> Thanks! very useful. That also leads me to another LDAP > question (which I posted as few days ago). How do you > prevent "everybody" from running LDAP queries on your server? > > For example, I have multiple domain names on my exchange > server, each one being a separate, independent company. It > seems all I need is a valid user account on my exchange > server (like any of the users) and I can run LDAP queries to > list out the entire user names and email addresses etc. There > has to be a way to prevent that! I just did that with SmartR > and it's scary. > > PS: Please excuse my ignorance on LDAP, I am still learning :-) > Well is no other workstation needs LDAP then only allow connections from your workstation. I looked on my exchange 5.5 box and don't see a method to limit the query to a domain. I do see the ability to set the search base in Outlook XP. My guess would be that the permissions need to be set within AD itself, but I don't have a place to test the theory. As a side note you may need to use cn=admin to identify your login if you need to return objects that are hidden. John