ashjuv
asked on
Hiding Default Global Address list only from certain OWA users
Hello
is it possible to hide the default Global Address list from certain OWA users.?? If so how is it done pls and thanks
is it possible to hide the default Global Address list from certain OWA users.?? If so how is it done pls and thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello HTH
I tried your suggestion, created a custom GAL and set the attribute "msExchQueryBaseDN" on the user properties with the DN of the custom GAL. so now both custom and Default GAL are showing in OWA. How do I hide default GAL and only show Custom??
I tried your suggestion, created a custom GAL and set the attribute "msExchQueryBaseDN" on the user properties with the DN of the custom GAL. so now both custom and Default GAL are showing in OWA. How do I hide default GAL and only show Custom??
ashjuv - I posted before HTH and I know that my solution will work as I segregated my own 2010 server and only see what I am supposed to see.
My link will solve your question for you.
My link will solve your question for you.
ASKER
Sorry Alan
Don't mean to be rude, I did go through the link but got lost on the way, it's too much information. But anyway, Looks like you know what you are talking about and have already implimented this :) so I would definitely like your help on this.
I have already created an OU, and I have added all the users from whom I want to hide the Default GAL. these users typically use OWA only. Now I want to deny this OU permissions on the Default GAL right??
Will that effectively segregate the list from the people in the OU??
Can you please help? thanks a bunch !!!!!
Don't mean to be rude, I did go through the link but got lost on the way, it's too much information. But anyway, Looks like you know what you are talking about and have already implimented this :) so I would definitely like your help on this.
I have already created an OU, and I have added all the users from whom I want to hide the Default GAL. these users typically use OWA only. Now I want to deny this OU permissions on the Default GAL right??
Will that effectively segregate the list from the people in the OU??
Can you please help? thanks a bunch !!!!!
Did you wait for the permissions to replicate to all domain controllers? Try logging off and then logging back in to OWA.
In my Exchange org for my user account, I have the msExchQueryBaseDN set to CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=ORG_NAME,CN=M icrosoft Exchange,CN=Services,CN=Co nfiguratio n,DC=domai n,DC=com
After about 10-15 minutes, when I logged off of OWA and then back in, the only GAL i can see is one entitle "All Users"
In my Exchange org for my user account, I have the msExchQueryBaseDN set to CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=ORG_NAME,CN=M
After about 10-15 minutes, when I logged off of OWA and then back in, the only GAL i can see is one entitle "All Users"
No worries - just was feeling slightly neglected (but I will get over it) ;-)
The document is long winded, but very effective.
What is the overall result you want to achieve?
Ultimately the article will split the GAL into two or more GALs and one cannot see the other and vice-versa. Is that what you need?
If it is - I will go into more detail.
The document is long winded, but very effective.
What is the overall result you want to achieve?
Ultimately the article will split the GAL into two or more GALs and one cannot see the other and vice-versa. Is that what you need?
If it is - I will go into more detail.
ASKER
Hello Alan
Well yes and no, I donot want to touch the default GAL at all. there are certain number of users who should only use OWA as an emailing tool. We don't want them to have access to information about other users in the company at all.
Well yes and no, I donot want to touch the default GAL at all. there are certain number of users who should only use OWA as an emailing tool. We don't want them to have access to information about other users in the company at all.
ASKER
You are right HTH, the user now have access to the custom list only that I created.
Will this setup have any other adverse effects. Pls let me know, thanks.
Will this setup have any other adverse effects. Pls let me know, thanks.
ASKER
And one more thing, there are about 40 something users who need this attribute changed, it it possible to script it so that I can do them all in one shot.
thanq
( now that 's greedy, you experts are so good ... I just can't help !!!!)
thanq
( now that 's greedy, you experts are so good ... I just can't help !!!!)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK guys, thanks for help to both of you. I will try to locate the link for ADModify myself.
You guys a have a good one.
You guys a have a good one.
Sorry - wrong version - 2.0 is the best one to use:
http://mostlyexchange.blogspot.com/2004/08/admodifynet-tool-rocks.html
http://mostlyexchange.blogspot.com/2004/08/admodifynet-tool-rocks.html
Try using ADModify. It's a tool from Microsoft PSS and is used for bulk changes to AD user objects.
http://www.codeplex.com/admodify
Add the users to a group, for example Address Book Users. Run ADModify and set the Custom LDAP query to
(&(objectclass=user)(membe rof=CN=Add ress Book Users,OU=Groups,DC=domain, DC=com))
ADModify should then provide a list of users that you can performa bulk modify on.
http://www.codeplex.com/admodify
Add the users to a group, for example Address Book Users. Run ADModify and set the Custom LDAP query to
(&(objectclass=user)(membe
ADModify should then provide a list of users that you can performa bulk modify on.
ASKER
Oh great , u r fast :).
I was wondering if you could help with anothe issue I am having with self signed certificates. Mestha began helping and then left the post half way. If you are familiar with the stuff, Please take a look. into it, I will send a link to the question in a bit.
I was wondering if you could help with anothe issue I am having with self signed certificates. Mestha began helping and then left the post half way. If you are familiar with the stuff, Please take a look. into it, I will send a link to the question in a bit.
Here is how to segregate the address lists (works for Exchange 2010 also):
http://technet.microsoft.com/en-us/library/bb936719(EXCHG.80).aspx