Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
 

Controlling Object Visibility in Exchange 2003

Start ADSIEDIT by clicking on Start, Run, type ADSIEDIT.MSC and hit Enter.

Find your Configuration Container. By clicking on the + sign next to the containers browse to Configuration, Services, Microsoft Exchange.

 If you have Microsoft Active Directory Connector (ADC) installed two containers will be visible underneath the Microsoft Exchange Container:

Active Directory Connections and

Your Exchange Organization Name – Mine is E2K3Target.

Expand the Exchange org container – Global Settings Becomes Visible. Right Click on Global Settings, click Properties and click on the Security tab.

 

The Access Control List (ACL) for this container becomes visible, i.e the list of permissions and to whom they apply as they pertain to this object.

Permissions that are inherited are the Grey tick boxes. It would be a good idea to  LEAVE THOSE ALONE, unless you have a really good idea of what you are doing, you have a working backup and you’re testing this in a lab first.

To re-iterate what were trying to achieve – we want to deny the helpdesk operator – who logs in as Helpdesk – visibility to a number of objects. The Global Settings container is one of them.

Click Add, using the object picker that appears chose the user or group you are targeting and click OK. The user appears in the list. Since the user or group has permissions onto the Exchange Organization – I mentioned earlier that I had run the Delegate Control wizard – the Read permission is inherited for this object. Without un-ticking the inherited permission, tick the Deny box for the Read permission and click OK. 

Global Settings has just disappeared out of my Helpdesk users Exchange System Manager view. Remember to wait for replication to happen if this isn’t instant.

Expanding CN=Administrative Groups reveals the various administrative groups, i.e. First Administrative Group, etc. Expanding those in turn reveals a number of interesting containers. Note that most of the objects at this level are container objects with one or more child objects. This means that all or some of these may be hidden using the same method described above on the Global Settings Container or particular objects such as particular servers may be cherry picked. This does allow a customizable ESM view to be built for each area of responsibility. A customized help desk role may include visibility of a regional server with its associated protocol stacks or just the SMTP stack with queue management and nothing more….

 

 

 

 

 

 


Controlling Object Visibility in Exchange 2003

 Nicolas Blank Page 1 | Page 2 | Page 3

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008