I'd like to restrict the visibility of certain Exchange Distribution Groups in the GAL.
Or more specifically, I want to create individual groups that are visible only to particular AD groups?
Let say I have a group called "Sales"
How can I create some specific DGs that are only visilbe to the Sales team?
Is this done through security rights on the DG object? If so, what should I be adding/removing?
Thanks.
edit: Sorry, Exchange 2007.
Hopefully you're running Exchange 2007.
In an Exchange 2007 environment you're talking about "Address List Segregation". The canonical paper from Microsoft describing what you want is http://technet.microsoft.com/en-us/exchange/bb936719.aspx.
Officially, Microsoft says that there is no "suppport" for doing this in an Exchange 2003 environment (see http://blogs.msdn.com/dgoldman/archive/2008/02/19/exchange-2003-address-list-segregation-document.aspx). Worse, it looks like Microsoft has pulled most of the content related to doing this with Exchange 2003 (http://support.microsoft.com/kb/321723, for example).
It's been years since I've done this with Exchange 2003 (and, even then, it was in a lab), and I'd be loathe to give you advice w/o mocking it up in a lab first. There's some information here for Exchange 2003, and it all looks like what I remember, but I'd be awfully careful with trying that on a production AD.
Are you referring to Distribution Groups in ADUC or Address Lists in ESM?
To add to what Evan said: Doing this in Exchange 2003 is not officially supported but it's pretty simple to set up. We host email for about 50 companies using Exchange 2003 and we work with this all the time. Segregated Address Lists, Public Folders, Recipient Policies, etc. I didn't want to assume you were referring to Address Lists in your original question because you stated "Distribution Lists" and technically there's no such thing. There are Address Lists and Distribution Groups. I didn't want to post an answer without knowing exactly what you were referring to. The following article is what we used to get started with shared hosting with Exchange 2003 and it should give you the jist of how to set up, segregate, and secure your Address Lists.
http://www.msexchange.org/tutorials/Shared_Hosting_Exchange_2003_Part1.html