I'd like to restrict the visibility of certain Exchange Distribution Groups in the GAL.
Or more specifically, I want to create individual groups that are visible only to particular AD groups?
Let say I have a group called "Sales"
How can I create some specific DGs that are only visilbe to the Sales team?
Is this done through security rights on the DG object? If so, what should I be adding/removing?
Thanks.
edit: Sorry, Exchange 2007.
Best Answer
Hopefully you're running Exchange 2007.
In an Exchange 2007 environment you're talking about "Address List Segregation". The canonical paper from Microsoft describing what you want is http://technet.microsoft.com/en-us/exchange/bb936719.aspx.
Officially, Microsoft says that there is no "suppport" for doing this in an Exchange 2003 environment (see http://blogs.msdn.com/dgoldman/archive/2008/02/19/exchange-2003-address-list-segregation-document.aspx). Worse, it looks like Microsoft has pulled most of the content related to doing this with Exchange 2003 (http://support.microsoft.com/kb/321723, for example).
It's been years since I've done this with Exchange 2003 (and, even then, it was in a lab), and I'd be loathe to give you advice w/o mocking it up in a lab first. There's some information here for Exchange 2003, and it all looks like what I remember, but I'd be awfully careful with trying that on a production AD.