XADM: How To Setup Container Level Search Control

ID: Q182902

The information in this article applies to:
  • Microsoft Exchange Server, version 5.5

SUMMARY

This article discusses the procedure for setting up Container Level Search Control using Address Book Views. This allows you to create virtual Exchange Server organizations within a single Exchange Server organization or site. This is useful if you have multiple companies or departments within one Exchange Server organization and you want to prevent these companies or departments from viewing the mailboxes of other companies or departments in the Global Address List.


MORE INFORMATION

To set up Container Level Search Control using Address Book Views, perform the following steps:

  1. Set up an anonymous account in the properties of the DS Site Configuration object in the Exchange Administrator program. This can be any Windows NT account.


  2. Open User Manager for Domains and create Global Groups for each department or company (depending on how you wish to separate the organization). Add the respective Windows NT User Accounts to each Global Group. These will be needed for step 4.


  3. Set up an Address Book View. You can use any name for the Display and Directory names. Click the Group By tab in the properties for the new Address Book View, and choose either Company or Department for the Group items by: field (this depends on how you wish to separate the organization).


  4. Open the newly created Address Book View so that you can see the separate companies or departments listed below it. Open the properties of each of these, click the Permissions tab, and add the respective Global Group created in step 2 to the Windows NT accounts with permissions with a role of Search.


  5. In the Exchange Administrator program, click Tools then Options. Click the Permissions tab. Ensure that the two check boxes that read "Show Permissions Page for all objects" and "Display Rights for Roles on Permissions page" are checked.


  6. Open the properties of the Organization object and click the Properties tab. Add the Search right to the Exchange Service Account.

    NOTE: Before changing the rights of the Exchange Service Account, make sure that at least one other Windows NT account or group has at least the Permissions Admin Role on the Organization object.


After you perform these steps, you should be able to log on to an Exchange Server mailbox. Open the Address Book and choose "Show Names from the:" Global Address List. You should only see mailboxes and/or custom recipients from the Address Book View that your mailbox is associated with.

This will not work for any mailbox whose associated Windows NT account has permissions on objects that give them inherited rights to the Address Book Views. These mailboxes will still be able to view the complete Global Address List.

For more information on creating Address Book Views, please see "Understanding Address Book Views" in the Microsoft Exchange Server 5.5 Books Online.

NOTE: Setting container level search control affects how recipient lists are displayed. Previous recipient lists including the Global Address List may no longer be visible to users. For more information, please refer to:
Q196187 Cannot View Recipients in the Global Address List.

Keywords : XADM
Version : WINDOWS:5.5
Platform : WINDOWS
Issue type : kbhowto


Last Reviewed: April 3, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.