Block Users Seeing Exchange 2010 Global Address List (GAL)

On  a recent project I was asked if I could block certain users from seeing the Default Global Address List, these users worked for the client externally sourcing business, they needed to mail on behalf of the client but the  client did not want them to be able to see other users on the GAL.

Having a quick look around I thought this would be simple but I could not find a way of stopping these users from seeing the GAL.GAL segmentation is almost here for exchange hosted solutions but for onsite exchange 2010 solutions its not so simple. I found a way of doing it, Im the first to agree this is what I call a BODGE, however it does the job. So read on if you want to Block Users Seeing Exchange 2010 Global Address List.There is a video walkthrough at the end of the article.

Solution

Well bodge but it looks good. So the first thing you need to do is create a security group Call it BlockGAL. Then add the users to it who you do not want to be able to view the GAL.

Once done, on a Domain Controller, run ADSI edit.

Then Navigate to the following branch.

CN=Configuration, CN=Services, CN=Microsoft Exchange, CN=YOUR-ORG,  CN=Address List Container CN=All Global Address Lists

On the right hand side you will now see your Global Address List. Right Click it and select properties then the security tab.

Simply click add and add the security group you have created andthen select deny to Read rights then voila! the users will now not be able to see the GAL.

Block users from seeing the GAL

Block users from seeing the GAL

Archives