We could accomplish our goal by simply denying the Open Address List permission. But there is a problem with that. The problem is that although the users can’t view the contents of the Address List, they can still view the Address List itself. I want to hide the entire thing so that they won’t see the Address list or the contents. So back to ESM we go. What we are going to do is create an empty Address List that acts as a container for the address lists that we would like to hide. We will then remove or deny the list contents permission to specific groups or users in order to determine who will or will not be able to see a particular address list. Now in our case, you will have to think back quite a while ago to an article I wrote where I talked about granting different administrative groups rights throughout your Exchange Organization. If you will remember, we had both a BostonEXAdmin group and a TampaEXAdmin group. Using these two groups, I am going to allow the members of the TampaEXAdmin group the ability to access the address book while denying the BostonEXAdmin group from even being able to see the Confidential Address Book. What I have done is gone into the ESM and created a blank Address List called HiddenContainer, as you can see below.
Now, what I need to do next is to drag the Confidential Address List so that it becomes a child object of the HiddenContainer Address List., like so:
Now I go into the properties of the HiddenContainer Address List, and I am going to specifically deny the BostonEXAdmins group the List Content Permission!