24.3 C
Dubai
Tuesday, March 19, 2024

How to Implement Address Book Policies in Exchange 2010 SP2 Effectively

New Series Available for Exchange 2010/2013/2016 – Office365  –

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 2

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 3

In Layman’s Term Every Department will See their own Global Address list

Commercial GAL segregation wasn’t been Supported in Exchange 2003 and Exchange 2007

It was supported in HMC 4.5 in Exchange 2007, Where you got to buy a license for it separately

In Exchange 2007 only Internal GAL segregation was supported as per the white paper

http://technet.microsoft.com/en-us/library/bb936719(v=exchg.80).aspx

In spite of more complications

Exchange 2010 Hosting was introduced But No Upgrade will be provided by Microsoft

http://blogs.technet.com/b/exchange/archive/2011/10/13/future-of-hosting-mode.aspx

Now Exchange 2010 SP2 or later is the one of the Best solution for GAL segregation commercially and internally which is more efficient and easy it implement.You need to Perform Some Check Lists before going into implementation of Address Book Policies

1. Address book Policies will work only on Exchange 2010 Service Pack 2 or later.

2. Exchange 2010 should not be installed on a GC or DC , Especially Client Access Server

(Address book policies won’t work for Outlook but It will work for OWA alone,)

3.Any Client Device or Client Software access Active Directory directly  for Directory Access then ABP won’t work Like , Outlook is hard coded to GC & Entourage 2008

4. Outlook clients should be at least – Outlook 2007, Outlook 2010

Outlook 2003 with Latest Service pack does recognize Address book policies but we might face little complications , its my personal experience ,Like , login credentials should be the exact same as the Email Credential

Those are the most important Check lists before you going to implement it

Now will Explain how to Deploy  Address book policies in Different Scenarios as per the TechNet

Before Getting into Address book Policies we should first plan how we are going to Segregate the users

There are Various filters you can use to segregate users ,

Refer Link – http://technet.microsoft.com/en-us/library/bb738157%28EXCHG.80%29.aspx

But we have something called Custom Attributes

We have 14 Custom attributes where we can use to Segregate users

Personally , Segregation is much more easier and Easily manageable using Custom attributes

In Simple Words Experts Prefer Custom Attributes

Now will explain how to segregate users in the below scenario

Scenario 1: Two Separate Companies in One Exchange Organization

 

image

First we will plan to segregate the Users

For Organization A , I will use Custom attribute1

Custom attribute1 = OrgA

For Organization B ,  I will use Custom attribute2

Custom attribute2 = OrgB

We got to Create a Separate Address book policy for Every Organization.

Organization A people should not see Organization B People in their Global Address list

image

We got to Create 4 things for the Organizations to Implement Address Book Policies

1. Global Address list

2. Address list

3. Rooms list

4. Offline Address book

Once we create that we can Assign it to the Users , Every User can have only one Address book policy.

1. Creating a Global Address list

Need Exchange Management Shell to create Global Address list ,

Where users with Custom attribute 1 with value ORGA , Only they will show up in the Global Address list

New-GlobalAddresslist "Organization A" –ConditionalCustomAttribute1 "OrgA" –IncludedRecipients "AllRecipients"

image

2 . Creating a Address list

Where users with Custom attribute 1 with value ORGA , Only they will show up in the Address list

image

Creating a New Address list for ORGA users

image

Setting the Domain as Default Domain

image

Setting the Custom Attribute1 value as ORGA

image

image

Now Address List have been Created Successfully.

3. Creating a Rooms list

New-AddressList -Name ORGA-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute1 -eq "ORGA")-and (RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')}

image

4. Creating Offline Address book

Have a keen look at it , Am not using GUI , Because I want to have the users see the New GAL which I have created for Organization A

Using GUI , I won’t have an option to add the New GAL created

New-OfflineAddressBook -Name "ORGA-OAB" -AddressLists "Organization A"

Created Offline address book Successfully

Am not going to use PF distribution in the OAB properties in the GUI  cause there is no Outlook 2003 clients.

If you still have it , Go ahead and check that option , Make sure you have a PF database

image

Now Going to Create an Address book Policy for Organization A users

image

image

Created an Address book policy successfully !!

Now will Learn how to Apply Custom attributes for Users and other Active Directory objects

Open Exchange Management Console – Recipient Configuration – Mailbox – Properties of User Mailbox

You can have the Custom Attribute 1 Value Set for One User for Testing Purposes

image

Or

You can run in Exchange Management Shell

Get-mailbox "User1" | Set-mailbox –customattribute1 "ORGA"

To apply for all the mailboxes –

Get-mailbox | Set-mailbox –customattribute1 "ORGA"

To apply for the Users in a Specific Database –

Get-mailbox –database "Database Name" | Set-mailbox –customattribute1 "ORGA"

Example –

Allocated OrganizationA users  in ORGA-Database

Applying the Custom Attribute in bulk for ORGA users

image

To Apply for one Distribution group –

Get-DistributionGroup "Group1" | Set-Distributiongroup –customattribute1 "ORGA"

To Apply for one Dynamic Distribution Group –

Get-DynamicDistributionGroup "Group1" | Set-Distributiongroup –customattribute1 "ORGA"

Now to View and Understand Better – Click on View – Add/Remove Columns

image

Choose Custom Attributes which you want to view in Recipient Configuration

image

Now you can see the Custom Attribute Values to the Assigned Users

image

Now we can Apply Address book Policy for a Specific User

Exchange Management Console – Recipient Configuration – Mailbox – Properties of User Mailbox – Mailbox Settings – Address Book Policy

image

To apply in Bulk for all the Users in a Database

Get-mailbox –Database "Database Name" | set-mailbox –addressbookpolicy ORGA-ABP

image

Now Logging into OWA as Test1-ORGA  am seeing ORGA users alone in the Global Address list

image

Now Logging into Outlook as Test1-ORGA am seeing ORGA users alone in the Offline Address book

image

Now Coming in to Email Addresses for the organizations

If you are planning to Give Different Domain Names for this Organizations

Custom attributes will make things Simple for us

First we will Create a Accepted Domain for ORGA –

image

image

Clicking on New will get the Accepted Domain Ready

Now will create a Email Address Policy where it will Stamp only for ORGA users

image

image

Now stamping Email Address for only ORGA users, CustomAttribute1 – ORGA

image

Now Choosing the Accepted Domain –

image

image

image

Now you can see that our OrgA users are Stamped with ORGA.com

image

Great !!

Now ORGA is Ready

Lets make the ORGB ready – Its just the same thing but am going to use CustomAttribute2 as ORGB and going to use Commands as you are familiar now

As We know already we need to Create 4 things for an Organization to Implement Address Book Policies

1. Global Address list

2. Address list

3. Rooms list

4. Offline Address book

1. Global Address list

Creating a Global Address list

Need Exchange Management Shell to create Global Address list ,

Where users with Custom attribute 1 with value ORGA only will show up

New-GlobalAddresslist "Organization B" –ConditionalCustomAttribute2 "OrgB" –IncludedRecipients "AllRecipients"

image

2. Address list

New-Addresslist ORGB-AL –ConditionalCustomattribute2 ORGB –IncludedRecipients "AllRecipients"

image

3. Rooms list

New-AddressList -Name ORGB-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute2 -eq "ORGB")-and (RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')}

image

4. Offline Address book

New-OfflineAddressBook -Name "ORGB-OAB" -AddressLists "Organization B"

Now will Create an Address Book Policy –

New-AddressBookPolicy -Name "ORGB-ABP" -AddressLists "\ORGB-AL" -OfflineAddressBook \ORGB-OAB -GlobalAddressList "\Organization B" -RoomList "\ORGB-Rooms"

image

To apply in Bulk for all the Users in a Database –

Get-mailbox –Database "ORGB-Database" | set-mailbox –addressbookpolicy ORGB-ABP

image

Now Login into Outlook web app as Test1-ORGB am seeing ORGB users alone in the Global Address list

image

Now Logging into Outlook as Test1-ORGB am seeing ORGB users alone in the Offline Address book

image

New-AcceptedDomain –name “ORGB.com” –DomainName “ORGB.com” –DomainType “Authoritative”

image

Now Creating an Email Address Policy

image

image

image

Great !

