Category Archives: Offline Address Book

Offline Address Book Configuration in Exchange 2010 & 2016 Coexistence

In this article we will have a look at the OAB configuration in Exchange 2016 in coexistence.

Outlook will trigger an OAB download every 24 hours right from the time it received the last fully updated OAB files.

A small background functionality of OAB from Exchange 2016:
1)Outlook Queries OAB through Autodiscover URL.
2)Reaches the Exchange 2016 mailbox OAB Virtual Directory.
3)Exchange 2016 Mailbox  Client access service  queries Active Manager and finds out database hosting  organization  Arbitration mailbox.
4)Then OABGen Assistant from the Arbitration mailbox will provide the required information.
5)Like with Exchange Web Services, Autodiscover will provide the Offline Address Book URL.This request will then be proxies to OABGEN mailbox which had the OAB information and this information is served back to the client.
The OAB files are stored in the same place as we have in Exchange 2013 CAS server but now it will be on Exchange 2016 Mailbox server itself since we do not have the CAS role.

In Exchange 2016, the OAB files are generated and stored in the Organization arbitration Mailbox with persisted capability first and later copied to the location %ExchangeInstallPath%\ClientAccess\OAB\ folder in the Mailbox Server.

Below are the important things to perform:

1) When we introduce Exchange 2016 we need to create a new Offline Address Book
New-OfflineAddressBook –name “OAB NEW” –Addresslists “\Default Global Address List” -VirtualDirectories $null
2)Make sure 2016 OAB Virtual Directories URL’s are pointing to the Exchange 2016 Servers.
Run the below command to check the settings
Get-OabVirtualDirectory | ft identity,internalurl,externalurl -AutoSize

3)Change the default OAB on Exchange 2016 databases, to do so open Exchange 2016 Management Shell and run the following command:

Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “\Default Offline Address Book (Ex2016)

Enable GlobalWebDistribution
The recommendation is to enable global web distribution for all OABs hosted on Exchange 2016.

What is the benefit of doing this?
The main benefit is all Exchange 2016 Mailbox servers can take part only in web distribution.
The OAB generation still remains with the mailbox server which hosts the active copy of the DB which has the Arbitration Mailbox with Persisted capability.

How to check if GlobalWebDistributionEnabled is set to true
Run the below command.
Get-OfflineAddressBook Select | Identity,Name,GLobal* |Fl

If it is set to false set it to True by running the below command.
Set-OfflineAddressBook <E16OAB> -GlobalWebDistributionEnabled $true

What is this GlobalWebDistributionEnabled parameter?
This parameter is used by Autodiscover to determine which mailbox OAB virtual directories are eligible candidates for distributing the OAB to the clients.
By doing the above action we are making all Mailbox Servers to distribute the address book automatically.

Enable Shadow Distribution:

By enabling this we can have a shadow copy of an OAB instance generated by an Arbitration Mailbox to another Arbitration Mailbox.
Prior to enabling shadow distribution, we should deploy an OAB generation mailbox in each AD site where Exchange 2016 infrastructure is deployed.

Benefits of Shadow Distribution:
1)Prevents the OAB download across WAN if the user is connecting from different site.
2)If we don’t have this Shadow distribution enabled then it will trigger a full instance of OAB download if the user logs in from another site .

We can enable Shadow distribution by running the below command.
Set-OfflineAddressBook “Redmond OAB” -ShadowMailboxDistributionEnabled $True

Again we can enable this option if the end users are travelling and connecting in multiple sites randomly.
Point new Exchange 2016 On-Premises DBs to the new default Offline Address Book that was created.
And make sure current Ex 2010 DBs are pointing to Ex 2010 OAB until the migration is completed.
After installing the 1st Ex 2016 new Ex 2016 DBs should point to new default OAB.

Do we need to move the Exchange 2010 OAB’s ?
No we don’t have to move, all OAB’s . They have already been created and stored in OABGEN mailbox and are Updating 12 times a day.
From Exchange 2013 all OABs have gone into <Default Offline Address Book>.

After the configuration try to browse the OAB end points and see if you are able to login

Below example of how it looks after successful authentication

OAB URL can be taken from Test Email AutoConfiguration Outlook results.
Download the OAB and see the results.

