I'm trying to follow this article to separate Global Address lists for different domains. http://www.msexchange.org/articles_tutorials/exchange-server-2007/migration-deployment/shared-hosting-exchange-2007-part1.html and http://technet.microsoft.com/en-us/exchange/bb936719(EXCHG.80).aspx I have a Resource Domain (my regular domain where exchange is installed) that houses everyone in my company and we added another domain in it's own forest which is a new company and we want to separate them as much as possible. In following the instructions basically it says to create the address lists and using ADSI edit modify the permissions so only the users that need permissions to the object can see them. I beleive I've followed both articles but things are not working as expected. Luckily this is a test lab. :) Rigth now I think my permissions must be wrong. I've created a Domain Local Group in the resource domain and added the users from the new forest to it and used that as permissions to the list. Since the mailboxes are linked I'm not sure if I was supposed to add the disabled user account as well. Anyone go through this and have success hiding Address Lists and so on? David Jenkins

One of the problems is I expected the address lists to disappear from Outlook if the user didn't have permission. That doesn't seem to be happening. David Jenkins

Alright silly me I forgot that since my new domain is in a separate forest the "Authenticated Users" group won't do. I've created a security group for the secondary domain and applied it to address lists and so on. Right now I'm down to just a few issues. 1. For the new domain. The Offline Address book list isn't being found. 2. The default GAL I've created is being shown twice sort of. Once as "Global Address List" and once and the new GAL I created. In this case it's called DOM2 GAL. David Jenkins

1. SRV Records needed to be setup for the new domain.David Jenkins

2. I had been following two different articles to get the desired results. In http://www.msexchange.org/articles_tutorials/exchange-server-2007/migration-deployment/shared-hosting-exchange-2007-part1.html it mentions modifying addressBookRoots attribute of CN=Microsoft Exchange, CN=Services, CN=Configuration, DC=mydomain, DC=local. So I added the GAL's and that's why they were visible twice. I removed the additional GALs from this setting and only the default name showed. The GAL still goes to the right groups because of permissions.David Jenkins

FYI I prefer the technet article over the msexchange one. It was more accurate and worked where as followign the msexchange one didn't work without some debugging. Now I need to see if I can keep the users from having a bad experience during the changes.David Jenkins