This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 11%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Working on Active Directory in a Windows Server 2012R2 / 2016 environment (with Exchange 2016).
I want to enter everyone's cell phone number into AD and then have that information be searchable in Outlook, OWA, and the GAL on configured mobile devices.
I think that's pretty straightforward, but here's where I'm getting stuck. I only want certain people/groups to be able to see the cell phone numbers. I think that this might involve creating a custom attribute, but I'm not sure. Any help would be greatly appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Hello,
I am checking how the issue is going. We mainly focus on the AD issues. So sorry that we are not professional with exchange issues. In AD, we could try the provided solution if we would like to restrict the certain user the access to mobile phone or phone information of other users.
If you still have any questions, please feel free to contact us. Thank you so much for your time and support.
Best regards,
Hannah Xiong
Hello,
Does this question have any update or has this issue been solved? Also, for the question, is there any other assistance we could provide?
Besides, there is email notifications function on this forum. It is suggested that we could set it up so that we could receive prompts for responses in time.
https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html
Thank you so much for your time and support.
Best regards,
Hannah Xiong
Not Outlook client issue and is more related to AD and Exchange server, so we removed the Outlook tag. Thanks for your understanding.
There really isnt a clean way to do this.
The only real segmentation technique in Exchange are Address Book Policies, but in your scenario, they wouldn't apply when you really just want to keep some users from seeing a specific attribute and there is no supported way to do that in Exchange or Outlook.
Hello,
Thank you so much for posting here.
It is not possible to hide phone numbers from the GAL. If we do not want most of people to be able to see the sensitive information, adding them in AD may not be the right option.
Here are the similar cases for your reference:
https://social.technet.microsoft.com/Forums/en-US/dcfbfbd8-ed95-4291-8f9c-fe42a8c20bec/hide-phone-number-attribute-in-ad?forum=winserverDS
We could deny access to the attribute for people querying your AD by updating the permission on the OU containing the users. Below is my test: the user U2 will not be able to access the phone number information of user 11.
Open AD users and computers
Select the Users OU (In my case, it is ou1), right click user account 11 and select properties
Select the Security Tap
Select Advances button
Select the ADD button and add the users or groups you do not want them to access the phone number attribute (In my case, it is user U2)
Then, from the list with the permissions entries, select the users or group we just added (user U2)
In the Type checkbox, select: Deny
In the Applies to dropdown box select: This objects only
Click "Clear all" and then check "Read Telephone Number".
Then this user U2 will not be able to access the Phone number information of user 11. For example:
For any question, please feel free to contact us.
Best regards,
Hannah Xiong
Well actually the question was about the mobile number, so the property would be "Read Mobile Number". But regardless, doing this doesnt solve the problem and would be unsustainable to maintain
