?
Solved

Hiding Default Global Address list only from certain OWA users

Posted on 2009-12-23
16
Medium Priority
?
1,523 Views
Last Modified: 2012-05-08
Hello

is it possible to hide the default Global Address list from certain OWA users.?? If so how is it done pls and thanks
0
Comment
Question by:ashjuv
  • 8
  • 5
  • 3
16 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26114724
You would have to segregate the Address lists and have the ones you don't want to see the full list in one group and those that you don't mind seeing the full list in another.
Here is how to segregate the address lists (works for Exchange 2010 also):
http://technet.microsoft.com/en-us/library/bb936719(EXCHG.80).aspx 
0
 
LVL 1

Accepted Solution

by:
CASheridan earned 1200 total points
ID: 26114731
From http://www.redline-software.com/eng/support/articles/msexchange/2007/address-lists-exchange2007-part1.php:
"As document in Knowledge Base article 817218, you can view all address lists in Active Directory using Outlook Web Access, regardless of the permissions that are set on the address list. In order to prevent users from being able to see and go through all GALs created in your Exchange organization, you can change the value of the attribute called msExchQueryBaseDN on the user properties using AdsiEdit from the default value of <not set> to the distinguished name of the custom GAL you want the user to see in OWA, as can be seen in Figure 12."

KB Article 817218 is for Exchange 2000, but appears to work for Exchange 2007:
http://support.microsoft.com/kb/817218

HTH
0
 

Author Comment

by:ashjuv
ID: 26114893
Hello HTH

I tried your suggestion, created a custom GAL and set the attribute "msExchQueryBaseDN" on the user properties with the DN of the custom GAL. so now both custom and Default GAL are showing in OWA. How do I hide default GAL and only show Custom??
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26114906
ashjuv - I posted before HTH and I know that my solution will work as I segregated my own 2010 server and only see what I am supposed to see.
My link will solve your question for you.
0
 

Author Comment

by:ashjuv
ID: 26115103
Sorry Alan

Don't mean to be rude, I did go through the link but got lost on the way, it's too much information. But anyway, Looks like you know what you are talking about and have already implimented this :) so I would definitely like your help on this.

I have already created an OU, and I have added all the users from whom I want to hide the Default GAL. these users typically use OWA only. Now I want to deny this OU permissions on the Default GAL right??
Will that effectively segregate the list from the people in the OU??
Can you please help? thanks a bunch !!!!!




0
 
LVL 1

Expert Comment

by:CASheridan
ID: 26115120
Did you wait for the permissions to replicate to all domain controllers?  Try logging off and then logging back in to OWA.
In my Exchange org for my user account, I have the msExchQueryBaseDN set to CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=ORG_NAME,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com

After about 10-15 minutes, when I logged off of OWA and then back in, the only GAL i can see is one entitle "All Users"
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26115130
No worries - just was feeling slightly neglected (but I will get over it) ;-)
The document is long winded, but very effective.
What is the overall result you want to achieve?
Ultimately the article will split the GAL into two or more GALs and one cannot see the other and vice-versa.  Is that what you need?
If it is - I will go into more detail.
0
 

Author Comment

by:ashjuv
ID: 26115197
Hello Alan

Well yes and no, I donot want to touch the default GAL at all. there are certain number of users who should only use OWA as an emailing tool. We don't want them to have access to information about other users in the company at all.
0
 

Author Comment

by:ashjuv
ID: 26115216
You are right HTH, the user now have access to the custom list only that I created.

 Will this setup have any other adverse effects. Pls let me know, thanks.
0
 

Author Comment

by:ashjuv
ID: 26115261
And one more thing, there are about 40 something users who need this attribute changed, it it possible to script it so that I can do them all in one shot.
 
thanq


( now that 's greedy, you experts are so good ... I just can't help  !!!!)

0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 800 total points
ID: 26115346
In that case - HTH's solution sounds good enough for you.
There are no adverse issues with doing it his way at all that I can think of.
To modify multiple users at the same time, just download and install ADModify 3.1 and set the attributes in one go on all accounts you chose.
Trying to find the correct link.
0
 

Author Comment

by:ashjuv
ID: 26115360
OK guys, thanks for help to both of you. I will try to locate the link for ADModify myself.

You guys a have a good one.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 26115369
Sorry - wrong version - 2.0 is the best one to use:
http://mostlyexchange.blogspot.com/2004/08/admodifynet-tool-rocks.html 
0
 
LVL 1

Expert Comment

by:CASheridan
ID: 26115376
Try using ADModify.  It's a tool from Microsoft PSS and is used for bulk changes to AD user objects.
http://www.codeplex.com/admodify

Add the users to a group, for example Address Book Users.  Run ADModify and set the Custom LDAP query to
(&(objectclass=user)(memberof=CN=Address Book Users,OU=Groups,DC=domain,DC=com))
ADModify should then provide a list of users that you can performa bulk modify on.
0
 

Author Comment

by:ashjuv
ID: 26115391
Oh great , u r fast :).

I was wondering if you could help with anothe issue I am having with self signed certificates. Mestha began helping and then left the post half way. If you are familiar with the stuff, Please take a look. into it, I will send a link to the question in a bit.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question