Hiding Default Global Address list only from certain OWA users

You would have to segregate the Address lists and have the ones you don't want to see the full list in one group and those that you don't mind seeing the full list in another.
Here is how to segregate the address lists (works for Exchange 2010 also):
http://technet.microsoft.com/en-us/library/bb936719(EXCHG.80).aspx 

Hello HTH

I tried your suggestion, created a custom GAL and set the attribute "msExchQueryBaseDN" on the user properties with the DN of the custom GAL. so now both custom and Default GAL are showing in OWA. How do I hide default GAL and only show Custom??

ashjuv - I posted before HTH and I know that my solution will work as I segregated my own 2010 server and only see what I am supposed to see.
My link will solve your question for you.

Sorry Alan

Don't mean to be rude, I did go through the link but got lost on the way, it's too much information. But anyway, Looks like you know what you are talking about and have already implimented this :) so I would definitely like your help on this.

I have already created an OU, and I have added all the users from whom I want to hide the Default GAL. these users typically use OWA only. Now I want to deny this OU permissions on the Default GAL right??
Will that effectively segregate the list from the people in the OU??
Can you please help? thanks a bunch !!!!!

Did you wait for the permissions to replicate to all domain controllers?  Try logging off and then logging back in to OWA.
In my Exchange org for my user account, I have the msExchQueryBaseDN set to CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=ORG_NAME,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com

After about 10-15 minutes, when I logged off of OWA and then back in, the only GAL i can see is one entitle "All Users"

No worries - just was feeling slightly neglected (but I will get over it) ;-)
The document is long winded, but very effective.
What is the overall result you want to achieve?
Ultimately the article will split the GAL into two or more GALs and one cannot see the other and vice-versa.  Is that what you need?
If it is - I will go into more detail.

Hello Alan

Well yes and no, I donot want to touch the default GAL at all. there are certain number of users who should only use OWA as an emailing tool. We don't want them to have access to information about other users in the company at all.

You are right HTH, the user now have access to the custom list only that I created.

 Will this setup have any other adverse effects. Pls let me know, thanks.

And one more thing, there are about 40 something users who need this attribute changed, it it possible to script it so that I can do them all in one shot.
 
thanq


( now that 's greedy, you experts are so good ... I just can't help  !!!!)

OK guys, thanks for help to both of you. I will try to locate the link for ADModify myself.

You guys a have a good one.

Sorry - wrong version - 2.0 is the best one to use:
http://mostlyexchange.blogspot.com/2004/08/admodifynet-tool-rocks.html 

Try using ADModify.  It's a tool from Microsoft PSS and is used for bulk changes to AD user objects.
http://www.codeplex.com/admodify

Add the users to a group, for example Address Book Users.  Run ADModify and set the Custom LDAP query to
(&(objectclass=user)(memberof=CN=Address Book Users,OU=Groups,DC=domain,DC=com))
ADModify should then provide a list of users that you can performa bulk modify on.

Oh great , u r fast :).

I was wondering if you could help with anothe issue I am having with self signed certificates. Mestha began helping and then left the post half way. If you are familiar with the stuff, Please take a look. into it, I will send a link to the question in a bit.

https://www.experts-exchange.com/questions/24997600/Outlook-2007-clients-cannot-connect-to-exchange-2007-after-changing-the-internal-urls-on-the-certificates.html