In my environment, we have several domains configured in Zimbra with AD lookup, e.g. domainA, domainB use AD-A. domain C uses AD-C. Further, each account has a separate alias created, and this alias is used as the email address proper. For example, account tuser has email test.user@domainA (reason for this in the past was to separate the actual account information from the email, to reduce the chances of hacking into the account proper; unfortunately Zimbra does not currently support not being able to login as the alias... although I do hope this will be implemented someday!).

The problem: In order to show the proper test.user@domainA email address and not the tuser@domainA version, we tick the "hide in GAL" for the account, and as per the wiki and various posts, we configure zimbraGalLdapSearchBase, zimbraGalSyncLdapSearchBase, zimbraGalInternalSearchBase and zimbraGalSyncInternalSearchBase as ROOT for all the domains. This works fine with domains using the same AD, e.g. domainA and domainB can find the correct email addresses within AD-A. However, domainC cannot find any addresses within AD-A, and vice versa domainA and B cannot find any email addresses in AD-C.

I'm guessing this is most likely "working as designed", but does anybody have any tips or workarounds on how this can be resolved, i.e. hide the account but allow the aliases to be seen cross-domain and cross-LDAP?