John mailed me with this conundrum:
We have a dozen or so contacts that we do not want displayed in the GAL. Instead, we use a secure custom address list to display these contacts. I cannot figure out how to change the filter on the default address lists in Exchange 2000/2003. In ESM, the modify button is greyed-out on the default address lists like “All Contacts” and the GAL. So I used ADSI Edit to modify the PurportedSearch attribute on the default address lists. This seems to work after running the RUS, but eventually the filter stops working and the default filter is applied again — even though my filter changes remain in AD. I go to ESM and run preview and the filter mod still works. But in Outlook, it doesn’t work. Where do I need to make this change so that it will stick?
Well …the generally ‘recommended’ approach would be to create a new GAL with the filter you want and then deny access to the default GAL.
1) Create a new GAL and use appropriate filter. Never touch ADSIEdit for these tasks.
2) Assign permissions. First, test; use individual user account of a test mailbox and a) deny access to default GAL b) grant access to the new GAL. If all goes well, deny everyone access to default GAL.
Trick here is to understand that Outlook will, among those it has permissions to, attach to the GAL that has the most number of items in it. Because default GAL typically has the most items in it, it’s imperative that they deny access to it.
Lastly, never delete default GAL object.
There are some other bits of information in these KB articles too: