OCS 2007 r2 multiple address books?

staggerlee

Hi all,

we've just had OCS 2007 r2 installed at work and the boss wants him and some external companies (we will create AD accounts for them) to use OCS but for them to have a limited address book. so instead of them seeing the global book of all uses, they will have separate one just for there group.

Ive looked around and apart from finding that info is limited on this subject (OCS) that there are 2 ways one a brought product

Microsoft Office Communications Server - Microsoft OCS Contact Manager - OCSCM

and second using something in the resource kit called LCSAddContacts.wsf

Download details: Office Communications Server 2007 Resource Kit Tools

Can anyone confirm deny this? anyone got experience on using either of them?

s

blargoe

I've never seen it done that way but I haven't seen a lot of deployments either. It looks to me like the two solutions that you linked just manage the personal contacts for each user but I didn't see anything about blocking access to the Global address book in general.

It would make more sense to me for the other companies to use the cloud-based OCS that is part of Microsoft's BPOS offering, and have them federate with your on-premise OCS. That would keep them out of your A/D and address book.

staggerlee

Hi blargoe,

Using anything external isnt an option at present sadly..

Seems crazy that this isnt just a few clicks to complete. why would every organization want everyone in it to see everyone else.

thanks for the reply

blargoe

Exchange is the same way.

Since OCS is using the same GAL as Exchange, the only way I could think of to explore is to use Microsoft's way of filtering the GAL in Exchange to deny access to certain users (this is somewhere in Technet documentation, in the sections about hosting Exchange Server for multiple companies), and you can assign different sets of users/groups a different GAL. You'd have to have a separate Address Book Server in OCS for each outside company running under a different service account, deny access that service account access to the default GAL, and the service account access to the "correct" GAL.

And I don't even know whether that would work or not and probably would not be viable to maintain long term. It certainly would not be a supported scenario by Microsoft. And would greatly increase cost.

Claymoore

staggerlee wrote: »

Seems crazy that this isnt just a few clicks to complete. why would every organization want everyone in it to see everyone else.

Why wouldn't they? Hiding an address doesn't prevent you from messaging them, and you can always add them to your personal contacts. I have had clients whine when the OAB isn't generated and downloaded often enough to include users who were added a couple of hours ago.

About the only way I see this working is to set up GAL synchronization with IIFP/MIIS/Forefront ID Manager like you would for separate AD forests and only sychronize users in specific OUs to their GAL. Of course they would need to have OCS installed in their organization as well.