offline address book - security issue - need urgent help

Posted on 2005-03-16
Medium Priority
Last Modified: 2008-03-06
Hi all, I need urgent support on this:

I am working with Exchange offline address book

Basically I am trying to configure Exchange 2003 to support multiple organization, i.e each organization will have different addresslist / offline address list.

I know all these configuration needs to be done using ACL permissions...

but I am facing severe issues on that security config:
what happens is that when I setup the security settings and login into Exchange using a user of an organization
I am abe to see all users in the Exchange whe I must be able to see only user of the specific organization

what I am doing of wrong??

I can assign 3000 points or more....no issue...please help! I have the drop tomorrow
Question by:NetDeveloper
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 26

Expert Comment

ID: 13561610
ok kido here goes my two cents...based on my own assumption
U are supporting ABC.com and NBC.com
create two ous and name them accordingly
create two groups in each OU.....one for users one for admins
in each ou's security tab give the appropriate permissions to users and groups of that ou
take everyone else out.....for the admins u decide....for users which are included in the
group give them list content and read permissions and read all properties allow permissions(it mabe special permissions)

once u have this setup go to ur exchange system manager right click on default global
address list and take out authenticated users and any other users including anonymous
do not touch system or server or administrators....
now right click on the global address list and choose new....name it ...click on filter
and choose advanced in the field choose group ...and choose members from drop down
list ....condition leave it IS( exactly)  and in the value put the groups DISTIGUISHED NAME
when finished   click on preview and make sure the right group and memeber shows up in the list.once u are satisfied right click on the newly created global address list and
take every users out except the group itself and its memebers and make sure they have
ALLOW open address list permission.....PS: take out allow inherited permission from
parent bla bla....and choose copy first and then take out folks that are not suppose to see
the list....

do this proccess for the second group....once tested in outlook and satisfied....call back
we will take care of the rest of ur problem
LVL 26

Expert Comment

ID: 13561653
u can also use this article which is based on UPN LDAP filter...
LVL 26

Accepted Solution

Vahik earned 2000 total points
ID: 13561670
this how u figure out DN of an object and use in in ur LDAP filter....
LVL 10

Author Comment

ID: 13562770
Vahik, tnx

can u contact me at netdeveloper@hotmail.it

tnx regards

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question