Link to home
Start Free TrialLog in
Avatar of vbchewie
vbchewieFlag for United States of America

asked on

Restrict users from seeing a specific Address List

I have two companies.  The second company has only 5 users.  I have setup an Address List for those users.  I would like the people at the second company to be able to see their Address List and nothing more.  I dont want them to have access to the Default GAL or All Users.
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of vbchewie

ASKER

In part he has a link to  "Configuring Virtual Organizations and Address List Segregation in Exchange 2007."  http://technet.microsoft.com/en-us/exchange/bb936719.aspx
Option1 sounds like the one I will use.
I now have a problem when I ran this command
Get-GlobalAddressList Default Global Address List | Add-ADPermission -User "Authenticated Users" -AccessRights GenericRead -ExtendedRights Open-Address-Book -Deny:$True
My Default Global Address List disappeared.  I'm hoping this is what is suppose to happen but now later on in the documentation were I am suppose to add a Security Group for all Hosted Groups I get this error message.
Add-ADPermission : CN=Address Lists Container,CN=company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=local was not found. Please make sure you have typed it correctly. At line:1 char:17 + Add-ADPermission  <<<< -Identity "CN=Address Lists Container,CN=company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=company,DC=local" -User "All Hosted Groups SG" -AccessRights GenericRead -Deny
I worried I have hosed my entire Exchange environment.
Please Advise

Thank You
Nevermind on that last question ID: 22039166.  I'm past it now.
Thank You
In the document
http://technet.microsoft.com/en-us/exchange/bb936719.aspx 
Over halfway down in the document it talks about
Modify the msExchQueryBaseDN:
$user = ([ADSI]"LDAP://DC01:389/CN=Test User1,ou= Fabrikam,ou=companies,dc=contoso,dc=com).psbase; $user.Properties["msExchQueryBaseDN"].Value = "ou= Fabrikam,ou=companies,dc=contoso,dc=com"; $user.CommitChanges();

Can you tell me is the CN=Test User1 suppose to be a user or a Security Group the users are in?

Thank you.