none
1 domain, Multiple OU`s. how to keep users from seeing each other RRS feed

  • Question

  • In our enviroment we have a single forest with a single domain, within this domain we have multiple OU`s for company`s.

    Now we want to use SFB 2015 voor all those Company`s, we are aware that we can manage this by creating pools. However when we create the pools, users are still able to find each other by putting in the Email address.

    Is there a way to block this? We don`t want to use Child domains, as we than need to change the howl topology.

    Is it possible to use Rights on the OU? or make a selection by get csuser?

    our AD looks like this to give you guys an idea:

    Domain Contoso.local:
    .....Company A:
    ..............Servers
    ..............Desktop
    ..............Users
    ..............Laptops
    .....Company B:
    ..............Servers
    ..............Desktops
    ..............Users
    ..............Laptops

    Tuesday, March 28, 2017 11:22 AM

Answers

  • There isn't anything built into the product to allow you to do this.  Since it's all the same topology, users will be able to discover other users by entering their SIP address.  You could look into a third party product or writing an MSPL script that would allow you to block requests from users of one company to another, but that would be a solution that you would have to roll on your own.  It would also only work onprem.
    Tuesday, March 28, 2017 2:40 PM