When you do a lookup for a user in OWA, it uses an LDAP query rather than the actual GAL, therefore bypassing any ACL's you may have set on your GAL(s). What I want to know is, what authentication is the Exchange server using to connect to the Global Catalog to pull the information? I assume that if I know the account being used, I can limit what that account can see by applying specific ACL's onto it. Please correct me if I'm mistaken. Thanks!
