Microsoft KB Archive/291868

= XADM: Hidden Recipients Visible When Connected to Exchange 2000 Mailbox =

Article ID: 291868

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Exchange Server 2000 Service Pack 1
 * Microsoft Exchange 2000 Server Service Pack 2
 * Microsoft Exchange 2000 Enterprise Server

-



This article was previously published under Q291868



SYMPTOMS
If an Active Directory user (User A) is connected to an Exchange 2000 Server mailbox, and the Exchange Server administrator has selected the Hide from Exchange address lists option for that user, User A's name may still be visible to another Exchange 2000 Server user who views the membership of a direct reports list or a distribution list that User A is a member of.

NOTE: If an Exchange Server 5.5 user views the membership of the aforementioned direct reports list or distribution list, that user will not be able to see User A's name.



CAUSE
If an Exchange Server administrator selects the Hide from Exchange address lists option on the Exchange Advanced tab of a Windows 2000 Active Directory user (User A) object, this only prevents User A's name from appearing on address lists, such as the global address list. This does not affect permissions on the user object, nor does it hide other links on the object, such as the direct reports list or a distribution list.



WORKAROUND
To prevent this behavior from occurring, create an organizational unit (OU) in the Windows 2000 Active Directory, and then deny the List Contents permission to restricted users and groups. This permits administrators to add users to, or remove users from, the OU at their discretion.

To configure this level of access, follow these steps:
 * 1) In the Active Directory Users and Computers MMC snap-in, create an OU. In this example, it is named &quot;Hidden Users.&quot;
 * 2) Select the new OU, and then click Properties on the Action menu.
 * 3) Click the Security tab, and then click Advanced.
 * 4) In the Access Control Settings dialog box, click the Permissions tab, and then click Add.
 * 5) Select any users or security groups to whom you want to deny access to the OU, and then click OK.
 * 6) In the Permission Entry dialog box, click to select the Deny check box for the List Contents permission. Click OK.
 * 7) Click OK two more times, and then close the Active Directory Users and Computers MMC snap-in.

Any user who is a member of the OU is no longer visible when viewed by the restricted users specified in these steps.



STATUS
This behavior is by design.

Additional query words: rights see seen show ldap ldp

Keywords: kbpending kbprb KB291868

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.