Solved

Exchange 2003 - Hide certain users from GAL, put in custom list instead

Posted on 2010-09-23
3
769 Views
Last Modified: 2012-05-10
I have 2 groups of user accounts that need to be hidden from the GAL for housekeeping reasons, but need to be accessible by some of our staff because they are shared accounts.

The account names are sequenced, like ABCUser01, ABCUser02 etc. so it would be easy to find them via wildcarding.

I want to create custom address lists to put these accounts in, and grant access to them using security groups for the folks who need to see them.  This part I know how to do.

However, I can't hide them in the AD account GUI because they won't show in any list then.

I've seen some articles saying that you can use powershell to change an attribute on the user account to remove it from the GAL, but allow it to be published in a custom address list.

My questions are:
1. Is there an easy way to hide user accounts from the GAL but put them in a custom list?

2. If powershell or other scripted approach is the right way, can you show me how to do it?

Thank you.

John

0
Comment
Question by:jinscoe
3 Comments
 
LVL 12

Accepted Solution

by:
FDiskWizard earned 500 total points
ID: 33745989
You can modify the GAL query... via ADSIEDIT.
But you need something uniquie to editify them with within the query.
You would have to add a search term to exclude. For example a specific descrition:
(!(description=ExcludeFromGAL))

See this: http://exchangeis.com/blogs/exchangeis/archive/2005/08/09/using-adsiedit-a-real-world-example.aspx

This is what the default GAL query looks like:

(&(mailnickname=*)(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList))(!(extensionAttribute1=CompanyName)))

I have changed before to exclude specific email domain used internally (users@domain2.com)
We had the same issue, we wanted them to show in other lists - just not the GAL.

So, we now have the below. You need to test your query! Do a results count before and after:

(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact)(!(mail=*DOMAIN2.COM)))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))

For OTHER lists we added a special description and used that in the query instead of MAIL=..

let me know if you need any more info. I don't know of another way to do this..

0
 

Author Comment

by:jinscoe
ID: 33960767
l;
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
A procedure for exporting installed hotfix details of remote computers using powershell
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now