Restrict fields displayed in Global Address Book
I wanted to add some information to property fields in Active Directory that we don't necessarily want all employeesto see. Is there any way to restrict which fields are displayed in the address book properties in outlook?
Asecondary, less important question would be, is it possible to allow only certainusers/groups/ous to see these fields?
May 1st, 2008 9:04pm
I guess that you can change permission on attributes you dont want to show in GAL, permission can be set to allow only certain users/groups.
This is totally unsupportet, so be very carefull since you can break a lot of things just dont in Exchange but also other apps that use those attributes.
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2008 4:11pm
Hi
As my understanding, you want to restrict some Active Directory attribute in GAL for some users. Then just like Lasse said we have to grant deny permission on each user's AD properties.
We can use DSACLS tool to deny user to view the AD attribute.
How to Use Dsacls.exe in Windows Server 2003 and Windows 2000
http://support.microsoft.com/kb/281146/en-us
More information about AD attributes:
Using ADSI Edit to Edit Active Directory Attributes
http://technet.microsoft.com/en-us/library/bb124152(EXCHG.65).aspx
Note:
1.Please ensure that users work with outlook not in cache mode, for that they should use GAL other than Offline Address Book in local machine.
2. Please ensure that permission denied do not impact other application.
Hope it helps.
Xiu Zhang
May 5th, 2008 7:53am