Link to home
Start Free TrialLog in
Avatar of Ben Hart
Ben HartFlag for United States of America

asked on

AddressList segregation?

My company and our parent has completed a FIM synchronization, I now have an OU filled with sync'd mail-enabled contacts that I need address lists for.

I created an address list the other day for a subset of those contact, specifically those with matching domain names in their externalEmailAddress attributes.  List created and populated successfully.
Today however I notice ALL of the contacts listed in my GAL, which I was specifically trying to avoid.  So now I'm looking at separating the newly created lists from my default GAL.  Is what I'm describing GAL Segregation?  I'm not wanting to limit access to, just separating the internal and external objects with external email addresses from the GAL so it's not impossible to sift through.

Am I on the right track with creating new global address lists? Ideally I want to click the address book dropdown and see Default Global Address list, then External Contacts, then maybe even company a, company b, etc.
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

What version of Exchange do you have?

Exchange 2010 with SP2 caters readily for GAL separation.

If you have Exchange 2007, there is a White Paper, but it is quite technical and involves messing with lots of Exchange.
You can modify the logic of the Global Address List so it excludes email addresses that are external to your environment. There are two things you need to do here:
1. Modify the GAL settings in ADSI Edit to grant permissions for modifying the GAL recipient list: Open ADSIEdit, Connect to the Configuration Naming Context, Expand Domain, Expand CN=Services, Expand CN=Microsoft Exchange, Expand CN=First Organization, Expand CN=Address Lists Container, Expand CN=All Global Address Lists, Right click CN=Default Global Address List and select properties. Look for msExchRecipientFilterFlags and change that to 0.
2. Use the following to update the recipient filter:
get-globaladdresslist | set-globaladdresslist -recipientfilter {string for filter}

A good idea for doing this is to first set up and address list that has only the local domain's emails listed, then apply that recipient filter to the GAL.
Avatar of Ben Hart

ASKER

Well actually I coulda sworn we were on SP2 but according to the version number 14.1.218.15 we're not.  I should upgrade first then I suppose.
If you have Exchange 2010 - then absolutely and then you can enjoy the new Address Book Policies.
So something akin to:
get-globaladdresslist -identity 'default global address list' | set-globaladdresslist -recipientfilter { 

Open in new window


Whats the appropriate switch to include the other address lists?

If I was to upgrade both servers to SP2 tonight, would I be able to make these changes without altering the container via ADSIedit?
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Alan.. but wont i also need to do something to remove the entries that I do not want in the default Gal from there?
No - you assign the Address Book Policy and it takes care of what is seen in the GAL that the members of the Address Book see.
Thanks Alan, I am installing Sp2 this weekend, I appreciate the help.
Shout of you get stuck anywhere.
Thanks.. I want to keep this question open so I dont have to start another.
That's fine - don't close it until you are happy.
Well I'm definitely not happy, I ran into the http://support.microsoft.com/kb/2668686 error when  installing SP2.  While it's not related to this post I'l go ahead and close this one.  Why oh why cant MSFT code a service pack better?

Thanks for the help on my question Alan.
Sorry you had problems - it has always just gone on without any pain for me.