locked
Exchange 2007 Resource domain w/ Address List Segregation RRS feed

  • Question

  • I'm trying to create an Exchange 2007 Resource domain with seperate default global address lists for each of the domains that are being serviced. 

    Here is the problem: While it seems that Resource domains are supported and address list segregation is supported they are not supported at the same time.  

    We have created an Exchange 2007 SP1 resource domain with the following characteristics: 

    3 separate forests and AD domains: student, faculty and Datacenter (Datacenter is the resource domain)
    there are Forest Trusts configured from faculty & student domains to the Datacenter domain
    Linked mailboxes from Datacenter to the other domain are in place and working
    All domains are Windows 2003 Native. The Datacenter & Student domains have only Windows 2008 R1 DC's
    Users in the students domain must not have access to resources located in the faculty domain

    There is a requirement that users in the students domain get a particular GAL, while users in faculty domain see another list. Each domain should be able to see other address lists by choosing it from a drop down list. 

    In MS white paper located here  http://technet.microsoft.com/en-us/library/bb936719(EXCHG.80).aspx#NotRec Address list segregation is detailed however the following statement is made: 

    Bb936719.note(en-us,EXCHG.80).gifNote:
    We recommend that you maintain all virtual organizations in a single forest and domain.

    Tried to use the document above to configure segregation anyway and found that since Exch 2007 uses only Universal groups we cannot add users in the trusted forests to the Exch security groups that assign proper rights to each GAL. 

    Can this configuration work? If so, how are the groups configured to allow the access necessary to display the proper GAL? 

    Thank you
    Wednesday, December 16, 2009 7:32 PM

Answers