My organization has a third party developed system that builds a single global address book between the internal GroupWise and Exchange systems. This has been in place for many years, long before Novell's GroupWise / Exchange sync product.
Our system uses the eDirectory "nGWVisibility" attribute to determine if the user is valid and should be added to the global address list. Since we've upgraded to GW 2014 R2 SP1, new users created in GroupWise no longer create this attribute. These new users get left off the global address list of our Exchange systems unless we go in to iManager and manually create this attribute and set the right value. This is cumbersome because it's an extra step when we create new users, and when we disable GW accounts. (We usually leave GW accounts disabled for 2 or 3 months with visibility set to none before we delete.)
Anyway, I started experimenting with the GW LDAP that you can enable from a 2014 R2 SP1 MTA. Here's what I find:
1. If I connect to this GW MTA with an ldap browser, I can see ALL accounts, disabled, enabled, visibility set to none, etc. When I view the attributes of the GW accounts, I don't see any attribute that shows visibility or enabled/disabled.
2. If I connect to this GW MTA with an Outlook 2016 client configured to use this ldap server as an address book, I don't see any disabled or visibility none accounts, which seems to be working correctly.
Our system that builds a global address list runs a query each night. That query if pointed to our GW MTA LDAP sees and pulls all accounts regardless of disabled and/or visibility.
So, how does this work correctly in Outlook, but does not work correctly when querying or ldap browsing?
What attribute(s) does Outlook see or not see that tells it to only show the proper enabled, "system" visibility accounts? I've had a ticket opened with support, but they have not been able to help.