Here is the setup: user1 user2 user3 user4 Each are members of Domain Users and each are mail enabled, show up in the default GAL, send and receive mail etc... All is happy in the world. Now the inevitable change in my self created utopia, management steps in and proposes plans, BIG PLANS ;) You see user1 and user3 are also a part of the corporate "secret" society.. We'll call it "BIGBRAINS" since we don't want to hurt the innocent. So I create a distribution group "BIGBRAINS", mail enable it and hide it from the GAL (you see they are a "secret" society). I also only allow members of BIGBRAINS to send mail to the distribution group. I also created a security group with hidden membership called BIGBRAINS_SECURITY and added user1 and user3. Next they wanted their own GAL since "BIGBRAINS" can't seem to remember who are members of their "secret" society and might need to send "Classified" email to individuals in BIGBRAINS and not the whole group (Perhaps it's the "secrecy"? or an oxy-moron) so I created a new GAL called BIGBRAINS added a custom attribute to the members to build the filtered list for the new GAL, configured the security so only the BIGBRAIN members can read the GAL (hence the security group "BIGBRAINS_SECURITY" addition). Now the problem is that user1 is already hidden from the default GAL, so doesn't appear in the "secret" GAL. user1 - Hidden from the Default GAL (member of BIGBRAINS) user2 user3 - Not Hidden from the Default GAL (member of BIGBRAINS) user4 BIGBRAINS members user1 user3 BIGBRAINS_SECURITY members user1 user3 BIGBRAINS_SECURITY can "Read" the BIGBRAINS GAL When you preview the BIGBRAINS GAL user3 shows up but not user1 I did notice one other problem that may throw a monkey wrench in the "Secret" society, if you send a mail TO user3 and check it's attributes of group membership, Domain Users and BIGBRAINS_SECURITY is defined for membership (may have to double check the "Hide Membership" feature for the security group). Is it possible to have a separate GAL with its own membership and attributes, segregated from the Default GAL settings? Or am I approaching this wrong? Could this be done with an Address list instead? Ultimately the goal is to have separation in Address lists to secure internal traffic and control its movements. I hate to think my utopia is crumbling.... If more clarification is need "chime" in! Mike French MIS OnlineServices 754 Port America Place Suite 150 Grapevine, TX 76051 (888) 327-5647 (817) 488-1600 FAX (817) 488-1103 MikeF@xxxxxxxxxxxxxxxxxxxxx www.misonlineservices.com