Hi allCan we create a domain local group in the Exchange resource forest to provide permissions on the GAL? This is created to add users from the user forest in the domain local group and restrict the users from listing the other companies Address lists.is it supported scenario to have domain local group created to provide permissions?

That's the way we handle access to shared mailboxes and management of distribution groups for those users who have linked mailboxes (which still is the majority). We don't provide permissions on the GAL (or GALs). I cannot see any reason why this approach should be unsupported by MS. Domain local groups can contain users and groups from others domains and trusted forests and are meant to be used to secure local resources from the same domain that the group resides in. jas

Hi Shivakanth,I agree with Jon-Alfred. There is no reason why it would not be supported and this is how most of the enterprises deal with permissions assignment. This configuration is fully supported. However, if you are dealing with resource forest of an exchange deployment I would recommend using the universal security groups in the trusted forest instead of creating them in resource forest. This simplifies the resource forest administration and the other forest administrators.Milind Naphade | MCTS:M | http://www.msexchangegeek.com

thanks for your reply.