Home > Archive > microsoft.public.exchange2000.admin > October 2002 > Segregating User Segments





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Segregating User Segments
Jason Abbuhl

2002-10-05, 8:20 pm

Due to a management requirement I have a need to segregate a small
segment of my E2k users(Contractors).

They do not want these users to have access to Public Folders or the
Global Address List containing the rest of the company. These users also do
not need Public Folder access of any kind.

They DO want these users to appear in the GAL for the rest of the
company.

Anyone have any suggestions on how I might go about this?


David Sengupta [MVP]

2002-10-05, 8:20 pm

1. Put them in a separate OU i.e. "contractors". Lock down security in OU
as described in articles referenced below.
2. Add them to a group ie. contractors@mycompany.com
3. Set "default" and "anonymous" permissions to "none" for your PFs.
4. Set up a second GAL i.e. Contractor's GAL
5. Change permissions on the GAL levels so that Contractors can only see the
Contractor's GAL and the rest of your users only see the other GAL. Failure
to do correctly this can either (i) mean users can't use Outlook (if they
can't get to any GALs) or (ii) users cycle through the two GALs during
subsequent MAPI logons. See articles below for info.
6. If your users will have access to OWA then you also need to populate
msExchQueryBaseDN attribute on every user in the "contractors" OU to scope
their LDAP queries to their OU instead of your Active Directory's RootDSE.
7. Leave the original GAL as is ... it should return all users including the
contractors.

Here's the article
http://www.devx.com/upload/free/fea...0/ds2_0008/ds2_
0008.asp. You should also search for the Hosted Exchange 2000 Whitepapers
at www.microsoft.com/serviceprovider website.

There's alot entailed in these steps ... post back here if you have further
questions or run into problems. It would definitely be easier if you gave
everyone the same GAL and just used ALs to group Contractors, etc. It's
locking down the Contractors so that they can't see the rest of the GAL that
makes this difficult.

An alternative solution might be to just do step 6 above and only give
contractors OWA, though if you did this you'd have to ensure they didn't
install Outlook themselves.

--
David Sengupta M.T.S., B.Sc., MVP, MCSE, MCSE 2000, CCA Ottawa, Canada
Exchange Diagnostics: Quest Spotlight on Exchange
http://www.quest.com/spotlight_exchange
Exchange Management: http://www.microsoft.com/mom
Exchange FAQ - http://www.swinc.com/resource/exch_faq.htm
(I don't usually reply to direct emails ... pls use the newsgroups)


"Jason Abbuhl" <UNKNOWN@UNKNOWN.COM> wrote in message
news:OvoJfjaVCHA.2452@tkmsftngp10...
> Due to a management requirement I have a need to segregate a small
> segment of my E2k users(Contractors).
>
> They do not want these users to have access to Public Folders or the
> Global Address List containing the rest of the company. These users also
do
> not need Public Folder access of any kind.
>
> They DO want these users to appear in the GAL for the rest of the
> company.
>
> Anyone have any suggestions on how I might go about this?
>
>


Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net