offline address book - security issue - need urgent help

Hi all, I need urgent support on this:

I am working with Exchange offline address book

Basically I am trying to configure Exchange 2003 to support multiple organization, i.e each organization will have different addresslist / offline address list.

I know all these configuration needs to be done using ACL permissions...

but I am facing severe issues on that security config:
what happens is that when I setup the security settings and login into Exchange using a user of an organization
I am abe to see all users in the Exchange whe I must be able to see only user of the specific organization

what I am doing of wrong??

I can assign 3000 points or issue...please help! I have the drop tomorrow
LVL 10
Who is Participating?
VahikConnect With a Mentor Commented:;en-us;321723
this how u figure out DN of an object and use in in ur LDAP filter....
ok kido here goes my two cents...based on my own assumption
U are supporting and
create two ous and name them accordingly
create two groups in each for users one for admins
in each ou's security tab give the appropriate permissions to users and groups of that ou
take everyone else out.....for the admins u decide....for users which are included in the
group give them list content and read permissions and read all properties allow permissions(it mabe special permissions)

once u have this setup go to ur exchange system manager right click on default global
address list and take out authenticated users and any other users including anonymous
do not touch system or server or administrators....
now right click on the global address list and choose it on filter
and choose advanced in the field choose group ...and choose members from drop down
list ....condition leave it IS( exactly)  and in the value put the groups DISTIGUISHED NAME
when finished   click on preview and make sure the right group and memeber shows up in the list.once u are satisfied right click on the newly created global address list and
take every users out except the group itself and its memebers and make sure they have
ALLOW open address list permission.....PS: take out allow inherited permission from
parent bla bla....and choose copy first and then take out folks that are not suppose to see
the list....

do this proccess for the second group....once tested in outlook and back
we will take care of the rest of ur problem
u can also use this article which is based on UPN LDAP filter...
NetDeveloperAuthor Commented:
Vahik, tnx

can u contact me at

tnx regards
All Courses

From novice to tech pro — start learning today.