Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange Address list security and best practice

Posted on 2010-09-03
6
Medium Priority
?
698 Views
Last Modified: 2012-05-10
Im sure this has been raised many times-
I want to set the Global Address List in Exchange 2010 so that it is not accessable or viewable from the users. Each "Group/OU" will have there own Address list which is accessable by them and invisible to other Groups/OU's. Can any one point me towrds articles on securing the Address books and best practices. We do now want users E-mailing 10,000 other users and we have a duty of care with data protection etc.
Help with Powershell commands would great...

Thanks in advance
0
Comment
Question by:TCS-UK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33595137
This is a common request for things like hosted Exchange, and although this easy guide is for 2007, the same rules apply ;

http://www.kortekservices.com/lyle/
0
 
LVL 5

Accepted Solution

by:
michael_b_smith earned 2000 total points
ID: 33598152
Note that if you are using RBAC in Exchange 2010, the traditional address-list segregation work discussed on the above website will not work, and will, in fact, break all address lists present on your server.

In Exchange 2010 sp1, there is a new hosting mode designed to address this specific issue.

At this time, address list segregation is officially not supported for Exchange 2010 outside of hosting mode. Dave Goldman, of Microsoft, has indicated that when it is possible and supported, he will provide an update on his website. See http://blogs.msdn.com/b/dgoldman/archive/2010/05/10/critical-update-exchange-2010-address-list-segregation-and-current-support-stances.aspx.
0
 

Author Comment

by:TCS-UK
ID: 33635331
Is it better to hide the GAL then or set the permission to "denied".
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 5

Expert Comment

by:michael_b_smith
ID: 33636564
I would probably go with "hide it".
0
 

Author Comment

by:TCS-UK
ID: 33670274
The SP1 release requires a totally different AD model and the multi-tenant package does not support Unified messaging and public folders to name but a few. This looks like one almighty MS cockup!
0
 

Author Closing Comment

by:TCS-UK
ID: 33734542
Although it does not answer the question (Even MS cannot do this) it did high light exactly why it cannot at this time be done. We await the MS White paper for AB segmentation. Thanks Michael.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I discuss my selections of the Top Four free Outlook OST File Viewers available. Open, view and read even damaged OST files by using these tools. They all provide a clear preview of all data such as emails, notes, tasks, calendars, e…
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question