RE: Access to Global Address List

  • From: "Michael B. Smith" <michael@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 12 Oct 2004 10:09:25 -0400

2) Create the new Address List

ESM -> Recipients -> All Address Lists -> New Address List

Give AL a name "Address List - domain" where domain is the client name.

Click "Filter Rules", select Find -> Custom Search

Click the Advanced tab. Enter a LDAP query like this:
(&(mailnickname=*)(userprincipalname=*@domain.com))

where "@domain.com" is the UPN chosen for the client.

Click "Find Now" to test.

Click "OK".

Click "Finish".

3) Set Security on the new Address List

Right-click on the Address List and select "Properties"

Click the "Security" tab

Uncheck "Allow inheritable permissions..."

Click "Copy"

Remove "Everyone" and "Authenticated Users" from the list

Add Allusers@xxxxxxxxxx to the list, with the following permissions
(Full Control is probably OK, but this is the minimum list):

        Read
        Execute
        Read Permissions
        List Contents
        List Object
        Open Address List

Click "OK"

4) Set Security on Default GAL

ESM -> Recipients -> All Global Address Lists

Right-click on "Default Global Address List" and select "Properties"

Click "Security" tab

Click "Add" and type in allusers@xxxxxxxxxx

Click "OK"

Click the box under "Deny" on the Full-Control row

Click "OK"

5) Create the new Global Address List

ESM -> Recipients -> All Global Address Lists -> New -> Global Address
List...

Give GAL a name "GAL-domain" where domain is an abbreviation for the
client name (use the same abbreviation from step 4 above).

Click "Filter Rules", select Find -> Custom Search

Click the Advanced tab. Enter an LDAP query like this:
(&(&(|(objectclass=user)(objectclass=contact)(objectclass=group))(mail=*
@domain.com)))

Click "Find Now" to test.

Click "OK", click "Finish"

6) Set Security on the new Global Address List

Right-click on the Global Address List and select "Properties"

Click the "Security" tab

Uncheck "Allow inheritable permissions..."

Click "Copy"

Remove "Everyone" and "Authenticated Users" from the list

Add Allusers@xxxxxxxxxx to the list, with the following permissions
(Full Control is probably OK, but this is the minimum list):

        Read
        Execute
        Read Permissions
        List Contents
        Read Properties
        List Object
        Open Address List

Click "OK"

 
7) Create Offline Address List

Right-click on "Offline Address Lists" and select New -> Offline Address
List

Name it OAL-domain

Set the OAL server

Click "Next"

Remove all GAL entries listed.

Click "Add" and add the entry from "All Address Lists" created above

Click "Next"

Click "Next"

Click "Finish"

Right-click on the OAL just created and select "Rebuild"

Click "Yes".

Note: It can take up to two days for an OAL to appear for download. 

-----Original Message-----
From: Lim, Arthus T. [mailto:alim@xxxxxxxxx] 
Sent: Tuesday, October 12, 2004 8:17 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Access to Global Address List

http://www.MSExchange.org/

Please try to see the mistake I committed.  I'm really having a hard
time doing this.

All Global Address List Properties - Security
User1 - Deny All
Authenticated Users - Removed
Everyone - Removed

Default Global Address List Properties - Security
User1 - Deny All
Authenticated users - Removed
Everyone - Removed

New Address List Properties - Security
User2 - Read, Execute, Read Permissions, List Contents, Read Properties,
List Object, Open Address List Authenticated Users - Removed Everyone -
Removed


When I check the address book using Microsoft outlook, New Address Book
doesn't appear and Global Address List contains all the entries of
Default Global Address List.


Thanks.


-----Original Message-----
From: Michael B. Smith [mailto:michael@xxxxxxxxxx]
Sent: Tuesday, October 12, 2004 8:00 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Access to Global Address List

http://www.MSExchange.org/

It most certainly does work. You've done it wrong. I'm doing it with
several servers and 50+ companies per server. It's how hosted Exchange
works.

If you delete the GAL, you'll generate errors on every single client
computer using Outlook (synchronization errors) and in your event log.
Whether those are spurious or not - probably. But I've seen it have a
negative impact on RUS working at all.

-----Original Message-----
From: Lim, Arthus T. [mailto:alim@xxxxxxxxx]
Sent: Tuesday, October 12, 2004 7:15 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Access to Global Address List

http://www.MSExchange.org/

This didn't work.  What will happen when I delete the default Global
Address List from the ESM and create new Address lists under GAL?

-----Original Message-----
From: Michael B. Smith [mailto:michael@xxxxxxxxxx]
Sent: Monday, October 04, 2004 8:32 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Access to Global Address List

http://www.MSExchange.org/

Yes.

Not for the faint of heart. (I say that a lot, don't I?)  :-)

Basically, remove "Everyone" and "Authenticated Users" from the security
tab of the GAL. Add a "Deny" ACE for the group you don't want to use it.
Create a new GAL. On it's security tab, remove "Everyone" and
"Authenticated Users". Add a "Full Control" for the group you want to
use it (which should match the one above).

Actually, the minimum set of permissions is: Read, Execute, Read
Permissions, List Contents, List Object, and Open Address List; if you
don't like FC.

-----Original Message-----
From: Lim, Arthus T. [mailto:alim@xxxxxxxxx]
Sent: Monday, October 04, 2004 4:08 AM
To: [ExchangeList]
Subject: [exchangelist] Access to Global Address List

http://www.MSExchange.org/

Is it possible to limit the access of people from viewing the Global
Address List or the Address Book from Microsoft Outlook?  Let's say I
only want a group of people to view a particular address list, others
should not see it.

Is this possible?

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
michael@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
alim@xxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
michael@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
alim@xxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
michael@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


Other related posts: