I am running Exchange 2003 Enterprise Edition on a Windows 2000 server. Everything is running great. However, I have been asked to restrict students from e-mailing other students in our Windows 2000 Active Directory domain. That way, only teachers and staff can e-mail the students, and the students will not be able to e-mail each other.
I know I can set restrictions on user objects directly, but isn't there an easier way? We have 2000 students! I tried using Universal Distribution Groups, but those don't seem to work. Do you know of a way to do this, or a utility we could purchase? Would creating another mailbox store be a possible solution?
Congratulations, you really had me scratching my head over this one! I used to work for a hosting provider, so spent a fair bit of time partitioning Exchange to segregate multiple shared hosted companies from 'seeing' one another and being able to access one another's resources. But doing this on a mailbox-by-mailbox basis poses some major challenges of scalability as I see you've discovered. I've spent a bit of time asking around for you, both within Microsoft and the Exchange MVP community at large, and as yet have not managed to figure out a solution for you. I am also not aware of any third-party solutions that achieve what you're looking to do, unfortunately.
Do you have comments on this Ask the Expert question and response? Let us know.