We currently have an Exchange 2013 server, which is multi-tenant. This server provides hosted Exchange services for multiple customers. Those customers, in-turn, have multiple users (mailboxes) within their ogranization.
There are separate Exchange databases for each customer. AD has separate OU for each organization, which holds the AD accounts for said organization.
We've identified that when a user logs into Outlook Web App, and goes to 'People', under 'Directory' and 'All Users', they can see ALL mailboxes for ALL customers (organizations) hosted on Exchange. For obvious reasons, we wish to keep our customers segregated from each other and thus, one organization should not be able to see users for other organizations.
In ADSI Edit, I've verified that the 'msExchQueryBaseDN' is set properly for all mailboxes. The value is as it should be, which is pointed to the customer-specific OU that holds the AD objects for said customer.
So my question, if and how can the Mailboxes (or databases) be changed so that this information is hidden for users outside of the customer's organization?
Thank you any suggestions you guys can provide!