How to Manage Address Lists When You Host Virtual Organizations

From Wiki

Jump to:navigation, search

When you use Exchange 2003 in a hosting environment, you must create multiple Global Address Lists. The address lists typically have different user accounts listed in them based on the Lightweight Directory Access Protocol (LDAP) filter that you create. By default, all the users in the Exchange 2003 organization can view all the defined Global Address Lists. This may not be acceptable in some situations; for example, it would not be acceptable at a company that that serves as an e-mail host for other companies. However, you can restrict access to a particular set of users for specific address lists.

How to Create Multiple Global Address Lists

1. Log on as an administrator.

2. Create an organizational unit for each virtual organization, and then create a global security group in the same organizational unit.

3. Add all members of each virtual organization to the global group that you created for that virtual organization in step 2.

4. To change the security of the default Global Address List to help make it inaccessible to users, follow these steps: a. Start Exchange System Manager.

  • Expand Recipients, and then expand All Global Address Lists.
  • Right-click Default Global Address List, and then click Properties.
  • Click the Security tab.
  • In the Name section, click the Authenticated Users group, click List Contents under the Permissions section, and then click to select the Deny check box.
  • In the Permissions section, make sure that the Allow check box for Read is not selected.
  • In the Name section, click the Everyone group, and then make sure that none of the Allow check boxes are selected under the Permissions section.
  • Click Apply.
  • When you receive the following message, click Yes, and then click OK:

Caution! Deny entries take priority over Allow entries, which can cause unintended effects due to group memberships.

5. Create a new Global Address List for each virtual organization, and then give each new Global Address List a filter that identifies the users who belong to that virtual organization. To do this, follow these steps:a. Right-click All Global Address Lists, and then click New Global Address List.

  • Type a name for the new Global Address List, and then click Filter Rules.
  • Click the Advanced tab.
  • Create a filter criterion for group membership. To do this, follow these steps:
    • Click Field, click User, and then click Group Membership.
    • In the Condition box, click Is (exactly).
    • In the Value section, type the name of the group that you are creating the **filter for in the Distinguished Name box, and then click Add.
    • Cick Find Now.
  • e. Click OK, and then click Finish.