Now Both the Organizations are Ready

And They have been Segregated with different GlobalAddresslist

Will Get Back with More Interesting Scenarios !!

New Series Available for Exchange 2010/2013/2016 – Office365  –

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 2

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 3

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles

76 COMMENTS

  1. Can you please tell me what i’m doing wrong? In OWA everything fine, but in Outlook 2010 I can see all other adress lists and Default GAL.

      • Hi Paul,

        ABP won’t work , if Exchange is installed on a GC

        Get a new GC and bring down Existing GC to a DC

        or

        Exchange on GC or DC is not supported which might give more issues in the future

        Running DC promo now to remove GC . Will Screw the Exchange Server

        It better to safely uninstall in and Install Exchange which is not a GC or DC

  2. I go to see day-to-day some websites and blogs to read articles or reviews,
    except this webpage provides feature based content.

  3. Hello,

    just a question : for ORG A you are using custom attribute 1 and for ORG B custom attribute 2.
    On this blog http://c-nergy.be/blog/?p=2113 they are just using custom attribute 1 and give it a value of ORG A or ORG B.
    Is there a different result?

    Best regards
    Anthony

    • Both should work the Same ,

      But If you want to get a Common person who should be visible on both the ORG A & B,

      I wil just Fill custom attribute 1 & custom attribute 2

      But if we use the Same attribute for both the ORG . we need to create a New ABP for the common person as well.

      it totally depends on ur environment

      Regards
      Satheshwaran Manoharan

  4. Hi – Thanks For the Posting-
    Question: When I complete step 1 Cmdlet to create GAL – I end up with an entry for that GAL Name (In your case Organization A) When you show Step 2 “Organization A” that was created in step 1 is not in there ?? – I am seeing GAL I created from Cmdlet in step 1 in the address list — can you please clarify

    Thanks.

    • Step 1
      This will Creat your Dedicated gal for Organization A
      New-GlobalAddresslist “Organization A” –ConditionalCustomAttribute1 “OrgA” –IncludedRecipients “AllRecipients”
      Step 2
      Am Creating an Sample address list for Organization A


      You can share me screen shots to admin@careexchange.in
      I can clear your confusion for sure

  5. Excellent !! Have created ABP Based on this step by step —
    Only thing I had to Change was step 3. cmdlet all needed double quotes instead of single
    Thanks…SM

  6. Hi Satheshwaran,
    Can you confirm if the creation of an additional third GAL (counting the default GAL as well) is required? Why not setup a second GAL for the additonal organisation and call it OrgB and use the default GAL for OrgA…or does it absolutely require the addition of a third GAL? what happens to the Default GAL in your scenario where you have one for OrgA and OrgB? Is it hidden? or just left alone? Many Thanks, James

    • You can Use the Default GAL, You can use Default GAL for ORGA. But ORGA users will see ORGB
      Default GAL won’t have any restriction – They will see everything. !!

      Default GAL is still alive. If you don’t apply a ABP for a user. he will look at the Default GAL.
      Like admins, I didnt apply abp for admin so that they can see everyone .

      • Thanks Satheshwaran- in this particular scenario I am implementing, the fact that users in the default GAL (OrgA) can see the users in OrgB is needed, what is wanted, is to prevent OrgB users from seeing OrgA users…brilliant, thank you for the clarification

  7. thank you for posting this, it was incredibly helpful as we are trying to implement a mult-tenant exchange hosting environment. have a question…

    typically our night staff will add all new user AD account as well as exchange accounts. they know very little about exchange other then creating the account. they will not remember to add a custom attribute or assign an address book policy to each user. since we have each customer in a seperate OU, i create 2 powershell scripts. one to apply a customer attribute to each member of the OU every night, and another script to assign it an address book policy(also based on the OU). this allows new users to be created and have both attributes added to thier exchange account automatically.

