Is a soap session logged on as a trusted application limited to distribution lists that are visible to the username provided or if the address book and distribution list IDs are known can they be retrieved?