RE: Problems creating additionl GALs

• From: "Michael B. Smith" <michael@xxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Fri, 13 Jan 2006 10:02:42 -0500

1) YOU MUST MUST MUST remove permissions for authenticated users and
everyone from the default gal AND the default OAB
 
2) You must make the permissions appropriate for the new OAB, GAL, and
AAL.
 
Exchange presents Outlook the largest OAB/AAL/GAL that the authenticated
users has permissions for.

________________________________

From: Sandoval, Tom [mailto:tsandoval@xxxxxxx] 
Sent: Friday, January 13, 2006 9:55 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Problems creating additionl GALs


http://www.MSExchange.org/
http://www.MSExchange.org/


 

The only way to edit default Gal is using ADSIedit. Honestly, I have to
wear a lot of hats being the only systems admin on campus, jack of all
trades master of none. So, I'm not experienced or too comfortable
editing AD in production. I already made GAL disappear in test
environment. I tried following KB article 822940 again. Strange, when I
go to apply the filter (field>User>member of), member of is not there.
Trying different permissions clients using Outlook still see GAL even
after being denied. Anyway, I have been thinking of an alternative.
Uninstall additional Exchange server from domain and go back to single
one for staff only.  Then, remove server from domain.  DCpromo server
and bring it up as a child domain. Reinstall exchange on the same
server. 

 

I have some questions.

 

1. Is there some special procedure to remove the 2nd Exchange Server.

 

2. Can you dcpromo a 2k3 server as a child domain into a 2k native
domain. Would it be better to uninstall 2k3 and install 2k? Would it be
better to bring it up in a separate forest and build a trust manually
later?  Can you build a trust manually between 2k3 and 2000 domain? 

 

3. What would be the best option to add student list on parent domain
GAL and Faculty list on child domain GAL, Universal Distribution group?

 

4. What happens to replication should the child domain fail.  Will it
cause a critical situation on parent domain?  Could it be removed
manually using ADSIedit without a lot of risk?

 

________________________________

From: ChongJa@xxxxxxxxxxxxxxxx [mailto:ChongJa@xxxxxxxxxxxxxxxx] 
Sent: Thursday, January 12, 2006 9:21 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Problems creating

 

http://www.MSExchange.org/
http://www.MSExchange.org/

Couple things. If you don't want those user's to be listed in the
original GAL, you need to redo your filter to exclude them. Also if you
don't want the students to be able to view this GAL, create a DL put all
those students in the DL, go to the permissions of the GAL, add that
group and deny them list. I say deny, since you seem to be having issues
with permissions and deny will supercede any inheritance.  Then, create
a new GAL for the students, set the filter so only students show up in
this GAL. Always check the special permissions to make sure theres no
deny.   

 

________________________________

From: Sandoval, Tom [mailto:tsandoval@xxxxxxx] 
Sent: Thursday, January 12, 2006 3:06 AM
To: [ExchangeList]
Subject: [exchangelist] Problems creating

http://www.MSExchange.org/
http://www.MSExchange.org/

I'm adding an additional Exchange 2K3 Server for students. I don't want
the student accounts to be added to the GAL.  I have created two OUs one
for Staff and one for Students. I'd like to have the two different gals
set up to query the OUs.  I have tried adding new Gals and messing with
the permissions following KB article 822940 but can't get it to work.
Any ideas? Tom

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=changelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
chongja@xxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=changelist
Report abuse to info@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=changelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
chongja@xxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=changelist
Report abuse to info@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=changelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
tsandoval@xxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=changelist
Report abuse to info@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=changelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
tsandoval@xxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=changelist
Report abuse to info@xxxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=changelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
michael@xxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=changelist
Report abuse to info@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=changelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
michael@xxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=changelist
Report abuse to info@xxxxxxxxxxxxxx 

Other related posts:

• » RE: Problems creating additionl GALs
• » RE: Problems creating additionl GALs

1. Home
2. exchangelist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---