Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

can't hide users in directory

What is the deal with hidden recipients. Hide in Exchange admin and can't access via SA. Can this be resolved with Domain/Exchange rights? Same with groups, hidden, no access over the phone or via SA? <br><br>thanks<br>Ron<br><br>

4 REPLIES
Anonymous
N/A

Re: can't hide users in directory

Yes, I get this one a lot...

Exchange has this interesting limitation that if you hide a user in the directory or don't give them a display name (which amounts to about the same thing) you cannot send messages on behalf of that user. I'm not sure why this is and we've never gotten a real satisfactory answer from MS on this one, but that's the way it is.

When you call in on the phone and retrieve/send messages, we're logging into your mailbox as a "super user" and when you send a message, we need to do it "on behalf" of your account such that it shows up from you, replies come to you etc... Exchange fails this when the account in question is hidden.

You can setup address book views to control which accounts are seen in the directory from Outlook on the client side of things. I have a doc I can email you with instructions on a couple of ways to set that up if you're interested or I can post the whole thing (it's a few pages long) here if folks are interested.



Jeff Lindborg
Unity Product Architect
Active Voice Corp
jlindborg@activevoice.com

Anonymous
N/A

Re: can't hide users in directory

I am interested in how to setup the address book view. Would you post the information or e-mail it to me, thanks. I have a customer that wants to hide the accounts like EAdministrator and Unity Messaging System from their address book.

Anonymous
N/A

Re: can't hide users in directory

Hi Daniel.

OK… I’ll post Roger Newton’s paper on how to do this. Roger is a former trainer here at AV who is now out working for one of our bigger dealers on the west coast.

I would like to point out first, however, that you don't need to hide the Example Administrator... You should really replace the references to the Example Administrator with someone "real" in your organization (we cover the details of this in the administration guide). He's there as a place holder for some of our default entities but it's important that you make sure someone in your organization is getting messages for the Unaddressed Messages distribution list and the like which are populated by default with only the Example Administrator account.

Roger's instructions below are intended for folks that want to make sure folks MUST use the address book assigned to them and no other. For larger shops this is a good thing, but it does add a level of complexity. You can also offer simple address book view that are available to everyone on a more voluntary basis and save a few steps. Depends on what it is you’re trying to do.

Anyway, here’s his notes:

=====================================================

This paper addresses Exchange Address Book View application to remove Voice Mail Only users from the Exchange Global Address List (GAL) and does not address listing in the Unity telephone directory. Voice Mail only users can be effectively “hidden” from the GAL to prohibit e-mail from overloading a mailbox which is designated as “voice mail only”. “Hiding” the user from the GAL does not prohibit e-mail from being sent to that user if the sender manually enters the recipient’s address. It simply removes the ability to see the record in the GAL. Think of this entry in terms of an unlisted telephone number (recall that selecting the option to “hide from address book” in Exchange removes the ability of Unity to use that account. Therefore, follow the following steps to hide Unity users). This is also an excellent way to hide the Unity Messaging System Mailbox as well as other system accounts from the GAL.

This document assumes a basic understanding of the Exchange Administrator interface.

1. From the Exchange Administrator toolbar, select tools, then options, then permissions. Select the check boxes for Show Permissions page for all objects and for Display rights for roles on Permissions page. Click OK.

2. On the Configuration tab for your site, select the DS Site Configuration object and click on Anonymous account. Choose an account for Anonymous access. A good choice is the NT Guest account which is disabled by default. Specify a strong password (you typically will not allow anonymous access to your directories. Choose help if you need more information). Click OK.

3. Open the permissions page for the Organization object. In the Rights box, check the box to enable the search right for the Exchange Service account (last in the list). Click OK. This action effectively removes rights to view the GAL for ALL Exchange users not given explicit permissions.

4. From the Exchange Administrator toolbar, select File, then New Other, then Address Book View. Enter a Display name and Directory name such as “all mail” and then select the Group By box. Choose the item you wish to group by and click OK. For our example, we will use Custom Attribute 10.

5. For each user who will be visible in the GAL, enter sorting information in the field which you chose to sort on. Since our example uses Custom Attribute 10, enter sorting information such as the word “all” in the Custom Attribute 10 field on the Custom Attributes tab of the appropriate record. The name you use here will appear in the GAL as an address book view and its Display name can be modified later in Exchange by selecting the properties of the view and then modifying the Display name field. For bulk changes, use the Exchange Import Header Tool to extract the field to a .csv file, add the changes, and import the records back into Exchange. For information on installing and using the Import Header Tool, refer to your Exchange documentation. Additionally, if you enter information in the field that differs from record to record (such as some with “all”, some with “voice”), Exchange will break these out into their own containers within the object view. If no entry is found in a record, the record does not appear in the sorted views. An example would be to leave the Custom Attribute 10 empty for the Unity Messaging System Mailbox (or, of course, for all voice mail only users). The mailbox will not show up in the view.

6. In User Manager for Domains, create a local and global group for setting permissions to access the GAL. You may want to use intuitive group names such as “All Mail” or “All Mail Local”. For this example, add users who need access to the “all mail” view to the global group (for this example, all voicemail/e-mail users). Add the global group to the local group. In this way, you are prepared to accommodate users from other trusted domains as and if necessary.

7. From the Exchange Administrator, select the Address Book Views container you wish to give users permission to see. You may choose the original view itself, or its subview depending on your preference. For our example, we’ll use the subview or the last view before you see the actual mailboxes. In this way, if we choose to sort views individually based on the information in the Custom Attribute 10 record in the future, we can simply apply the appropriate permissions to each object. You could even give individual permissions at the mailbox level if you choose, although this is not recommended form an administration standpoint.

For now, select the permissions tab on the subview object (for our example, the “all” object) and select add. Choose the local group you created in step 6 above. Remove all permissions EXCEPT Search from the Rights box. Click OK.

8. At this point, you should log on and test views as both a voicemail/email user and a voicemail only user to verify views are set up correctly (you will create the appropriate Exchange profile using Outlook and view the GAL). You must define (or not) views for EVERYONE in the organization according to needs for views to work correctly. If you view the GAL with an account that has other privileges on the Exchange server (such as the Administrator account), you will not be able to verify Address Book Views since such accounts have special permissions to view the GAL. Use an account that has everyday user rights. Specify the log on locally right in User Manager for Domains if necessary to complete this procedure.


Jeff Lindborg
Unity Product Architect
Active Voice
jlindborg@activevoice.com
http://members.home.net/jlindborg

Anonymous
N/A

Re: can't hide users in directory

In case it wasn't mentioned above, the Exchange Import Header tool can be used to make bulk custom attribute changes where a large number of mailboxes exist. I believe it is available on the Exchange resource kit. It is freeware form MS.

246
Views
0
Helpful
4
Replies
CreatePlease login to create content