Exchange 2003 - Hide certain users from GAL, put in custom list instead

I have 2 groups of user accounts that need to be hidden from the GAL for housekeeping reasons, but need to be accessible by some of our staff because they are shared accounts.

The account names are sequenced, like ABCUser01, ABCUser02 etc. so it would be easy to find them via wildcarding.

I want to create custom address lists to put these accounts in, and grant access to them using security groups for the folks who need to see them.  This part I know how to do.

However, I can't hide them in the AD account GUI because they won't show in any list then.

I've seen some articles saying that you can use powershell to change an attribute on the user account to remove it from the GAL, but allow it to be published in a custom address list.

My questions are:
1. Is there an easy way to hide user accounts from the GAL but put them in a custom list?

2. If powershell or other scripted approach is the right way, can you show me how to do it?

Thank you.

John

jinscoeAsked:
Who is Participating?
 
FDiskWizardCommented:
You can modify the GAL query... via ADSIEDIT.
But you need something uniquie to editify them with within the query.
You would have to add a search term to exclude. For example a specific descrition:
(!(description=ExcludeFromGAL))

See this: http://exchangeis.com/blogs/exchangeis/archive/2005/08/09/using-adsiedit-a-real-world-example.aspx

This is what the default GAL query looks like:

(&(mailnickname=*)(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList))(!(extensionAttribute1=CompanyName)))

I have changed before to exclude specific email domain used internally (users@domain2.com)
We had the same issue, we wanted them to show in other lists - just not the GAL.

So, we now have the below. You need to test your query! Do a results count before and after:

(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact)(!(mail=*DOMAIN2.COM)))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList) ))

For OTHER lists we added a special description and used that in the query instead of MAIL=..

let me know if you need any more info. I don't know of another way to do this..

0
 
jinscoeAuthor Commented:
l;
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.