restrict outlook anywhere user from seeing global address list yet keep the ability to log onto using outlook anywhere or RPC over HTTP/s

Posted on 2010-09-14
Last Modified: 2012-05-10
I have implemented outlook anywhere or rpc over http/s on our exchange servers and have the accounts working and accessing their e-mail.  I find out that these users still have access to view the entire GAL.  I read a great walkthrough with regard to setting up hosted exchange for just this purpose and to my knowledge I have everything setup correctly, except for this GAL issue.  If I take the user's permissions away from seeing the default GAL, they can no longer log into their account.  If I give it back, they can see all the people in the GAL.  Can someone please enlighten me on where I'm messing the permissions up or what they should be?  My end goal is to have a single user sign on in his own group and see only himself, or members in his specific group.

i've setup this so far:

1.  "open address list" permission given on default GAL, otherwise they can't log in.
2.  created them their own GAL and gave them permission to it.
3.  created them their own Offline Address List and gave the user's universal security group "read" permission to it.
4.  set the user's msExchUseOAB to the distinguished name of their respective OAL
5.  set the user's msExchQueryBaseDN to their corresponding OU for their group

help please!
Question by:firstheartland
  • 2
  • 2
LVL 32

Expert Comment

ID: 33676507
you need to create a group and add the users that should not see the gal
then add this group to the permissions for the gal with a deny

Author Comment

ID: 33676609
ok, for my clarity, I have the universal security group with the user in question as a member already.  So I need to set the group to deny permission for the default GAL, or I need to create a new group consisting of everyone that shouldn't see the GAL?
LVL 32

Accepted Solution

endital1097 earned 500 total points
ID: 33676635
use your existing group and deny open address list

Author Closing Comment

ID: 33738291
Not sure why I thought I needed the opposite, but this works peachy.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2013 POP3 2 34
Public folders data to network share. 8 28
Email Header Detail 12 55
Quickbooks sends emails from the incorrect email account regardless of settings 10 23
What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question