REF: GAL 讀取權限限制

 

1. Exchange 2003 GAL 讀取權限限制

http://blog.xuite.net/jammylo/Exchange/4592684

http://www.msexchange.org/tutorials/Shared-Hosting-Exchange-2003-Part2.html

2. Exchange 2007 GAL讀取權限限制

http://technet.microsoft.com/en-us/library/bb936719(printer).aspx

Configure Microsoft Exchange Server 2007 with multiple address lists so different groups of users can have their own address list and secure those address lists so that groups of users can only see their specific address list.

Supported

Companies that want to totally segregate their address lists can do so by removing access to the Default Global Address List and creating two or more address lists or virtual organizations. You can also set up additional functionality to restrict searching via Outlook Web Access to particular organizational units (OUs) or specific address lists using the msExchQueryBaseDN attribute.

Unsupported

This configuration is one where companies may want to totally segregate their address lists and still have access to the Default Global Address List, or try to split the Global Address List (GAL) into two separate address lists. An example of this configuration would be a company with two groups of 500 users that belong to the Sales and Finance departments. Both groups are in the GAL, however the desire is to have everyone access the GAL except one group. If you are going to segregate your address lists, then they will be segregated. Attempting this configuration will cause problems with the check names functionality which will prevent users from creating Outlook profiles, and can also break the OAB Generation Process. This also allows Outlook users to see all of the Address Lists from within Outlook, which cannot be changed.

 

Blog Extended Reading

More Information & Reference

image

Comments

Popular posts from this blog

E15 CU3–Update Failed–AD replicated Exceeded the tombstone lifetime.

202301 - Exchange onpreme - PowerShell Serialization Payload Signing

Ticket: RemoteAPP certificate revocation check error