John mailed me with this conundrum:
We have a dozen or so contacts that we do not want displayed in the GAL. Instead, we use a secure custom address list to display these contacts. I cannot figure out how to change the filter on the default address lists in Exchange 2000/2003. In ESM, the modify button is greyed-out on the default address lists like “All Contacts” and the GAL. So I used ADSI Edit to modify the PurportedSearch attribute on the default address lists. This seems to work after running the RUS, but eventually the filter stops working and the default filter is applied again — even though my filter changes remain in AD. I go to ESM and run preview and the filter mod still works. But in Outlook, it doesn’t work. Where do I need to make this change so that it will stick?
Well …the generally ‘recommended’ approach would be to create a new GAL with the filter you want and then deny access to the default GAL.
1) Create a new GAL and use appropriate filter. Never touch ADSIEdit for these tasks.
2) Assign permissions. First, test; use individual user account of a test mailbox and a) deny access to default GAL b) grant access to the new GAL. If all goes well, deny everyone access to default GAL.
Trick here is to understand that Outlook will, among those it has permissions to, attach to the GAL that has the most number of items in it. Because default GAL typically has the most items in it, it’s imperative that they deny access to it.
Lastly, never delete default GAL object.
There are some other bits of information in these KB articles too:
I was wondering why I couldn’t send a URL to my colleague the other day and thought that it was just a policy that we’d introduced internally. Then I remembered that this was a new feature for LCS 2005 which is designed to stop the propagation of IM virii.
SP1has lots of useful extras like this. You can download it here
Microsoft Office Live Communications Server 2005 with SP1 further improves business efficiencies by enabling information workers to communicate and share presence information with contacts in real time through a security-enhanced, enterprise-grade, integrated environment.
Live Communications Server 2005 SP1 improves on the features of Live Communications Server 2005 by extending the federation model, enhancing functionality, increasing security, and improving performance and infrastructure support. These improvements include:
- Tools to enable Public IM Connectivity; the ability to add contacts, send instant messages, and share presence information with users of the three main public IM service providers MSN, AOL and Yahoo!.
- Enhanced federation, which uses DNS-SRV resolution to simplify connecting to federation partners.
- New optional spim filters for better control of unsolicited instant messages.
- Support Microsoft Office Communicator 2005.
- Support for multiple tree Active Directory forests.
- Improved server API performance.
SP1 Documentation on Office Online
Live Communications Server 2005 with Service Pack 1 Planning Guide
Live Communications Server 2005 Address Book Service Planning and Deployment Guide
Updating to Service Pack 1 and Enabling Public IM Connectivity
Live Communications Server 2005 with Service Pack 1 Feature Guide