It's natural to assume that denying a particular user access to an object would mean that the user can't access the object from any application. In practice, however, that isn't the case. Setting ACLs on Active Directory (AD) objects can have different effects on searching and browsing from Outlook, Outlook Web Access (OWA), Outlook Mobile Access (OMA), and Outlook Express.
Microsoft Exchange environments typically use multiple email clients, most of which employ AD when searching for and browsing mail recipients. AD objects, such as users, contacts, and groups, store details such as email addresses in the object attributes, and different email clients use different mechanisms to present these objects and attributes to the end user. ACLs that you apply to AD objects can allow or deny access to individual object attributes as well as to objects themselves. ACLs consist of one or more access control entries (ACEs), each of which can grant or deny different types of access to an object and its attributes. . . .
Register