By default, a new OAB is generated every 8 hours in Exchange Server 2016, but we can change the interval by using the Exchange Management Shell by using a new-setting override.

New-SettingOverride -Name “OAB Generation Override” -Component MailboxAssistants -Section OABGeneratorAssistant -Parameters @(“WorkCycle=02:00:00”) -Reason “Generate OAB every 2 hours”

Note: It is better to leave the default work-cycle schedule and not modify them.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services

Exchange 2016 install error – Tried to create new default OAB but the object already exists

We might get this below error on installing the first Exchange 2016 on a coexistence setup with Exchange 2013 or Exchange 2010.

When looking through the setup logs we can find the below reason to stop the installation.
                Write-ExchangeSetupLog -Warning (“Tried to create new default OAB but the object already exists; it may have been created by another instance of setup.”)

Resolution :
Open ADSI Edit, go to CN=Configuration,DC=domainname,DC=local\CN=Services\CN=Microsoft Exchange\CN=Container\CN=Address Lists Container\CN=Offline Address Lists
Right click on the Exchange 2010/2013 OAB (according to the legacy exchange version you have )and click Properties.

Look for the value ‘msExchOABDefault‘ and Make this value to Not Set or False and then click apply ok.




What is this  msExchOABDefault ?
This is a Boolean attribute in the offline address book  properties.

The already existing Exchange setup might be having this value set to True.
This value can be either True ,false or Not Set .

If its set to true then this will be the offline address book for any mailbox store, databases in the organization.
Why it fails with this value True is because the Exchange 2016 setup successfully creates the new OAB container in the ADSI EDIT during the installation.When it attempts to set this value to True it fails because the old one has already value set to True.
There can be only one Offline Address Book in a Organization which value can be set to True which is the default OAB.

Now rerun the setup and it should be completed without any issues

After successful installation we can see the default value set to True on the higher version of Exchange as below


IMP Note:

Be careful while performing the steps on the ADSI EDIT container since deleting any objects accidentally will lead to a big issue. Better to take a backup before performing any actions on the ADSI Edit.

Sathish Veerapandian

MVP – Office Servers & Services

Changes in OAB from Exchange 2013 CU5

We are eagerly waiting for the release date of Exchange 2013 CU5 which could fix transport agents not loaded  after Sp1 upgrade as mentioned in KB2938053, Shared mailboxes sent items  are not saved in the Sent Items folder of the shared mailbox and it gets stored in drafts folder of primary mailbox.

I just happened to read the latest Tech-net blog posted by Ross Smith which mentioned about Changes in OAB from Exchange 2013 CU5.

The main highlights are

1) Single OAB Generation Mailbox per site. Which stops multiple OAB download instances from multiple OAB generation mailboxes located in same site?

2) Having one OAB instance per site which stops multiple downloads of OAB files.

3)We can Specify  OAB generating Mailbox.

Read more from Source Tech-net Blog:

Hope this information will be helpful in planning for CU5 upgrade .

Cheers !!!

Troubleshooting OAB in Exchange 2013

In this article we will be looking into issues arising in OAB after users have been migrated from exchange 2007/2010 to Exchange 2013.
Unlike the previous versions of Exchange the OAB generation process in Exchange 2013 has been completely changed. So the troubleshooting OAB part in Exchange 2013 is little bit different while compared to older versions.

If you are running older version of Exchange 2007/2010 first run the below command to change the default OAB to Exchange 2013
1. Run the command in Exchange 2013 EMS to change the default OAB on Exchange 2013 databases:

Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “\Default Offline Address Book (Ex2013)”


We can accomplish this task via EAC as well as shown below but this has to be done for each and every db’s one by one.
Click Servers – databases – client settings and select the default OAB to be selected for the databases.


Also check if the OAB virtual directories are set properly in Exchange 2013. You can check by running the below command

Set-OabVirtualDirectory -Identity “exchange2013\OAB (Default Web Site)” -InternalUrl -ExternalUrl

In our case since I have not set the virtual directories   on Exchange 2013 I’m running the below command to set the virtual directories first in exchange 2013 and I’m showing the output

After running the above command we can see the virtual directories showing up in external and internal url


Now let’s look into troubleshooting the OAB issues in Exchange 2013

First run Get-offlineaddressbook |fl and see if the default offline address book assigned has virtual directories linked with them and is set to true as shown below.

