Good start! Let's have some more on assigning different GALs. What do I do if I simply want to assign GALs by prexisting criteria like Company? Will ADSIEdit be required, or is there another route for that?
I want to clarify your question just to make sure I understand. You do not need to apply restrictions if you want a user to be a member of an address lisr or GAL. In my example I created a new GAL called Main_Land and used customeattribute15. Exchange 2007 uses opathfiltering (http://msexchangeteam.com/archive/2007/03/12/436983.aspx) and address lists can be create with filters like Company,state,etc....
However to restrict address list you must use 1 of 2 methods mentioned in the article.
yes, works fine. only one part is missing, I think. Outlook in cached mode works with offline adressbooks, the solution by the same way as your guiding, I Think. regards walter
i tried this with Exchange 2007SP1 and when I logon with Outlook 2007 Client I get "the bookmark is not valid" when trying to view the GAL. Even though my security group has permission to its alternate GAL it tries to load the default and fails with that error. Any suggestions on what I'm doing wrong? Is there a way to specifically tell exchange/outlook to show xxx GAL for xxx user(s)?
Brian I have exactly the same issue as Mr. Anonymous with my Exchange 2007 SP1 environment. When using the outlook client (2007) and try to connect to the Address Book I also get a “The book mark is not valid”. Any help would be appreciated! Do anyone know if Microsoft release an article on how to do this with Exchange 2007
post me your email address, I will not post it online but will send you an email about what you have done so far..... Are you scoping to the address list or OU?
Yes i have the same problem, im wanting to block our students from seeing the GAL, just the addresses we wish to show. All the students are setup in their OUs so hopefully that will make it that little bit easier, Can you advise?
Use ADSIEdit.msc to add distinguished names of organization AL/GAL to showInAddressBook attribute of users, contacts, and distribution list in organization.
This is a great article and was immensely helpful to me. One quick question though. I created a security groups to manage the address list access and it works well for the GAL's. However, all of our organization's Address Lists still show up under "All Address Lists" even though I have denied "Read" and "Open Address List" rights. The user cannot open the address list and see the user's within, but I would prefer they not see the list at all. Have any suggestions?
Thanks for this info you've provided. Not a diversion, but how do one set/modify custom attributes in bulk? I hava about 1500 students and certainly not looking forward to doing that manually..thanks in advance
You would have to write a script to do that and I do not have one handy to pass on. Since you are a school have you thought about Exchange Labs at all for the students, http://technet.microsoft.com/en-us/exchangelabshelp/bb847823.aspx
currently its free and allow you to host in the cloud or split between local and remote, may save you a lot of work and its a simple mailbox move to get the users to the cloud
i’m very interested to your article “Hidding Global Address Lists (GAL) with Exchange 2007”, and I have tested on Virtual Machine with VmWare and it is working fine! Perhaps when I see the Global Address List from Outlook panel I receive an alert message ‘the bookmark is not valid’.The same one as just been published on your dashboard by another user “i tried this with Exchange 2007SP1 and when I logon with Outlook 2007 Client I get "the bookmark is not valid" when trying to view the GAL. Even though my security group has permission to its alternate GAL it tries to load the default and fails with that error. Any suggestions on what I'm doing wrong? Is there a way to pecifically tell exchange/outlook to show xxx GAL for xxx user(s)?”
Could you please let me help to overcome this issue?
This is very helpful, but can anyone tell me how I can have a certain address book appear as the default for a certain set of users, rather than the Outlook default of 'Global Address Book'. I don't want to stop these users having the ability to pick the GAL or other address books from the drop down. I just want their address book to appear for them first. I know this can be done client side, but how about from server side?
Everyone will be using the same Gal, but that will be split into different departments, what I want is for the specific departments to have their address list appear first rather than the default which is the top of the GAL. I know you can change address book views within Outlook, but how can I do this from the server side?
Posts
26 comments:
Good start! Let's have some more on assigning different GALs. What do I do if I simply want to assign GALs by prexisting criteria like Company? Will ADSIEdit be required, or is there another route for that?
I want to clarify your question just to make sure I understand. You do not need to apply restrictions if you want a user to be a member of an address lisr or GAL.
In my example I created a new GAL called Main_Land and used customeattribute15.
Exchange 2007 uses opathfiltering (http://msexchangeteam.com/archive/2007/03/12/436983.aspx) and address lists can be create with filters like Company,state,etc....
However to restrict address list you must use 1 of 2 methods mentioned in the article.
is your guidance for exchange2003 too? i'm search a long time for this on exchange 2003.
regards
walter
Walter....
Yes this will work for Exchange 2003, if you look at the KB link I have in my article the opening pharagraph talks about for Exchange 2000 on....
