XADM: Hidden Recipients Visible When Connected to Exchange 2000 Mailbox (291868)


The information in this article applies to:

  • Microsoft Exchange 2000 Server SP1
  • Microsoft Exchange 2000 Server SP2
  • Microsoft Exchange 2000 Enterprise Server
This article was previously published under Q291868

SYMPTOMS

If an Active Directory user (User A) is connected to an Exchange 2000 Server mailbox, and the Exchange Server administrator has selected the Hide from Exchange address lists option for that user, User A's name may still be visible to another Exchange 2000 Server user who views the membership of a direct reports list or a distribution list that User A is a member of.

NOTE: If an Exchange Server 5.5 user views the membership of the aforementioned direct reports list or distribution list, that user will not be able to see User A's name.

CAUSE

If an Exchange Server administrator selects the Hide from Exchange address lists option on the Exchange Advanced tab of a Windows 2000 Active Directory user (User A) object, this only prevents User A's name from appearing on address lists, such as the global address list. This does not affect permissions on the user object, nor does it hide other links on the object, such as the direct reports list or a distribution list.

WORKAROUND

To prevent this behavior from occurring, create an organizational unit (OU) in the Windows 2000 Active Directory, and then deny the List Contents permission to restricted users and groups. This permits administrators to add users to, or remove users from, the OU at their discretion.

To configure this level of access, follow these steps:
  1. In the Active Directory Users and Computers MMC snap-in, create an OU. In this example, it is named "Hidden Users."
  2. Select the new OU, and then click Properties on the Action menu.
  3. Click the Security tab, and then click Advanced.
  4. In the Access Control Settings dialog box, click the Permissions tab, and then click Add.
  5. Select any users or security groups to whom you want to deny access to the OU, and then click OK.
  6. In the Permission Entry dialog box, click to select the Deny check box for the List Contents permission. Click OK.
  7. Click OK two more times, and then close the Active Directory Users and Computers MMC snap-in.
Any user who is a member of the OU is no longer visible when viewed by the restricted users specified in these steps.

STATUS

This behavior is by design.
Modification Type:MinorLast Reviewed:7/12/2005
Keywords:kbpending kbprb KB291868
©2004 Microsoft Corporation. All rights reserved.