If there are no virtual directories specified the OAB will not work.


Now we need to look if there is anything wrong in the arbitration mailbox which holds the OAB by running the below command and see if there is associated  arbitration mailbox for OAB

Get-Mailbox –Arbitration | where-Object {$_.PersistedCapabilities –Like “*OabGen*”} | FL Name,Persisted*


There should be a associated arbitration mailbox for OAB. If there is not then create a new arbitration mailbox and assign it to OAB by running the below command

Set-Mailbox -Arbitration “arbitrationmbxname” -OABGen $true

If everything seems to be fine then please run the below command to see where the arbitration mailbox resides


Now run the below command to check if the arbitration mailbox database is healthy


If the database if healthy and mounted then run the below command to check the OAB generation cycle work point


What is OAB generation cycle check point?

The default setting of the OAB update is generated once in every day and that’s why we have it as 1 specified. So we need to have this setting. If there are no values specified and if it is then null OAB will not be functioning.

We can run the below commands to change the above parameters value and if there is no value set on them.

Set-MailboxServer <SERVERNAME> -OABGeneratorWorkcycle 00.05:00:00

Set-MailboxServer <SERVERNAME> -OABGeneratorWorkCycleCheckpoint 01:00:00

Also we can force the OAB download to happen by running the below command like we do it for Exchange 2007 & 2010 and see if users are able to download OAB.

Update-OfflineAddressBook -Identity “Default Offline Address List (Ex2013)”

Also we can run below command to see if the certificate is issued to name in our example

Get-OutlookProvider | FL Identity,CertPrincipalName
Run the below command if there is no cert principal name issued 
Set-OutlookProvider EXPR -CertPrincipalName:"msstd:<FQDN the certificate is issued to>"
This can be a guide for troubleshooting OAB since there could be few more factors considering OAB download not happening. Cheers :)

Sathish Veerapandian
MVP - Exchange Server

Steps to Troubleshoot Offline Address Book – Exchange 2010 & Exchange 2003 mixed environment

Things  To be checked before you proceed with troubleshooting  – ?

      What type of clients are used – Outlook 2003, Outlook 2007 or Outlook 2010

      Have the OAB files been replicated from Mailbox Server(OAB GenServer) to Client   Access Server.

      Does the organization contain at the least one Oab-VirtualDirectory.

      Is the OAB set for web distribution?

      Any recent changes on the environment or any updates or patches installed.

      How many users are affected and the mode of occurrence?



Check if Autodiscover Service is working fine in Outlook 2007 & Outlook 2010  because misconfiguration of Autodiscover could cause the OAB to fail downloading.


Steps to check – check the test email auto configuration on outlook client

Also another  way to check this is to see if users are able to modify OOF Assistant settings in Outlook 2007 0r 2010 .

If the problem is with Outlook 2003 then proceed with linear troubleshooting for OAB in legacy Exchange

For Outlook 2010 check if the OabVirtualDirectory is present.

To verify, open Exchange Management Shell and enter the following cmdlet. This
will return all of the OAB Virtual Directories found.


If the cmdlet doesn’t return any OAB virtual directories, then there is a problem
and you will need to create an OAB Virtual Directory using the
New-OabVirtualDirectory task.

Verify if there are any OABs setup for Web Distribution.

Do the following:
a. Open the Exchange Management Console.
b. Expand the Organizational Container.
c. Click on the Mailbox Container.
d. In the middle MMC pane, click on the ‘Offline Address Book’ tab.
e. If there are any Offline Address Books setup for Web distribution, they
will be identified as such under the Distribution Mechanism column as Web-Based.

The following location on the Client Access Server can be checked to see if the
Offline Address Book files have been replicated:

C:\Program Files\Microsoft\Exchange Server\Client access\OAB

This is the local cache for the Client Access server and any Offline Address Book
files that need to be updated will be updated here.

Permissions should also be checked. If any of the default permissions are locked
or are missing, the Offline Address Book files might not be replicated.

The following permissions that are installed on this directory are as follows:

Anonymous access disabled
Integrated Windows Authentication Enabled
Read Permission Enabled
Write permission disabled
Directory Browsing Disabled
Script source access disabled
Log Visits Enabled
Index this resource disabled
Execute permissions set to None

If you suspect that you are having a OAB Generation problem, turn up Diagnostic
Logging through the Exchange Management Shell.