    1)is there an easier way to do this?

    2)assuming all members of the OU have both the attribute and correct ABP, do you see any issues with the scripts trying to apply these values to users who already have them?

    thanks

  8. Hello 🙂

    First, thanks for this great Tutorial!

    I did it like you, but all addresses will be show… I think it loads the Default Global Address List and not the organisation-specified GAL… I have install exchange on my DC, because i have only one VPS Server… Can you help me? :/

  9. I followed your steps and it worked perfectly. Thank you!

    So I copied your syntax verbatim and just changed the names to suit my needs. Here’s my situation – I have 5 users in ORGA, but only 1 of them is assigned to the ORGA-ABP. That 1 user only sees himself in the list of users in the OrgA GAL. Once I add the other 5 users, then he sees all 5. This did not happen when I recreated your example – it only happened when I change the names. Any ideas?

  10. Just desire to say your article is as astounding. The clearness on your publish is just cool and i could assume you are an expert on this subject. Fine with your permission let me to seize your RSS feed to stay updated with imminent post. Thanks one million and please carry on the enjoyable work.

  11. Great article. Saved me a lot of time trying to get the Address Lists created from shell. And now I have a much better understanding of how ABP’s work.

    • you can use eq for ORG A
      and you can you AND for ORG B

      Hope you getting my point , Follow my article and do lab
      so that you can understand my user

  12. Hi,
    Great step by step guid.
    I have a ABP applied to a certain OU. Is it possible for the policy to automatically be applied to any new users that get added to that OU?
    Or do you have to run the script after any new users are created?

    Thanks
    James

  13. This is a great read. However I ran into the following issue, when UserA accesses any item in the address list via OWA, he gets an error –
    “Access is denied. This may be because the Active Directory object doesn’t exist or the object has become corrupted or because you don’t have the correct permissions.”

    When UserA accesses the address lists via Outlook2010 and tries to view members of a group the members list is blank.

    Any ideas on where the issues exists?

    • When user does not exist in his Gal .

      But he exist in address list only

      Then he gets this . By design

      So to avoid this . Address list users should be listed in Gal

  14. I have added an accepted domain but its not displaying while adding an emailbox from EMC 2010? It lists only the DOMAIN of DC.

    i.e. mailbox@ACCEPTEDDOMAIN is missing 🙁

  15. This has been tried on Exchange 2010 SP3 Single Server.
    Wanted to ask

    Would Exchange 2010 being on a DC affect ABP to work for Outlook clients? IT does work in OWA
    Running Exchange 2010 SP3 UR5 (14.3.181.6)

    I have followed this guide, in OWA it works great, in Outlook 2007 or 2010 however it still sees Default GAL, which is all tenants domains.

    • Shahrad,

      ABP will not work if your exchange is installed on DC. Uninstall Exchange from DC and install in on meember server.

  16. the rooms list code is not working it’s say:
    “Cannot bind parameter ‘RecipientFilter’ to the target.Exception setting ‘RecipientFilter’ sintax unvaileble

    this is the code:
    New-AddressList -Name ORGA-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute1 -eq “ORGA”)-and (RecipientDisplayType -eq “ConferenceRoomMailbox”) -or (RecipientDisplayType -eq “SyncedConferenceRoomMailbox”)}

    • Ruben, try manually typing in the command. I initially tried copy-and-pasting it and kept getting that error. I finally just typed the whole thing directly into EMS, and it worked.

  17. Gret Tutorial.
    what about if i wanto to share the same Mail contacts in my Exchange to different Tenanats.
    Have you an idea how to implement this ?

    • Customattribute 1 = first tenant
      Customattribute 2 = second tenant.

      Common mail contact will have both the attributes filled in.

  18. Hi Satheshwaran,

    I have an issue related to Custom Address Book. I had an old custom Address List Book named “ABCallcontacts”. This was showing as default address list book in outlook instead of GAL. I had verified from tools and found that there is an option selected “Choose Automatically” and it was showing custom Address List Book. Now, As per requirement I have renamed this Address List Book as “XYZallcontacts”. It is updated and also showing in outlook but not as default. It is still showing old one. I have removed outlook account and also created new profile but problem remain same. I have used cached exchange account. I have Exchange 2010 SP2 and outlook version is MS Outlook 2010.

