Solved

Active Directory AD question about hiding users

Posted on 2006-07-21
8
383 Views
Last Modified: 2009-12-16
I know there is an option to hide (but not delete) a user in AD. This allows the user to receive emails, but cannot be found in global address book etc.


My question now:

Is it also possible to hide certain users from just certain departments, or just certain office locations?
Or in other words,
Can certain users be shown only to certain offices?

if so, do you know how to do it?

thanks!
0
Comment
Question by:swisscommerce
  • 3
  • 2
8 Comments
 
LVL 3

Expert Comment

by:artthegeek
ID: 17159901
Are you talking about Exchange?  If so, to hide from Global address lists:

Open Active Directory Users and Computers
Open the Properties dialog box for the user account
On the Exchange Advanced tab, select the Hide from Exchange Address Lists check box.
(FYI - this will work for group accounts as well)

The DC will have to have the Exchange Admin tools installed on it to view this property tab (run the Exchange setup, install only the tools).  Or, do from the Exchange server itself.

I'm doubtful about hiding per group, but you may be able to set permissions on the group itself to prevent certain users from viewing the members - we'll have to research that one further.
0
 

Author Comment

by:swisscommerce
ID: 17160072
Thank you arttheqeek,

yes, this is about Exchange.

the reason why I am asking is because, our global address book has hundreds of users and now we want to introduce the resources functionalities to book conference rooms, projectors, catering directly from outlook 2003 etc.

having many office locations, it will become messy if we would add 3-6 conference rooms and 1-2 projectors etc as a resource for each location. Therefore, we are looking for a way to show those resources, only if your user Active Directory properties (credentials) are from the same office location, and if possible only show available and not already taken resources within that location for that time.

Thanks.
0
 
LVL 10

Accepted Solution

by:
ryangorman earned 500 total points
ID: 17168701
I see two methods of achieving this. I suggest just using the first one.

A. I would suggest creating an Address List per physical office. Then ask each user to configure their Outlook to display the address list for their office first (Outlook Tools/Address Book/Tools/Options/Show this address list first).

B. This is more dictatorial way and requires that you create multiple Address Lists as per B anyway. Create multiple Global Address Lists, each filtering per location as before. The secret is to secure the Address List via the Security tab so that users only have permission to view the required GAL. This 'forces' users to see the preferred GAL and gives them the ability to select the other Address Lists.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 10

Expert Comment

by:ryangorman
ID: 17168733
Correction
B. This is more dictatorial way and requires that you create multiple Address Lists as per B anyway.

should read

B. This is a more dictatorial method and requires that you create multiple Address Lists as per A anyway.
0
 

Author Comment

by:swisscommerce
ID: 17179415
ryangorman,

this sounds interesting. Just want to clarify on more specific level.


Example:

GLOBAL ADDRESS BOOK
NY OFFICE USERS
CA OFFICE USERS
FL OFFICE USERS


RESOURCES NY (ADDRESS BOOK)
NY Conference Room 1
NY Conference Room 2
NY Conference Room 3
NY PROJECTOR
RESOURCES CA (ADDRESS BOOK)
CA Conference Room 1
CA Conference Room 2
CA Conference Room 3
CA PROJECTOR
RESOURCES FL (ADDRESS BOOK)
FL Conference Room 1
FL Conference Room 2
FL Conference Room 3
FL PROJECTOR

Now, for a NY OFFICE user, it is possible to hide the Resources FL and Resources CA  so that only Resources NY is shown when he uses outlook to invite users for a meeting?
0
 
LVL 10

Expert Comment

by:ryangorman
ID: 17182416
Run System Manager and navigate to Recipients | All Global Address Lists. This normally contains one GAL called "Default Address List". This GAL filters all mail-enabled objects and is accessible by all authenicated users. You could change the filter to exclude any resource mailboxes but i'd recommend against that for the time being.

Now navigate to Recipients | All Address Lists. This normally contains three ALs - All Contacts, All Groups and All Users. Right click on Resources NY and display its properties. Click the security tab and amend the permissions as follows.

Remove the Anonymous Logon, Everyone and Authenticated Users.
Add a security group containing NY users and give them Read, List and Open Address List access.

Repeat these steps for the other address lists.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now