Why am I able to lookup a non UM enabled user and also leave them a voicemail in the auto attendant of Exchange 2007 / 2010?

I received a escalated UM related ticket passed on to me this week because the colleague who was looking at the issue wasn’t a UM expert and while I was able to identify the issue immediately, I thought it’s worthwhile to write a post about the behavior of how Exchange 2007 and 2010 handles directory lookups depending on the option you select.

Problem

The problem the client was having was that they noticed they were able to leave a voicemail for non UM enabled user accounts (i.e. service accounts).  These service accounts were mail enabled but not UM enabled so they were curious as to why they were able to search for the account within the AA’s directory lookup by both:

  1. Speaking the name
  2. Using DTMF to search for their name and email address

Analyzing The Behavior

Between Exchange 2007 and 2010, there isn’t much of a difference for how you can limit directory lookup for callers into the auto attendant:

Exchange 2007

image

Exchange 2010

image

As seen in the screenshots above, the radio button options available for Callers can contact are:

  1. Users within dial plan
  2. Anyone in the default global address list
  3. Anyone in this address list:

Instead of writing with my usual style, I will phrase this post with questions and answers.

Question:  Why are users able to “speak” the service account’s name to lookup this non-UM enabled user?

Answer:  Before I proceed with stating what the problem was, let me reference the following TechNet article about the behavior of these options:  http://technet.microsoft.com/en-us/library/aa996927.aspx

——————————————————————————————————————————————————————-

When the Unified Messaging server creates a speech grammar file, it examines many directory objects to determine which names should be added to the speech grammar file. The types of objects it processes are based on the scope of the grammar being created. However, for all these objects, Unified Messaging won’t add the object to the grammar if the object is hidden from the Exchange 2010 address lists or the msExchHideFromAddressLists attribute is set to true for the object.

  • For the global address list grammar file, Unified Messaging will consider the following:
    • Mail-enabled users
    • Mail-enabled contacts
  • For dial plan grammar files, Unified Messaging will consider the following:
    • UM-enabled users in the specified dial plan
  • For the distribution list grammar file, Unified Messaging will consider the following:
    • Distribution lists that are visible in address lists

A default global address list is created when the Mailbox server role is installed on a computer running Exchange 2010. When the Unified Messaging server role is installed, it creates a grammar file for the global address list based on the speech grammar filters that are configured. If you create custom address lists or distribution lists in your Exchange 2010 organization, additional grammar files will be created for each custom address list or distribution list you create.

——————————————————————————————————————————————————————-

As stated in the information provided above, if the Callers can contact option is set to Anyone in the default global address list, Mail-enabled users and contacts are actually included in the speech grammar file and, while it doesn’t explicitly state this, allows these accounts to be looked up and transferred to.  So to fix the issue this client had, all I had to do was select the option Users within the dial plan which will thereby limit directory lookups to users who are in the auto attendant’s dial plan and UM enabled.  I’m always a bit confused as to why it behaves this way but I usually recommend that if there is a need for the ability to lookup users across dial plans then use the Anyone in this address list option to get around it even though it means more administrative work.

Question:  Why are users able to use DTMF via keys to look up the service account’s name?

Answer:  DTMF mappings are actually an attribute of the user account.  Further information about where this attribute can be located can be found here: https://blog.terenceluk.com/2010/12/how-to-automate-removal-of-values-for.html

Question:  Why are users able to leave a voicemail in both cases?

Answer:  I have no idea what the answer is but have taken the time to post a question on our Microsoft Partner forum.  Just for fun, I actually called into a non UM enabled user:

image image

… to leave a voicemail and when I logged into the account’s OWA, I saw the voicemail sitting there.  Very strange indeed.

image

Question:  What does our Microsoft Partner Forum have to say?

Here’s the response I received:

From your problem description, I understand that there are some non-UM-enabled users in the organization, but those users can still be found when calling in AA. You not want the caller to leave voicemail for them. If my understanding is not correct, please feel free to let me know.

If you do not want the caller to be able to leave a voice mail for a non-UM-enabled user, I suggest you change the contact scope of the Auto Attendant to “Users within dial plan”. With the contact scope of “Anyone in the default global address list”, the caller is able to find any users in GAL.

Also, non-UM-enabled users are able to receive voicemail as an e-mail with a .wma attachment so that they are able to listen to it from the Inbox folder. However, these users are not able to access the voicemail through Outlook Voice Access. This provides a different way for non-UM-enabled users to receive voicemail.

Guess this is by design.  If I go to TechEd again this year and finally be able to find someone from the Exchange UM product group (I couldn’t find one last year), this will be one of the questions I’ll ask.