Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 490
  • Last Modified:

restrict outlook anywhere user from seeing global address list yet keep the ability to log onto using outlook anywhere or RPC over HTTP/s

I have implemented outlook anywhere or rpc over http/s on our exchange servers and have the accounts working and accessing their e-mail.  I find out that these users still have access to view the entire GAL.  I read a great walkthrough with regard to setting up hosted exchange for just this purpose and to my knowledge I have everything setup correctly, except for this GAL issue.  If I take the user's permissions away from seeing the default GAL, they can no longer log into their account.  If I give it back, they can see all the people in the GAL.  Can someone please enlighten me on where I'm messing the permissions up or what they should be?  My end goal is to have a single user sign on in his own group and see only himself, or members in his specific group.

i've setup this so far:

1.  "open address list" permission given on default GAL, otherwise they can't log in.
2.  created them their own GAL and gave them permission to it.
3.  created them their own Offline Address List and gave the user's universal security group "read" permission to it.
4.  set the user's msExchUseOAB to the distinguished name of their respective OAL
5.  set the user's msExchQueryBaseDN to their corresponding OU for their group

help please!
0
firstheartland
Asked:
firstheartland
  • 2
  • 2
1 Solution
 
endital1097Commented:
you need to create a group and add the users that should not see the gal
then add this group to the permissions for the gal with a deny
0
 
firstheartlandAuthor Commented:
ok, for my clarity, I have the universal security group with the user in question as a member already.  So I need to set the group to deny permission for the default GAL, or I need to create a new group consisting of everyone that shouldn't see the GAL?
0
 
endital1097Commented:
use your existing group and deny open address list
0
 
firstheartlandAuthor Commented:
Not sure why I thought I needed the opposite, but this works peachy.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now