24.3 C
Dubai
Tuesday, March 19, 2024

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 2

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 3

 

  • ABP features are only available to customers with Office 365 for Enterprise (‘E’ plans) and Education (‘A’ plans)
  • The default for Office 365 for Enterprise customers is to allow 250 GALs, 250 OABs, 250 ABPs and 1000 ALs.

What is Address Book Policy with short history

In Layman’s Term Every Department will See their own Global Address list.Commercial GAL segregation wasn’t Supported in Exchange 2003/2007.It was supported in HMC 4.5 – Exchange 2007/Exchange 2010 /hosted – Both the products were dropped by Microsoft.From Exchange 2010 SP2 Global Address list segregation was supported commercially and internally,It was easy to view and manage through Management Console.For commercial guys it was easy to integrate with control panel as everything can be created and managed using powershell.

You need to Perform Some Check Lists before implementing Address Book Policies in your environment.

1. Address book Policies will work only on Exchange 2010 Service Pack 3 or later severs.

2. Exchange Servers should not be installed on (Global Catalog Servers)GC or (Domain Controllers) DC where it will break the Address book policies while viewing from Outlook Clients.

3.Any Client Device or Client Software which can access Active Directory directly for Directory Access then ABP will fail to work

For Example like hard coding Outlook to Domain controllers, Also old clients Entourage 2008,Outlook for Mac 2011

4. Outlook clients should be at least – Outlook 2007 or later

Let see some different Scenarios,Before Getting into Address book Policies we should first plan how we are going to Segregate the users

There are Various filters you can use to segregate users,Refer Link for Filterable properties– https://technet.microsoft.com/en-us/library/bb738157(v=exchg.150).aspx

But we have something called Custom Attributes,We have up to 15 Custom attributes where we can use to Segregate users

Personally , Segregation is much more easier and Easily manageable using Custom attributes ,In Simple Words Experts Prefer Custom Attributes, Still some companies are already segregated using Company, Department,City. Go through whole article so that you can decide which will be suitable for you. you should decide wisely here. Cause it should be flexible for you while you expand then environment.

Scenario 1: Two Separate Entities in One Exchange Organization

or Two Separate Departments in One Exchange Organization.

Motive of the Scenario Organization A users should not be export to Organization B users.

image

First we will plan to segregate the Users

For Organization A , I will use Custom attribute1

Custom attribute1 = OrgA

For Organization B ,  I will use Custom attribute2

Custom attribute2 = OrgB

We got to Create a Separate Address book policy for Every Organization.Where each organization will be assigned with their own Address book policy.

Before creating a Address Book Policy

We need to do four tasks for each Organizations to segregate them using Address Book Policies

1. Global Address list

2. Address list

3. Rooms list

4. Offline Address book

Once we create Address book policies and assign to users, Note that each User can have only one Address book policy.

Note : Address Book Policy Routing agent : GAL1 user can view the information residing in contact cards of the GAL2 user. To avoid that

you can configure the ABP Routing Agent, If that level of separation is not required . you can safely skip these process.

When the ABP Routing agent is installed and configured, users that are assigned to different GALs appear as external recipients and they can’t view external recipients’ contact cards.

Use below link if your going to enable it. Otherwise please continue.

https://www.azure365pro.com/install-and-configure-the-address-book-policy-routing-agent-in-office365exchange-20132016/

1. Creating a Global Address list

Need Exchange Management Shell to create Global Address list,

Where users with Custom attribute 1 with value ORGA will be showing up in their Address list,

New-GlobalAddressList -Name "ORGA-GAL" -RecipientFilter {(CustomAttribute1 -eq "ORGA")}

image

2 . Creating a Address list

Where users with Custom attribute 1 with value ORGA will be showing up in their Address list

New-AddressList -Name "ORGA-AL" -RecipientFilter {((RecipientType -eq 'UserMailbox') -or (RecipientType -eq "MailUniversalDistributionGroup") -or (RecipientType -eq "DynamicDistributionGroup")) -and (CustomAttribute1 -eq "ORGA")}

image

3. Creating a Rooms list

Where users with Custom attribute 1 with value ORGA will be showing up in their Rooms list

New-AddressList -Name ORGA-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute1 -eq "ORGA")-and (RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')}

image

4. Creating Offline Address book

Assign the Global Address list created for OrganizationA for the Org A offline address book

New-OfflineAddressBook -Name "ORGA-OAB" -AddressLists "ORGA-GAL"

image

Created Offline address book Successfully

Lets create an Address book Policy to Get them linked under one umbrella.

