locked
Lock users to OU

    Question

  • Hello,

    We would like deploy Office Communicator to our other business units /departments but we want to make sure that they can only add / see users with in their departement. We don't want the users to be able to see / add contacts to Communicator from other departments.

    One idea was to see if we can lock the user down to be able to only add per their OU. Is this possible?

    Thanks,
    Shaun
    Monday, March 16, 2009 9:03 PM

Answers

  • You can partition your Adress Book by OU. So a user in an OU would be able to see only other user in the same OU.
    To do this, just use the ABSConfig.exe from the OCS Res Kit. Activate the "Partition Addressbook data by Organizational unit and create individual Addressbook files per OU" parameter.

    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Monday, March 16, 2009 9:49 PM
  • Shaun,

    No that does not limit connectivity; it simply segregates Contact Lists to only show other users in the same OU as the singed-in user.  Blocking communications among users would need to be configured via Access Lists (setting other's to block) which is a cumbersome and unscalable 'solution' for lack of a better term.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Tuesday, March 17, 2009 4:50 PM
    Moderator

All replies

  • You can partition your Adress Book by OU. So a user in an OU would be able to see only other user in the same OU.
    To do this, just use the ABSConfig.exe from the OCS Res Kit. Activate the "Partition Addressbook data by Organizational unit and create individual Addressbook files per OU" parameter.

    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Monday, March 16, 2009 9:49 PM
  • Does this stop the user from typing in an SIP address from outside the address book and adding a contact that way? We have a standard email / SIP address format so it would be easy for someone to get the address of a help desk tech and try to add them, this is what we want to avoid.

    Thanks,

    Shaun
    Tuesday, March 17, 2009 2:01 PM
  • Shaun,

    No that does not limit connectivity; it simply segregates Contact Lists to only show other users in the same OU as the singed-in user.  Blocking communications among users would need to be configured via Access Lists (setting other's to block) which is a cumbersome and unscalable 'solution' for lack of a better term.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Tuesday, March 17, 2009 4:50 PM
    Moderator
  • Thanks, I will do the Addressbook isolation and see where that gets us. I will try to stay away from access lists.

    Shaun
    Tuesday, March 17, 2009 8:11 PM
  • If someone was interested in using access lists to control users, is there any documentation on how to do so?
    Tuesday, June 30, 2009 1:59 PM