Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 703
  • Last Modified:

Exchange Address list security and best practice

Im sure this has been raised many times-
I want to set the Global Address List in Exchange 2010 so that it is not accessable or viewable from the users. Each "Group/OU" will have there own Address list which is accessable by them and invisible to other Groups/OU's. Can any one point me towrds articles on securing the Address books and best practices. We do now want users E-mailing 10,000 other users and we have a duty of care with data protection etc.
Help with Powershell commands would great...

Thanks in advance
0
TCS-UK
Asked:
TCS-UK
  • 3
  • 2
1 Solution
 
Coast-ITCommented:
This is a common request for things like hosted Exchange, and although this easy guide is for 2007, the same rules apply ;

http://www.kortekservices.com/lyle/
0
 
michael_b_smithCommented:
Note that if you are using RBAC in Exchange 2010, the traditional address-list segregation work discussed on the above website will not work, and will, in fact, break all address lists present on your server.

In Exchange 2010 sp1, there is a new hosting mode designed to address this specific issue.

At this time, address list segregation is officially not supported for Exchange 2010 outside of hosting mode. Dave Goldman, of Microsoft, has indicated that when it is possible and supported, he will provide an update on his website. See http://blogs.msdn.com/b/dgoldman/archive/2010/05/10/critical-update-exchange-2010-address-list-segregation-and-current-support-stances.aspx.
0
 
TCS-UKAuthor Commented:
Is it better to hide the GAL then or set the permission to "denied".
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
michael_b_smithCommented:
I would probably go with "hide it".
0
 
TCS-UKAuthor Commented:
The SP1 release requires a totally different AD model and the multi-tenant package does not support Unified messaging and public folders to name but a few. This looks like one almighty MS cockup!
0
 
TCS-UKAuthor Commented:
Although it does not answer the question (Even MS cannot do this) it did high light exactly why it cannot at this time be done. We await the MS White paper for AB segmentation. Thanks Michael.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now