No announcement yet.

"Superusers" in a Segregated Exchange 2007 environment

  • Filter
  • Time
  • Show
Clear All
new posts

  • "Superusers" in a Segregated Exchange 2007 environment

    I'm helping out a few non-profit orgs by setting up a shared Exchange 2007 server based on the whitepaper at . For background, I'm an Exchange 2007 neophyte (my past experience was limited to SBS2003),

    Address list segmentation is working fine. Now I need to set up a Blackberry Professional Server for them. The problem is I can't figure out how to create a "superuser" that has access to all the address lists.

    I tried creating a regular "non segregated" user using the Exchange Management Console, but no dice - when trying to set up the BB Pro server, I get a "The name could not be resolved. The name could not be matched to a name in the address list.".

    Then I tried (using the terminology in the MS whitepaper) creating a new "Company" for the BESAdmin account. Then I created a user in that Company. I added all the other Address Lists to the BESAdmin's OAB, thinking that would allow the BESAdmin account to view them. Unfortunately this isn't the case, the Blackberry Pro machine can only see it's own account in it's Company, OR just the names in the LAST address list I added to the account (and no others).

    On another site I see the following:

    Question: But what if you still want to have a "default gal" containing everything ?. Why ? Sample:

    * Global Company with many sub-companies
    * Subcompany1 users should use their segregated GAL/AL
    * Subcompany2 users should use their segregated GAL/AL
    * CEO and marketing of Main-Company should have a full GAL. (same with Blackberry Servers, Single Item Backups etc)

    So by following this document there really is no way to configure one company with two or three GAL's and restrict only the "standard Users" to one GAL ?

    Answer: No. Either you follow this or you stay with standard exchange. What is not supported is trying to have the gal and trying to segregate that Default GAL. What you can do is make another OAB and then add all of the address lists to it and make sure that CEO is not part of any deny groups so he can see them in outlook.
    Does anyone have instructions/direction on how to create a "Super user" in a segregated Exchange 2007 environment, as noted above? I think I need a pointer to get me in the right direction regarding this; for some reason I can't wrap my head around why it's not working.