Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Active Directory AD question about hiding users

Posted on 2006-07-21
Medium Priority
Last Modified: 2009-12-16
I know there is an option to hide (but not delete) a user in AD. This allows the user to receive emails, but cannot be found in global address book etc.

My question now:

Is it also possible to hide certain users from just certain departments, or just certain office locations?
Or in other words,
Can certain users be shown only to certain offices?

if so, do you know how to do it?

Question by:swisscommerce
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 17159901
Are you talking about Exchange?  If so, to hide from Global address lists:

Open Active Directory Users and Computers
Open the Properties dialog box for the user account
On the Exchange Advanced tab, select the Hide from Exchange Address Lists check box.
(FYI - this will work for group accounts as well)

The DC will have to have the Exchange Admin tools installed on it to view this property tab (run the Exchange setup, install only the tools).  Or, do from the Exchange server itself.

I'm doubtful about hiding per group, but you may be able to set permissions on the group itself to prevent certain users from viewing the members - we'll have to research that one further.

Author Comment

ID: 17160072
Thank you arttheqeek,

yes, this is about Exchange.

the reason why I am asking is because, our global address book has hundreds of users and now we want to introduce the resources functionalities to book conference rooms, projectors, catering directly from outlook 2003 etc.

having many office locations, it will become messy if we would add 3-6 conference rooms and 1-2 projectors etc as a resource for each location. Therefore, we are looking for a way to show those resources, only if your user Active Directory properties (credentials) are from the same office location, and if possible only show available and not already taken resources within that location for that time.

LVL 10

Accepted Solution

ryangorman earned 2000 total points
ID: 17168701
I see two methods of achieving this. I suggest just using the first one.

A. I would suggest creating an Address List per physical office. Then ask each user to configure their Outlook to display the address list for their office first (Outlook Tools/Address Book/Tools/Options/Show this address list first).

B. This is more dictatorial way and requires that you create multiple Address Lists as per B anyway. Create multiple Global Address Lists, each filtering per location as before. The secret is to secure the Address List via the Security tab so that users only have permission to view the required GAL. This 'forces' users to see the preferred GAL and gives them the ability to select the other Address Lists.
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

LVL 10

Expert Comment

ID: 17168733
B. This is more dictatorial way and requires that you create multiple Address Lists as per B anyway.

should read

B. This is a more dictatorial method and requires that you create multiple Address Lists as per A anyway.

Author Comment

ID: 17179415

this sounds interesting. Just want to clarify on more specific level.



NY Conference Room 1
NY Conference Room 2
NY Conference Room 3
CA Conference Room 1
CA Conference Room 2
CA Conference Room 3
FL Conference Room 1
FL Conference Room 2
FL Conference Room 3

Now, for a NY OFFICE user, it is possible to hide the Resources FL and Resources CA  so that only Resources NY is shown when he uses outlook to invite users for a meeting?
LVL 10

Expert Comment

ID: 17182416
Run System Manager and navigate to Recipients | All Global Address Lists. This normally contains one GAL called "Default Address List". This GAL filters all mail-enabled objects and is accessible by all authenicated users. You could change the filter to exclude any resource mailboxes but i'd recommend against that for the time being.

Now navigate to Recipients | All Address Lists. This normally contains three ALs - All Contacts, All Groups and All Users. Right click on Resources NY and display its properties. Click the security tab and amend the permissions as follows.

Remove the Anonymous Logon, Everyone and Authenticated Users.
Add a security group containing NY users and give them Read, List and Open Address List access.

Repeat these steps for the other address lists.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question