Re: Global Address List per Mail Domain

From: mustafa (mustafa_at_discussions.microsoft.com)
Date: 11/08/04

• Next message: Andy David - Exchange MVP: "Re: the semaphore timeout expired"
• Previous message: mustafa: "Re: Global Address List per Mail Domain"
• In reply to: Glen Trafford: "Re: Global Address List per Mail Domain"
• Next in thread: Glen Trafford: "Re: Global Address List per Mail Domain"
• Reply: Glen Trafford: "Re: Global Address List per Mail Domain"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 8 Nov 2004 06:07:05 -0800

Hi Glen!
I there any other "simple way" to realize it?
There are really many steps for this "simple configuration".
Does Microsoft Provising System simplfy these steps?

Best Regards
Mustafa

"Glen Trafford" wrote:

> You can create different global address lists and use security to restrict
> who has access to them.
>
> You will need to remove the default permissions (giving everyone access) to
> the GAL's and add a security group that is for each GAL.
>
> Note: if a user has access to multiple GAL's they will get the one with the
> largest number of objects in it.
>
> Note: If the user is not in one of the security groups they will not be
> able to resolve their name in the GAL and will not be able to create an
> Outlook Profile. So helpdesk and user admin people need to be aware of this.
>
> You can leave the default GAL as a super list of everyone. Very useful for
> support staff.
>
> Also you will need set security for the All Address lists as well. Just
> because it isn't in the GAL doesn't stop it (in this case) from being
> included in address lists lower down. This will probably leave a stub folder
> that each user can see but not open. They will not be able to open it as
> you will have set permissions on it. But because of the permissions on the
> container above it still gets listed. To hide it completely you need to
> take a few more steps:
>
> 1. In ADSI edit go to cn=directory service, cn=windows nt, cn=services,
> cn=configuration, dc=DOMAIN Goto properties to the dsHeuristics attribute
> and set this as 001.
> 2. Go to the Address Lists container in ADSI edit, under the configuration
> container in the Exchange Org, remove authenticated users permissions on the
> security tab and apply. Then go to the advanced security page and add
> authenticated users and CHOOSE "This Object Only" and grant List Objects,
> List Contents.
> 3. Go to Exchange System Manager to the All Addresses Container. Properties
> , advanced security Add authenticated users "this Object Only" select List
> Object.
> 4. Create address list and apply permissions on who you want to see it.
>
> Also you need to configure another Offline Address Book so that one for
> staff and one for students.
>
>
> These links outline most of the steps (except the stub address lists):
>
> You can create multiple GALs using this article:
> http://support.microsoft.com/default.aspx?kbid=318635
>
> Also create address lists for both companies and set security on the lists:
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;319213
>
>
>
> Glen
>
>
>
>
>
> "mustafa" <mustafa@discussions.microsoft.com> wrote in message
> news:56354CB3-36D4-48A3-8CFC-C9E890B1426B@microsoft.com...
> > Hi!
> > I host multiple domains on my Exchange 2003 server.
> > I created new Global Address Lists in ESM for each mail domain: for
> > example
> > GAL for abc.com, and GAL for xyz.com.
> > I want that the users who belong to domain abc.com should see ONLY and
> > ONLY
> > their own GAL, NOT the GAL for xyz.com.
> > And users who belong to domain xyz.com should see only and only their own
> > GAL.
> >
> > How can I realize it? Where should I restrict the permissions? Which
> > permissions for whom?
> >
> > Best Regards
> > Mustafa
>
>
>

---

• Next message: Andy David - Exchange MVP: "Re: the semaphore timeout expired"
• Previous message: mustafa: "Re: Global Address List per Mail Domain"
• In reply to: Glen Trafford: "Re: Global Address List per Mail Domain"
• Next in thread: Glen Trafford: "Re: Global Address List per Mail Domain"
• Reply: Glen Trafford: "Re: Global Address List per Mail Domain"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Access Control Best Practices for shared hosting seem at odds with Web Site Starters ... the server can write a file somewher. ... Security depends on the application itself. ... The MS Shared Hosting Deployment Guide lists among best practices: ... Ensure strong permissions are used on Web content ... (microsoft.public.inetserver.iis.security) Re: Hiding the GAL ... I have then taken off inheritance permissions, ... Staff security groups. ... > stop it from being included in address lists lower down. ... > You can create multiple GALs using this article: ... (microsoft.public.exchange.admin) Re: Global Address List per Mail Domain ... I would consider deleting the Address lists and only use the global address ... This would only require permissions set on each GAL. ... >> the GAL's and add a security group that is for each GAL. ... Go to the Address Lists container in ADSI edit, ... (microsoft.public.exchange.admin) Re: Looking to understand Exch 2003 GAL to Outlook configuration ... I've found that both the GALs we ... mailbox is only visible in the GAL that was a custom creation. ... > the person that created your new GAL did is restrict permissions to the ... > Which of the remaining Address Lists contains more entries? ... (microsoft.public.exchange.setup) Re: Global Address List per Mail Domain ... You can create different global address lists and use security to restrict ... You will need to remove the default permissions to ... Also you will need set security for the All Address lists as well. ... You can create multiple GALs using this article: ... (microsoft.public.exchange.admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)