    What I want is that Every Outlook users must show “XYZallcontacts” instead of GAL or old one. I have been trying to resolve since long time.

    I know i can choose custom Address List Book from Outlook itself from tools but i have 1500 + users.

    Any help will be appreciated.

  19. Dear Sir,

    I have a different scenario in my office, We are not using default email address policy eg;
    we are providing email id based on his designation or his department not based on email address policy so how can get auto-update my segregated GAL?

    Best regards
    Ajish

  20. Hi,

    Thanks for the help. Though I’m facing issues segregating GAL for a few mailbox users which have same name on different domains.

    e.g.

    DomainA AD User Logon name=info@DomainA.com SMTP=info@DomainA.com It can only see DomainA address lists

    DomainB AD User Logon name=info@DomainB.com (Pre-Windows User Logon=DomainB\info.abc) SMTP=info@DomainB.com It can see both DomainA and DomainB address lists.

    All others users with different username/email are working fine. Just to add on AD for info@DomainB.com I can’t see entry for msExchAddressBookPolicyLink on Attribute Editor but for info@DomainA.com I can see Address List entry under msExchAddressBookPolicyLink. I tried to add entry manually but it didn’t make any difference.

    Any help please?

    Regards,

    Mobin

  21. It’s really a nice and useful piece of info. I am happy that you just shared
    this helpful info with us. Please stay us informed like this.
    Thanks for sharing.

  22. five hundredextended familyrevolting disgustingBloggingrevolting disgustingextended family repeatedly nuclearr familyrevolting
    disgustinhgonnuclear fwmilytwo mattersextended familytwo
    five hundredextennded familyrevolting disgustingyourrevolting
    disgustingtwofive hundred native nuclear familyviewersextended familytwofive hundred revolting disgustingisnuclear familytwo involved in provides extendsd
    familyyounuclear familytwo a chance twonuclear familyatrevolting disgustingextended family discovering extended
    familyneswrevolting disgustingnuclear family ways
    to succeed in fivge hundrednuclear familythemnuclear familytwofive hundred.

  23. Avoidinng spikes in blood sugar makes it extra doubtless that your bod will burn fat for vitality, in response to an article in Thee Journal of
    Nutrition.

  24. Do you mind if I quote a few of your articles as long as
    I provide credit and sources back to your website? My blog is in the very same niche as yours and my users would genuinely benefit from
    some of the information you present here. Please let me
    know if this okay with you. Thank you!

  25. I got this site from my pal who informed me on the topic of this web page and now this time I am browsing this
    web site and reading very informative articles here.

  26. Hello Mr. Satheshwaran Manoharan

    I have Exchange 2010 in my environment, Top Management says to hide all email addresses from Outlook/OWA.
    Now come to the point is that, Management says, is it possible to allow Address Book for certain users not for all users, we around 2000 users mailbox enabled. So can you please provide a solution for this…? I want to the GAL should be visible for certain users and hidden for others.

    Thanks in Advance

  27. Hi, thanks for your guide very useful!!

    i have only one question, when the client uses outlook, even if i have segregated users from different domains and closed accesses to the adress list that are not pertinent to its domain using adsiedit, i still see all the rooms/address list in the outlook address book, user cannot access them (it gives error “bookmark not valid”) but they are visible.

    Is there a way to hide adress lists and rooms that are not from its domain ? searched endlessy for ages, never found an answer, thanks.

    it works perfectly in OWA, but in Outllook it still loads all rooms/al even if user cannot access them.

    • Try Force Downloading the offline address book. Definitely you are missing something . why creating the list for Rooms and address lists.

  28. Hello,

    wonderful post – thx!

    Is there a way to change the default Adress List selected/shown in the drop-down menu when a user opens the adressbook in outlook.

    Regards
    Manu

LEAVE A REPLY

Please enter your comment!
Please enter your name here

× How can I help you?