Re: Isolating of two different GALs?
- From: "Dominic" <emaildominic@xxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Mon, 24 Jan 2005 02:50:03 +0530
Hi, There, just try to follow the steps. Hope its helpful to you.
Add the User Principal Name Suffix of the Hosted Company
Configure your Microsoft Active Directory directory service domain with the
user principal name (UPN) suffix of the company that you want to host in
Exchange. To do so, follow these steps:
1.. On a domain controller, start Active Directory Domains and Trusts.
2.. Right-click Active Directory Domains and Trusts, and then click
Properties.
3.. In the Alternative UPN suffixes box, type the UPN suffix of the hosted
company. For example, type contoso.com .
4.. Click Add, and then click OK.
5.. Quit Active Directory Domains and Trusts.
Remove Existing Default Address Lists
Remove the existing default address lists from your Exchange server. To do
so, follow these steps:
1.. Start Exchange System Manager.
2.. Under your organization, expand Recipients, and then click All Address
Lists.
3.. In the right pane, right-click the address list, click Delete, and
then click Yes to confirm the removal of the default address list that is
installed by Exchange.
4.. Quit Exchange System Manager.
Create an Organizational Unit for the Hosted Company
Create a new organizational unit where you can store the users from the
hosted company. To do so, follow these steps:
1.. On a domain controller, start Active Directory Users and Computers.
2.. Right-click your domain, point to New, and then click Organizational
Unit.
Note You do not have to create this organizational unit directly under the
domain container. You can also create this organizational unit inside
another organizational unit.
3.. In the Name box, type the name of the company that you want to host in
Exchange. For example, type Contoso . Click OK.
4.. In this new organizational unit ( Contoso ), create new accounts for
the users of the hosted company or move the user accounts from another
location to this organizational unit.
Note Make sure that the User logon name value uses the UPN suffix for the
hosted company. For example, make sure that you select @ contoso.com in the
list that is next to the User logon name box. Additionally, when you create
the Exchange mailbox for each user, select the mailbox store that is
specific to the hosted company if you want to host the company mailboxes in
a separate mailbox store.
5.. Configure the extensionAttribute10 attribute value for each user
account. To do so, follow these steps:
1.. Right-click a user account, and then click Properties.
2.. Click the Exchange Advanced tab, and then click Custom Attributes.
Note If the Exchange Advanced tab does not appear, click Cancel, and
then click Advanced Features on the View menu in Active Directory Users and
Computers.
3.. In the Attribute list, click extensionAttribute10, and then click
Edit.
4.. In the extensionAttribute10 box, type test , and then click OK.
5.. Click OK, and then click OK.
6.. Right-click the organizational unit (for example, right-click
Contoso ), point to New, and then click Group.
7.. In the Group name box, type a descriptive name for this group. For
example, type contoso-DG .
8.. Under Group scope, click Global, click Distribution under Group type,
and then click Next.
9.. Click to select the Create an Exchange e-mail address check box, click
Next, and then click Finish.
10.. Configure the extensionAttribute10 value for the distribution group.
To do so, follow these steps:
1.. Right-click distribution group, and then click Properties.
2.. Click the Exchange Advanced tab, and then click Custom Attributes.
3.. In the Attribute list, click extensionAttribute10, and then click
Edit.
4.. In the extensionAttribute10 box, type test , and then click OK.
5.. Click OK, and then click OK.
11.. Add the hosted company's users to the new global distribution group.
12.. Right-click the organizational unit, point to New, and then click
Group.
13.. In the Group name box, type a descriptive name for this group. For
example, type Allusers@contoso .
14.. Under Group scope, click Global, click Security under Group type, and
then click Next.
15.. Click Next, and then click Finish.
16.. Add the hosted company's users together with the distribution group
to the new global security group.
Note The Microsoft Windows 2000-based domain must be running in native
mode to add the distribution group to the security group.
Create a Recipient Policy for the Hosted Company
Create a new recipient policy that is based on the extensionAttribute value
of the members of the hosted company. To do so, follow these steps:
1.. On the Exchange server, start Exchange System Manager.
2.. Under your organization, expand Recipients, right-click Recipient
Policies, point to New, and then click Recipient Policy.
3.. Click to select the E-Mail Addresses check box, and then click OK.
4.. In the Name box, type a descriptive name for this policy. For example,
type All Contoso Recipients .
5.. Click Modify, click Custom Search in the Find list, and then click the
Advanced tab.
6.. Type the following LDAP query in the Enter LDAP query box, and then
click Find Now:
(&(mailnickname=*)(extensionattribute10= test ))
Make sure that the hosted company's users together with the distribution
group are returned.
7.. Click OK, and then click OK.
8.. Click the E-Mail Addresses (Policy) tab, and then click New.
9.. Click SMTP Address, and then click OK.
10.. In the Address box, type the hosted company's UPN. For example, type
@ contoso.com .
11.. Click OK.
12.. In the Generation rules list, click to select the check box of the
hosted company's Simple Mail Transfer Protocol (SMTP) address, and then
click Set as Primary. The hosted company's SMTP address is bold.
13.. Click to clear the check box of the default SMTP address. For
example, click to clear the @ example.com SMTP address (where example.com is
your domain).
