No announcement yet.

add membership to group shows wrong GAL

  • Filter
  • Time
  • Show
Clear All
new posts

  • add membership to group shows wrong GAL

    I originally posted on the exchange server forums at technet.

    I had an exchange 2010 environment. We have several departments who need to only be able to see the users from their department in their GAL/OAB/ABs. I set it up using legacy segregation(this was pre-sp2), and everything worked perfectly. They see the write GAL and OAB and ABs. They don't see the ones they shouldn't.

    Then I got a request to allow a user to manage one of the distribution groups. No problem, set up a management role for him with the right permissions... Assigned it to him. Then I tested.

    Log into OWA as the user.
    Check Address Book -> Address Book shows correct GAL and users.
    Click on options. Click on groups.
    Edit the group under "Public groups I own"
    Expand membership and click on Add -> Entire organization is displayed. User is explicitly denied on the default GAL and any GAL which shows the full organization, but he can see it from the add-members.

    I was told by a microsoft rep on the technet forums that I need to go to SP2 and set up ABPs and remove the legacy segregation and that would fix it.

    Upgraded all servers to SP2.
    Removed legacy segregation.
    Set up ABPs.
    Verified that the user can only see the correct GAL/OAB/ABs from both outlook and OWA.
    Tested the ability to add members to a public group the user owns -> He can see the entire organization.

    Tested again from a non-domain joined pc at a remote site using the users credentials, same result.

    When they click on add in the group membership management it gives an address list that the user does not have access to(even tried with explicit deny), so what user/account is it using to access the address books?

    If it uses a different account/context, what determines it and can you have each address book accessing a separate one?

    If not, is it pulling the user list from something other than the address books/GALs?

    If none of these, why is it doing this or at least how do I fix it?

  • #2
    Re: add membership to group shows wrong GAL

    anyone available to assist?


    • #3
      Re: add membership to group shows wrong GAL

      Is the Add group member dialog using ldap browsing, maybe?


      • #4
        Re: add membership to group shows wrong GAL

        Please don't keep bouncing your post -- members give up their free time to assist, and expecting a reply within 24 hours is not reasonable.

        Experts will answer when they have the time and the knowledge.
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd

        ** Remember to give credit where credit is due and leave reputation points where appropriate **