Now Going to Create an Address book Policy for Organization A users

New-AddressBookPolicy -Name "OrgA-ABP" -AddressLists "\ORGA-AL" -OfflineAddressBook "\ORGA-OAB" -GlobalAddressList "\ORGA-GAL" -RoomList "\ORGA-Rooms"

image

Created an Address book policy successfully !!

Now we will Learn how to Apply Custom attributes for Users and other Active Directory objects

Open Exchange Administration Center (EAC) – Recipients – Properties of User Mailbox – Click on more options.

You can have the Custom Attribute 1 Value Set for One User for Testing Purposes

image

Or

To Apply for One user using Exchange Management Shell :

You can run in Exchange Management Shell

Get-mailbox "User1" | Set-mailbox –customattribute1 "ORGA"

To apply for all the mailboxes :

Get-mailbox | Set-mailbox –customattribute1 "ORGA"

To apply for the Users in a Specific Database :

Get-mailbox –database "Database Name" | Set-mailbox –customattribute1 "ORGA"

To Apply for one Distribution group :

Get-DistributionGroup "Group1" | Set-Distributiongroup –customattribute1 "ORGA"

To Apply for one Dynamic Distribution Group :

Get-DynamicDistributionGroup "Group1" | Set-Distributiongroup –customattribute1 "ORGA"

Now to View and Understand Better – Click on More options (***) – Add/Remove Columns

image

Choose Custom Attributes 1 and 2 which you want to view in Recipient Configuration

image

Now you can see the values assigned on the Users

image

Now we can Apply Address book Policy for a Specific User

Exchange Admin Center (EAC) – Recipients – Mailboxes – Properties of User Mailbox – Mailbox features – Address Book Policy

image

Now Logging into OWA as User1-ORGA  am seeing ORGA users alone in the Global Address list

image

You can log into Outlook as user1-ORGA and test the same.

Now Coming into the topic of assigning Email Addresses for the virtual organizations mailboxes,If you are planning to Give Different Domain Names for this Organizations

Custom attributes will make things Simple for us, as we can use the same filter for applying the email address polices as well.

First we will Create a Accepted Domain for ORGA –

EAC – Mail flow – Accepted Domains

image

Enter Name and Accepted domain and Click on Save.

image

Now will create a Email Address Policy where it will Stamp only for ORGA users

image \

Enter policy Name and Click on “+” below Email Address format.

image

Choose the Accepted domain we just created. Click save.

image

Click on add rule and specify the custom attribute value1 ORGA. You can preview before saving as well.

image

image

Now you can see that  OrgA users are Stamped with ORGA.com

image

Great !!

Now ORGA is Ready

Lets make the ORGB ready – Its just the same thing but am going to use CustomAttribute2 as ORGB and going to use Commands as you are familiar now

As We know already we need to Create 4 things for an Organization to Implement Address Book Policies

1. Global Address list

2. Address list

3. Rooms list

4. Offline Address book

1. Creating a Global Address list

Need Exchange Management Shell to create Global Address list,

Where users with Custom attribute 2 with value ORGB will be showing up in their Address list,

New-GlobalAddressList -Name "ORGB-GAL" -RecipientFilter {(CustomAttribute2 -eq "ORGB")}

2 . Creating a Address list

Where users with Custom attribute 1 with value ORGA will be showing up in their Address list

New-AddressList -Name "ORGB-AL" -RecipientFilter {((RecipientType -eq 'UserMailbox') -or (RecipientType -eq "MailUniversalDistributionGroup") -or (RecipientType -eq "DynamicDistributionGroup")) -and (CustomAttribute2 -eq "ORGB")}

3. Creating a Rooms list

Where users with Custom attribute 1 with value ORGA will be showing up in their Rooms list

New-AddressList -Name ORGB-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute2 -eq "ORGB")-and (RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')}

4. Creating Offline Address book

Assign the Global Address list created for OrganizationB for the Org B offline address book

New-OfflineAddressBook -Name "ORGB-OAB" -AddressLists "ORGB-GAL"

Lets create an Address book Policy to Get them linked under one umbrella.

Now Going to Create an Address book Policy for Organization A users

New-AddressBookPolicy -Name "OrgB-ABP" -AddressLists "\ORGB-AL" -OfflineAddressBook "\ORGB-OAB" -GlobalAddressList "\ORGB-GAL" -RoomList "\ORGB-Rooms"

image

To apply in Bulk for all the Users in a Database –

Get-mailbox –Database "ORGB-Database" | set-mailbox –addressbookpolicy ORGB-ABP

Now Logging into OWA as User3-ORGB we can see only ORGB users alone in the Global Address list

image

You can log into Outlook as Test1-ORGB and test the same for Offline address book.

