sean,

Can those AD contacts show up in WSS v3 so they can be used w/ the Fabulous 40 templates? Not for login purposes on WSS, but so they can get email alerts, etc?


-Tim Barrett

Anonymous said...

This is easy in SBS 2003 - but now in creating my first SBS 2008 box, the contact functionality isn't as easy. By default, it doesn't mail enable contacts. I'm still looking for how to do that.