No announcement yet.

Hiding GAL from one or two users

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hiding GAL from one or two users

    I have Exchange 2003 running on Win2k3.

    I want to hide the GAL from a couple of users who will only have email access through OWA.

    I have tried to implement some of the things I have already researched - like denying read/list permissions for the users on the ESM>Recipients list> then adding users to the permissions tab and opting for the DENY full access for that user. They still can read the GAL.

    I have read other posts that say there just isn't a way to do this... I feel like there is a solution, and am perplexed that having the DENY attrib for GAL doesnt seem to do anything.


  • #2
    Re: Hiding GAL from one or two users

    this is 2000 based, but take a look, it may give you some things to think about:
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: Hiding GAL from one or two users is another useful article. Thanks I am going to try this out today and see how it goes.


      • #4
        Re: Hiding GAL from one or two users

        It worked great! Here are pretty much step-by-step instructions on how to do it:

        I have only confirmed this to work when the user has access only to OWA for email.
        To recap my requirement - I have a user who we want to have an email address but do not want them to be able to email to anyone in the domain unless they specifically know their email address already.

        (standard disclaimer - messing with ADSI edit can hose your domain if you mess up something)

        1. If you dont already have ADSI edit - get it from a reliable source such as your Windows Server CD. (if you need help just web search ADSI support tools)
        2. Start and MMC by going to start run and typing MMC
        3. Add ADSI Snap-in from File menu - add/remove Snap-in
        4. Connect to your domain and drill down to the OU that the user is in.
        5. Right click on the user and choose properties
        6. Scroll down the Attributes list to find msExchQueryBaseDN
        7. Choose Edit
        8. Put in the LDAP address that represents that user's OU (ie. ou=Sales,ou=My Departments,dc=MyDomain,dc=com)
        9. Click Ok and you are done.