I created a custom global address list for one of our departments. I set the address book permissions to deny them read on any GAL/address list they don't have permission to and made sure they were assigned the right GAL and OAB.
The GAL and the OAB work properly both from outlook and from OWA.
I just granted one of the users ownership of one of the groups and added the distribution group role to his policy...
The problem is: When he goes to manage the distribution list through ECP/OWA he can see the regular GAL rather than the limited one he should have access to. If we go to the mail window and check his address book in OWA it only shows the GAL he has access to. If he goes to add a member it shows all members from the full GAL.
How do I fix this?