Configuring Virtual Organizations and Address List Segregation in Exchange 2007

Thansks for that great article. Is there an other solution for the "unsupported" configration ?. This do describes a "total segregated" configuration without the default GAL. How can i implement, that company1 is using GAL1 and AL1, company2 is using GAL2 and AL2  and the hoster and other services (fax, blackberry etc) can still use a "global GAL".
An other problem is see is the modification at the OU-Level. I understand, that the dsheuristics modification makes sense (similar zu access based enumerations ad file shares). But is it a good idea to remove permissions at OU-Level ("To accomplish this task, you must remove from each organizational unit the permissions assigned to the Authenticated Users group and the Everyone group, if it exists"). How far are be from a "standard" ?.
There should be a solution adding a GAL/AL with a filter and permissions to the GAL/AL without modifying AD-Permissions at OUs.

Are there more details to "Attempting this configuration will cause problems with the check names functionality which will prevent users from creating Outlook profiles" ?.