Problem solve Get help with specific problems with your technologies, process and projects.

Creating multiple mail-enabled users with strict security provisions

I need to set up Exchange so multiple mail-enabled users can be created. But, none of the users should be able to see any other user in Exchange. Users must not be able to see any address lists except the contact list he/she creates (i.e., emulate what is available in Hotmail/Yahoo). The user should not be able to search any other users within Exchange. The user must be able to log in to his/her mailbox using Outlook client. Is this possible?
This is possible with careful provisioning. It may require an extreme makeover of you directory security, which could be detrimental to your production environment. Specifically, Active Directory can run in a List Object Mode for this type of solution, and you will likely have to remove the Authenticated Users group from various objects to hide users from one another.

This is in fact the model that application service providers use to host an Exchange 2003 server. If you were to qualify as an ASP and go with the ASP licensing model for Exchange, you would have access to Microsoft's provisioning software (MPS). If your plan is not to be an ASP, then you may have to come up with your own model for provisioning. You can read more about MPS here:

If you want to do it on your own, you can check out the following links:

Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:

  • Learning Center: 20 tips on securing Outlook in 20 minutes
  • Topics Library: Exchange security
  • Topics Library: Exchange scripts and programming

  • Dig Deeper on Exchange Server setup and troubleshooting

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.