On the Exchange 2010 mailbox server, open Exchange Management Shell and
enter the following cmdlet:

Set-EventLogLevel “MSExchangeSA\OAL Generator” -Level Expert

After you hit enter you will not see any output that indicates that the
logging level has been set.

However, you can verify the level using the following cmdlet:

Get-EventLogLevel “MSExchangeSA\OAL Generator”

Next, type Update-OfflineAddressBook -Identity “Default Offline Address
This will generate the Default Offline Address List.

Review the application event log on the mailbox server.

Another method for troubleshooting OAB failures is to use the tracing built into


  • Exchange 2010 OAB

    Analyze current configuration

    1. Use Exchange Management Console
    2. Expand Server Configuration and select Mailbox
    3. Right-click the server in the list of servers and click Properties
    4. Select the Client Settings tab
    a. Check specified Offline Address Book configuration
    b. Check Distribution methods (Web and/or public folders)

    Public folder distribution
    OAB 4.0, 3a, 2.0

    Web folder distribution
    OAB 4.0

    Public folder distribution

    Use MFCMAPI to inspect the public folders housing the OAB data

    1. Public Root
    4. DN for OAB (for example, /o=Fourthcoffee/cn=addrlists/cn=oabs/cn=Default Offline
    Address List)
    5. Double-click any of the following folders to see the messages within:

    OAB version 2
    OAB version 3a
    OAB version 4

    Web distribution

    1. use Exchange Management Console
    2. Expand Server Configuration
    3. Select Client Access
    4. Select the CAS server in top pane
    5. Select the “Offline Addresss Book Distribution” tab in the bottom pane
    6. Right-click the listed OAB and click Properties

    a. On the General tab look at the Polling Interval value. This is the value used
    by the File Replication Service to determine how often to replicate the OAB files
    to the distribution point.
    b. On the URLs tab look at the Internal URL and External URL values to see if
    they are appropriately configured (We should know the correct values)

    7. check the OAB generation share:

    \Program files\Microsoft\Exchange Server\ExchangeOAB

    Do you see a folder with a {guid} that matches the {guid} in the OAB URL shown
    in Outlook (Test E-mail AutoConfiguration)?

    8. Check the web distribution folder:

    \Program files\Microsoft\Exchange Server\ClientAccess\OAB\{guid}

    a. Does this {guid} match the {guid} in the share listed in step 7
    b. If not, what is the number of minutes specified for the Polling Interval? Is
    the File Replication Service running?

    c. check the Event log on the generation server

    Source: MSExchangeFDS
    Category: FileReplication

    Steps to generate a new Web distribution OAB

    1. In Exchange Management Console go to Organization Configuration – Mailbox
    2. Click “New Offline Address Book”
    a. Name = E2010 Web OAB
    b. OAB generation server = <E2010 mailbox server>
    c. Enable Web-based distribution
    Vdir = OAB (Default web site) CLT-E2k10
    d. Enable public folder distribution
    3. Right-click the newly created OAB and click Update
    4. Check the \program files\microsoft\exchange server\ExchangeOAB folder

    <result> you should see the {guid} subfolder just generated. This data will need to
    be replicated to the CAS server

    5. On the CAS server check \program files\microsoft\exchange
    server\clientaccess\OAB for web distribution

    <result> the files probably won’t be replicated here just yet.

6. Select Server Configuration – Mailbox

       Examine Mailbox Database properties

       Go to the Client settings tab

       Offline Address Book = <name of your new OAB> (browse if necessary)

7. Select Server Configuration – Client Access

       Select your CAS server in the top pane

       Select the “Offline Address Book Distribution” tab

       Right-click OAB (Default Web Site) and click Properties

       On the General tab check the Polling interval (set it temporarily low to
force FRS replication of the OAB files)

       On the URLs tab validate the Internal URL and external URL (for example,
the Intenal URL would just be https://cas_server/ )

8. Wait a minute or two (or whatever time you specified for the Polling
9. On the CAS server, re-check \program files\microsoft\exchange
server\clientaccess\OAB for web distribution

<result> the files should now be in the distribution point on the CAS server

10. To force a regen of the autodiscover settings run iisreset (or just wait)

NOTE: Don’t run iisreset on a production server.

