add membership to group shows wrong GAL

Home Forums Messaging Software Exchange 2007 / 2010 / 2013 add membership to group shows wrong GAL

This topic contains 3 replies, has 3 voices, and was last updated by Avatar DYasny 7 years, 2 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • Avatar

    I originally posted on the exchange server forums at technet.

    I had an exchange 2010 environment. We have several departments who need to only be able to see the users from their department in their GAL/OAB/ABs. I set it up using legacy segregation(this was pre-sp2), and everything worked perfectly. They see the write GAL and OAB and ABs. They don’t see the ones they shouldn’t.

    Then I got a request to allow a user to manage one of the distribution groups. No problem, set up a management role for him with the right permissions… Assigned it to him. Then I tested.

    Log into OWA as the user.
    Check Address Book -> Address Book shows correct GAL and users.
    Click on options. Click on groups.
    Edit the group under “Public groups I own”
    Expand membership and click on Add -> Entire organization is displayed. User is explicitly denied on the default GAL and any GAL which shows the full organization, but he can see it from the add-members.

    I was told by a microsoft rep on the technet forums that I need to go to SP2 and set up ABPs and remove the legacy segregation and that would fix it.

    Upgraded all servers to SP2.
    Removed legacy segregation.
    Set up ABPs.
    Verified that the user can only see the correct GAL/OAB/ABs from both outlook and OWA.
    Tested the ability to add members to a public group the user owns -> He can see the entire organization.

    Tested again from a non-domain joined pc at a remote site using the users credentials, same result.

    When they click on add in the group membership management it gives an address list that the user does not have access to(even tried with explicit deny), so what user/account is it using to access the address books?

    If it uses a different account/context, what determines it and can you have each address book accessing a separate one?

    If not, is it pulling the user list from something other than the address books/GALs?

    If none of these, why is it doing this or at least how do I fix it?


    Re: add membership to group shows wrong GAL

    anyone available to assist?


    Re: add membership to group shows wrong GAL

    Is the Add group member dialog using ldap browsing, maybe?


    Re: add membership to group shows wrong GAL

    Please don’t keep bouncing your post — members give up their free time to assist, and expecting a reply within 24 hours is not reasonable.

    Experts will answer when they have the time and the knowledge.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.