New-AcceptedDomain –name "ORGB.com" –DomainName "ORGB.com" –DomainType "Authoritative"

image

Now Creating an Email Address Policy for ORGB as similar we did for ORGB

image

And apply the email address policy.

Now Both the Organizations are Ready to use. And They have been Segregated with Different GlobalAddresslists

Will Get Back with More Scenarios !!

—-

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 2

How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 3

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles

20 COMMENTS

  1. Hello,
    Thanks a lot for this great article!
    I followed all the steps but I still face one issue.

    I want to give our students an account with a subdomain.
    Teachers have an e-mail address with the root domain and students the subdomain.
    I followed all your steps but the test student can see both the LLNACC-AL (which I added using your guide) and he can see all users. (Also the teachers account).
    On the screenshot you provided there’s no ‘all users’ under Directory.
    When I login with the test student account I get the following under Directory:
    All rooms
    All users
    All distribution lists
    All contacts
    All groups
    LLNKSDH-AL
    LLNKSDH-Rooms
    Offline Global address list
    Public folders

    What am I doing wrong?
    Thanks a lot!

  2. Hi ,

    Nice article.
    I am not sure, whether I understood what you tried to deliver fully.

    However what if we want to hide ORGA user in ORGB address list and vise versa.

    Do we need to use Set-Mailbox -HiddenFromAddressListsEnabled $true attribute on each user’s mail box.

    Please advise. Thank you in advance.

    • No- This is for different purpose. Set-Mailbox -HiddenFromAddressListsEnabled $true

      Unless you going to do a lab. you are not going to get a proper understanding. Try a small lab.

  3. Please, I need your support.
    I’ve apply all procedure. It’s done perfectly with the OWA but my Global list in outlook 2010 is empty. Can’t update or see the offline adress book list/Global list.

  4. Hi,

    If I follow your guide here to separate address lists from one another, does that also include the calendar? If I have 2 users in OrgA and they want to see each other’s calendar agenda, is that possible? Of course they are not supposed to the calendars of people in OrgB.

    Please advice.

    Thanks

  5. Hi,

    Although I agree that using attributes is a much more reliable way of putting together address lists when using multiple ABPs. There is unfortunately no way that I can think of to assign Azure AD created groups (Distribution, Dynamic of Univseral) to different ALs as they do not a customattribute field to select them by and combine them in a GAL with synced groups and users from on prem.

    Do you have any experience or suggestions regarding selecting Azure AD created groups?

  6. Hi Satheshwarean,

    Thank you for very nice document.
    I have a question,

    we want to setup a Hybrid connection between our On-prem exchange 2010 and Office365. we did sync some of user to office 365.
    I did follow your steps and create the ORGA and now when go to the users properties – mailbox features there I can see the OrgA-EAP.
    but follow the same steps for ORGB, when go to the mailbox features there I can see only the OrgA-EAP and cannot see the OrgB-EAP.

    Any idea?

    Thanks

  7. After following part 1 of this tutorial I have successfully segmented the GAL for my two domains. However, I now no longer see distribution lists in the GAL on office365.com or in the outlook client. Did I miss something?

  8. Hi Satheshwaran,

    Thank you for the article.

    Our requirement is to make ORGB contacts to be seen by ORGA and default GAL but to be hidden from external users. Is that possible?

    • ORGA – GAL1 – Default GAL
      ORGB – GAL1 – Default GAL
      OrgC – GAL2 0 Empty GAL for External Contacts. They will not see anything in their GAL.

  9. Hi, thanks for the solution. It works great. But, there is one issue. I want to apply filter to restrict users from Org A to search Org B users. Now Org A has their own address book, Org b their own. But when Org A user is searching for someone in the address book people from Org B also appears in search result.

    Thanks in advance

  10. Do you know how I can hide the new GAL from the users?
    When I follow your steps, I got both the new address list and the new GAL showing up in OWA in O365. E.g. both ORGA-AL and ORGA-GAL. This causes some confusions.
    It seems like you don’t have this problem on your screenshots.

  11. hi could any of you help me write a rule in the exchange admin center to search in the address book of names as below

    i mean searching for addresses in the “To” and “Cc” windows when writing a message.

    Examples

    – I need to write an e-mail to jan.kowalski@company-name-jablko.com, and I MUST enter “jan” or “kowalski:” for his e-mail to pop up, I cannot, for example, enter “company-apple” as I remember them in my head

    – I need to write to Janina Kowalska j.kowalska@nazwafirmy.com – here, in turn, when she enters “Janina”, she searches for me, but when I enter “kowalska” or “company name”, she no longer searches it

    Thank you

LEAVE A REPLY

Please enter your comment!
Please enter your name here

× How can I help you?