Brian
hi brian,
yes, works fine. only one part is missing, I think.
Outlook in cached mode works with offline adressbooks, the solution by the same way as your guiding, I Think.
regards
walter
Walter,
You are correct perms would have to be applied to the OAB as well to cover all angles.
Maybe I will add it to my article at the end.
Brian
i tried this with Exchange 2007SP1 and when I logon with Outlook 2007 Client I get "the bookmark is not valid" when trying to view the GAL. Even though my security group has permission to its alternate GAL it tries to load the default and fails with that error. Any suggestions on what I'm doing wrong? Is there a way to specifically tell exchange/outlook to show xxx GAL for xxx user(s)?
Brian
I have exactly the same issue as Mr. Anonymous with my Exchange 2007 SP1 environment. When using the outlook client (2007) and try to connect to the Address Book I also get a “The book mark is not valid”.
Any help would be appreciated!
Do anyone know if Microsoft release an article on how to do this with Exchange 2007
Regards,
Juan
post me your email address, I will not post it online but will send you an email about what you have done so far.....
Are you scoping to the address list or OU?
Yes i have the same problem, im wanting to block our students from seeing the GAL, just the addresses we wish to show. All the students are setup in their OUs so hopefully that will make it that little bit easier, Can you advise?
Helo.
I solved the same problem by this post:
Use ADSIEdit.msc to add distinguished names of organization AL/GAL to showInAddressBook attribute of users, contacts, and distribution list in organization.
This is great. How would I modify these instructions to add an addtional GAL, in addtion to the default GAL? Thanks
thanks for information
This is a great article and was immensely helpful to me. One quick question though. I created a security groups to manage the address list access and it works well for the GAL's. However, all of our organization's Address Lists still show up under "All Address Lists" even though I have denied "Read" and "Open Address List" rights. The user cannot open the address list and see the user's within, but I would prefer they not see the list at all. Have any suggestions?
Thanks,
Zach
Thanks for this info you've provided. Not a diversion, but how do one set/modify custom attributes in bulk? I hava about 1500 students and certainly not looking forward to doing that manually..thanks in advance
You would have to write a script to do that and I do not have one handy to pass on.
Since you are a school have you thought about Exchange Labs at all for the students,
http://technet.microsoft.com/en-us/exchangelabshelp/bb847823.aspx
currently its free and allow you to host in the cloud or split between local and remote, may save you a lot of work and its a simple mailbox move to get the users to the cloud
Hi Genie,
i’m very interested to your article “Hidding Global Address Lists (GAL) with Exchange 2007”, and I have tested on Virtual Machine with VmWare and it is working fine!
Perhaps when I see the Global Address List from Outlook panel I receive an alert message ‘the bookmark is not valid’.The same one as just been published on your dashboard by another user “i tried this with Exchange 2007SP1 and when I logon with Outlook 2007 Client I get "the bookmark is not valid" when trying to view the GAL. Even though my security group has permission to its alternate GAL it tries to load the default and fails with that error. Any suggestions on what I'm doing wrong? Is there a way to pecifically tell exchange/outlook to show xxx GAL for xxx user(s)?”
Could you please let me help to overcome this issue?
Best regards
This is very helpful, but can anyone tell me how I can have a certain address book appear as the default for a certain set of users, rather than the Outlook default of 'Global Address Book'. I don't want to stop these users having the ability to pick the GAL or other address books from the drop down. I just want their address book to appear for them first. I know this can be done client side, but how about from server side?
A user can have only 1 GAL.. you can create sub address lists within that gal and default to that view however 1 GAL is all they get.
Everyone will be using the same Gal, but that will be split into different departments, what I want is for the specific departments to have their address list appear first rather than the default which is the top of the GAL. I know you can change address book views within Outlook, but how can I do this from the server side?
easy enough, that is a client side setting... OL 2007 - tools - address book -Tools -Options
you will see show this address list first
then that is what users will see first
So it can only be done client side, no way of doing it via some sort of mailbox or ground policy?
I would have to check the gpo settings for OL to see but on the Exchange server side I don't know of anyway for just change the view unless.
Here is a little Powershell to do this for a whole OU...
get-mailbox -OrganizationalUnit "OU" -resultsize unlimited | Foreach { $dn = "LDAP://" + $_.distinguishedname;$obj = [ADSI]$dn;$obj.msExchQueryBaseDN = "DN"
;$obj.setinfo()}
I also get the error "The book mark is not valid" on my clients. Could you post the reason and a solution for this ?
regards
Armin
can you post that to the new blog
http://exchange-genie.com
Post a Comment