I'm trying to setup different GALs/OABs for 2 user groups.
I've successfully segregated the GALs, but the OAB for
the new group keeps reverting to the default OAB, EVEN WITH DENY access set!!
This is what I've done:
1. Created 2 user security groups with the respective lists of users
2. added BOTH groups to the default GAL and
granted DENY permissions.
3. Create 2 new GALs, which return the correct user lists when I preview. I added the
respective security group with read/list access and the OTHER group with Deny access
4. I've created a new OAB, added
the appropriate GAL to it. I also created a new mailbox store for the new mailboxes and assigned it the new OAB. (I only
need the 2nd group to use the new OAB. The 1st group can use the default)
5. I updated security in ADSI to Deny access
to my new user group on the Default OAB and grant access only to the new group on the new OAB
6. I set the
"msExchUseOAB" attribute for all users to the D.N. of the custom OAB.
7. I've rebuilt the new OAB countless times and I
can see it in the system public folders.
Problem is the new mailboxes are still getting the entries from the
original default OAB!
I've deleted/re-created the MAPI profiles and when not using cached mode I have the correct
GAL, but in cached mode once the OAB is downloaded I keep getting the default one, despite the DENY access.
at a total loss and can;t understand why this isn't working, can anyone assist??