11. Start Outlook 2007 or 2010 with a cached mode profile.
12. Check the OAB URL in the Test Email AutoConfiguration dialog

<result> the URL should point to the the URL specified above plus /OAB/{guid}. For
example, https://server/OAB/d15381e6-ce14-4949-a147-2681e656744a/

Outlook 2010 OAB Analysis


1. Check the Sync Issues folder

       Check the different Synchronization Log messages (with a red exclamation
point icon)

       Check for an error in the message under “Microsoft Exchange offline address

2. Check the Olkdisc.log file (in the %temp% folder) for the listed OAB URL
3. Inspect the OAB URL with the Test E-mail AutoConfiguration tool

      Start Outlook

      Press CTRL, right-click the Outlook icon in the system tray and then click
Test E-mail AutoConfiguration

      Clear the two “Guessmart” checkboxes and click Test
Inspect the value for “OAB URL”

– If you using public folders for the OAB then this will say “Public

– If you are using Web distribution for the OAB this this will list the full URL to the OAB files. For example, https://server/oab/{guid}







Explanation on Global and universal Distribution List/Group

In Exchange 2000 and 2003, Microsoft recommends that all distribution groups used for email are Universal groups, not Domain Local or Global groups.  This has been our recommendation for many years, as configurations outside of this can result in abnormal mail flow (as you have seen) or lost email.  A quote from this Knowledge Base Article# 839949:

Only universal group memberships are replicated across all domains to all global catalog servers in the forest.  Microsoft always recommends using universal distribution groups for mail distribution in a multi-domain environment.


Now some further explanations as to why this is a problem:


In short, Exchange is simply delivering the mail to the users that it is told should receive it.  Please understand that Exchange knows nothing about the members of the DL, it counts on the GC to provide this information.  The (basic) process looks like this:

– Mail is sent to a distribution list from the mail client of choice.

– Exchange Categorizes the message, and in the process needs to lookup the members of the DL.

– Exchange sends an LDAP query to a GC, the GC looks up the DL name, checks the membership, and responds to Exchange with 20 recipients.

– Exchange delivers successfully to all 20 recipients.  Looks good, the process worked.


Now in the example above, let’s say the DL actually contained 100 recipients, instead of 20.  But because Exchange delivers based off what the GC tells us, and it only knows about 20 users, Exchange is acting as designed.  We cannot NDR the message or throw an error, or notify anyone there was a problem, because we simply weren’t told by the GC that the message was ever intended for those additional 80 people.  But in the example, the reason the DL is missing 80 people from the membership because the recipients are spread across multiple domains, and global or domain local memberships are not replicated to all GC’s.   As we know, only universal groups and their members are replicated across the organization to all GC’s.  This is the reason only Universal Groups are recommended and supported for mail flow.


It is also important to note that Exchange first queries any GC in its AD Site (not domain).  Remember that GC’s from different domains can be kept in the same AD Site, which I presume is the case in your environment.  If we cannot contact a GC in the local site, we will then go out-of-site.  Group memberships as noted above, however, are kept per domain.  So when Exchange is looking for a GC, it is quite possible for Exchange to pick alternate GC’s in its AD Site, each containing memberships for different domains.  Again, this is another reason Universal Groups are recommended.


Also, as you are planning for a migration, please be aware that in Exchange 2007/2010, only Universal mail enabled Distribution Lists can be created.  This is a direct response to the issues many customers including yourself have seen with the legacy (E2k/E2k3) versions of the product.  Once Exchange 2007/2010 is in your environment, it is required that all DL’s and users/mailboxes/etc are created either from the E2k7 Shell or Management Console (and not in AD Users/Computers as in E2k/3).  This prevents any new global/domain local groups being used for mailflow so that moving forward we work away from this being an issue.  While you are still in a mixed environment where E2k3 and E2k7 are running simultaneously, existing Domain Local/Global groups will still be used, just understand this falls under all of the same caveats as above and the possibility for lost mail still exists and should be accounted for and is therefore not recommended.

All other versions of Exchange (E2K7/E2010/E2013) are hard-coded to Universal groups only, and we would not recommend anything that might negatively affect your future migration.

%d bloggers like this: