We are offering hosted Exchange services and are in an Microsoft Exchange 2010 only environment with a Windows Server 2003 Domain Controller.
My problem is that all the customers have access to the GAL, which contains....all the customers. We obviously do not want that, but I have no idea on how to :
- Restrict access to the Global Address List to only me and my fellow administrators
- Create a Global Address List for each Organizational Unit and restrict access to it to the designed Organizational Unit
- We have also created regular Address Lists for each OU but all the customers also have access to these.
What you're looking for is GAL Segmentation. Unfortunately, there's currently no supported way to do this with Exchange 2010. Microsoft has clearly stated that if you do get this to work with Exchange 2010, your solution may not be supported (in other words, a future update may break it and if something's not working correctly don't expect to call into Microsoft).
You may either downgrade to Exchange 2007 and follow these instructions or wait for it to come to Exchange 2010. The MS Exchange team says it is coming. I would expect this feature to be released with SP2.