GAL separation

  • From: "Mike French" <mikef@xxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 2 Feb 2005 21:55:34 -0600

Here is the setup:


Each are members of Domain Users and each are mail enabled, show up in the
default GAL, send and receive mail etc... All is happy in the world.

Now the inevitable change in my self created utopia, management steps in and
proposes plans, BIG PLANS ;)

You see user1 and user3 are also a part of the corporate "secret" society..
We'll call it "BIGBRAINS" since we don't want to hurt the innocent. 

So I create a distribution group "BIGBRAINS", mail enable it and hide it
from the GAL (you see they are a "secret" society). I also only allow
members of BIGBRAINS to send mail to the distribution group. I also created
a security group with hidden membership called BIGBRAINS_SECURITY and added
user1 and user3.   

Next they wanted their own GAL since "BIGBRAINS" can't seem to remember who
are members of their "secret" society and might need to send "Classified"
email to individuals in BIGBRAINS and not the whole group (Perhaps it's the
"secrecy"? or an oxy-moron) so I created a new GAL called BIGBRAINS added a
custom attribute to the members to build the filtered list for the new GAL,
configured the security so only the BIGBRAIN members can read the GAL (hence
the security group "BIGBRAINS_SECURITY" addition). Now the problem is that
user1 is already hidden from the default GAL, so doesn't appear in the
"secret" GAL.  

user1 - Hidden from the Default GAL (member of BIGBRAINS)
user3 - Not Hidden from the Default GAL (member of BIGBRAINS)




When you preview the BIGBRAINS GAL
user3 shows up but not user1

I did notice one other problem that may throw a monkey wrench in the
"Secret" society, if you send a mail TO user3 and check it's attributes of
group membership, Domain Users and BIGBRAINS_SECURITY is defined for
membership (may have to double check the "Hide Membership" feature for the
security group). 

Is it possible to have a separate GAL with its own membership and
attributes, segregated from the Default GAL settings? Or am I approaching
this wrong? Could this be done with an Address list instead?

Ultimately the goal is to have separation in Address lists to secure
internal traffic and control its movements.

I hate to think my utopia is crumbling.... If more clarification is need
"chime" in!

Mike French
MIS OnlineServices
754 Port America Place
Suite 150
Grapevine, TX 76051
(888) 327-5647
(817) 488-1600
FAX (817) 488-1103

Other related posts:

  • » GAL separation