14.. Click OK.
15.. In the right pane, right-click the new recipient policy that you
created, click Apply this policy now, and then click Yes to confirm that the
policy is applied.
Create a Global Address List for the Hosted Company
Configure a new Global Address List for the users from the hosted company.
To do so, follow these steps:
1.. In Exchange System Manager, expand Recipients, right-click All Global
Address Lists, point to New, and then click Global Address List.
2.. In the Address List name box, type the name of the hosted company, and
then click Filter Rules.
3.. In the Find list, click Custom Search, click the Advanced tab, type
the following LDAP query in the Enter LDAP query box, and then click Find
Now:
(&(mailnickname=*)(extensionattribute10= test ))
4.. Click OK, and then click Finish.
5.. Right-click the new Global Address List that you created, and then
click Properties.
6.. Click the Security tab, click to clear the Allow inheritable
permissions from parent to propagate to this object check box, and then
click Copy when you are prompted.
7.. In the Name list, click Authenticated Users, and then click Remove.
8.. In the Name list, click Everyone, and then click Remove.
9.. Click Add, and then add the Allusers@contoso security group that you
created in steps 12 through 15 of the "Create an Organizational Unit for the
Hosted Company" section of this article.
10.. Assign the Allusers@contoso security group the following Allow
permissions in the Permissions list:
Read
Execute
Read permissions
List contents
Read properties
List object
Open Address List
Click to clear all other check boxes that are in the Allow column for the
Allusers@contoso security group.
Note You cannot remove the check mark from the Write check box until you
click to clear the Write properties check box.
11.. Click Apply, click Yes in the message dialog box that states that
Deny entries take priority over Allow entries, and then click OK.
Create an Address List for the Hosted Company
Create a new address list for the users from the hosted company. To do so,
follow these steps:
1.. In Exchange System Manager, expand Recipients, right-click All Address
Lists, point to New, and then click Address List.
2.. In the Address List name box, type the name of the hosted company (for
example, type Contoso AL ), and then click Filter Rules.
3.. In the Find list, click Custom Search, click the Advanced tab, type
the following LDAP query in the Enter LDAP query box, and then click Find
Now:
(&(mailnickname=*)(extensionattribute10= test ))
4.. Click OK, and then click Finish.
Create an Offline Address List for the Hosted Company
Warning If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system. Microsoft
cannot guarantee that you can solve problems that result from using Registry
Editor incorrectly. Use Registry Editor at your own risk.
Create a new offline address list for the users from the hosted company. To
do so, follow these steps:
1.. In Exchange System Manager, expand Recipients, and then click Offline
Address Lists.
2.. In the right pane, right-click Default Offline Address List, click
Delete, and then click Yes to confirm the removal of the default offline
address list.
3.. In the left pane, right-click Offline Address Lists, point to New, and
then click Offline Address List.
4.. In the Offline address list name box, type the name of the hosted
company (for example, type Contoso AL ).
5.. Click Browse, and then click your LDAP server. For example, locate a
domain controller (global catalog server), and then click OK.
6.. Click Next.
7.. In the Select which Address Lists to include in this Offline Address
List list, remove all address lists except the Contoso address list that you
created. To do this, click an address list, and then click Remove.
8.. Click Next, click Next on the page that describes when the offline
address list will be created, and then click Finish.
9.. Right-click the new offline address list, and then click Properties.
10.. Click the Security tab. If the security tab does not appear, edit the
Windows registry to make this tab appear. To do so, follow these steps:
1.. Click Start, click Run, type regedt32 , and then click OK.
2.. Locate and then click the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Exchange\EXAdmin
3.. On the Edit menu, click Add Value.
4.. In the Value Name box, type ShowSecurityPage .
5.. In the Data Type list, click REG_DWORD, and then click OK.
6.. In the Data box, type 1 (one), and then click OK.
7.. Quit Registry Editor.
Note This registry change is effective immediately. You do not have to
restart the computer.
10.. Click to clear the Allow inheritable permissions from parent to
propagate to this object check box, and then click Copy when you are
prompted.
11.. In the Name list, click Authenticated Users, and then click Remove.
12.. In the Name list, click Everyone, and then click Remove.
13.. Click Add, and then add the Allusers@contoso security group that you
created in steps 12 through 15 of the "Configure an Organizational Unit for
the Hosted Company" section of this article.
14.. Assign the Allusers@contoso security group the following Allow
permissions in the Permissions list:
Dominic@india,mumbai
----- Original Message -----
From: "Mustafa Cicek" <mbcicek@xxxxxxxxx>
To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
Sent: Monday, January 24, 2005 1:36 AM
Subject: [exchangelist] Re: Isolating of two different GALs?
> http://www.MSExchange.org/
>
> Hi Dominic!
> Thanks for your response.
>
> Ist it really necessary to delete Default Global Address List?
>
> The most important thing to set security options. You wrote in 9. that I
> should change permissions on All Address Lists. But which securoty
> settings should has this container? Don't I need change security settings
> also on each Global Address List container?
>
> Please more detailed information. You know it is critical to "play" with
> permissions on Exchange 2003.
>
> Best Regards
> Mustafa
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
emaildominic@xxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
Other related posts:
