Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2003 - Hide certain users from GAL, put in custom list instead

Posted on 2010-09-23
3
Medium Priority
?
784 Views
Last Modified: 2012-05-10
I have 2 groups of user accounts that need to be hidden from the GAL for housekeeping reasons, but need to be accessible by some of our staff because they are shared accounts.

The account names are sequenced, like ABCUser01, ABCUser02 etc. so it would be easy to find them via wildcarding.

I want to create custom address lists to put these accounts in, and grant access to them using security groups for the folks who need to see them.  This part I know how to do.

However, I can't hide them in the AD account GUI because they won't show in any list then.

I've seen some articles saying that you can use powershell to change an attribute on the user account to remove it from the GAL, but allow it to be published in a custom address list.

My questions are:
1. Is there an easy way to hide user accounts from the GAL but put them in a custom list?

2. If powershell or other scripted approach is the right way, can you show me how to do it?

Thank you.

John

0
Comment
Question by:jinscoe
3 Comments
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 2000 total points
ID: 33745989
You can modify the GAL query... via ADSIEDIT.
But you need something uniquie to editify them with within the query.
You would have to add a search term to exclude. For example a specific descrition:
(!(description=ExcludeFromGAL))

See this: http://exchangeis.com/blogs/exchangeis/archive/2005/08/09/using-adsiedit-a-real-world-example.aspx

This is what the default GAL query looks like:

(&(mailnickname=*)(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList))(!(extensionAttribute1=CompanyName)))

I have changed before to exclude specific email domain used internally (users@domain2.com)
We had the same issue, we wanted them to show in other lists - just not the GAL.

So, we now have the below. You need to test your query! Do a results count before and after:

(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact)(!(mail=*DOMAIN2.COM)))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))

For OTHER lists we added a special description and used that in the query instead of MAIL=..

let me know if you need any more info. I don't know of another way to do this..

0
 

Author Comment

by:jinscoe
ID: 33960767
l;
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Loops Section Overview

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question