How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 2
How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 3
- ABP features are only available to customers with Office 365 for Enterprise (‘E’ plans) and Education (‘A’ plans)
- The default for Office 365 for Enterprise customers is to allow 250 GALs, 250 OABs, 250 ABPs and 1000 ALs.
What is Address Book Policy with short history
In Layman’s Term Every Department will See their own Global Address list.Commercial GAL segregation wasn’t Supported in Exchange 2003/2007.It was supported in HMC 4.5 – Exchange 2007/Exchange 2010 /hosted – Both the products were dropped by Microsoft.From Exchange 2010 SP2 Global Address list segregation was supported commercially and internally,It was easy to view and manage through Management Console.For commercial guys it was easy to integrate with control panel as everything can be created and managed using powershell.
You need to Perform Some Check Lists before implementing Address Book Policies in your environment.
1. Address book Policies will work only on Exchange 2010 Service Pack 3 or later severs.
2. Exchange Servers should not be installed on (Global Catalog Servers)GC or (Domain Controllers) DC where it will break the Address book policies while viewing from Outlook Clients.
3.Any Client Device or Client Software which can access Active Directory directly for Directory Access then ABP will fail to work
For Example like hard coding Outlook to Domain controllers, Also old clients Entourage 2008,Outlook for Mac 2011
4. Outlook clients should be at least – Outlook 2007 or later
Let see some different Scenarios,Before Getting into Address book Policies we should first plan how we are going to Segregate the users
There are Various filters you can use to segregate users,Refer Link for Filterable properties– https://technet.microsoft.com/en-us/library/bb738157(v=exchg.150).aspx
But we have something called Custom Attributes,We have up to 15 Custom attributes where we can use to Segregate users
Personally , Segregation is much more easier and Easily manageable using Custom attributes ,In Simple Words Experts Prefer Custom Attributes, Still some companies are already segregated using Company, Department,City. Go through whole article so that you can decide which will be suitable for you. you should decide wisely here. Cause it should be flexible for you while you expand then environment.
Scenario 1: Two Separate Entities in One Exchange Organization
or Two Separate Departments in One Exchange Organization.
Motive of the Scenario Organization A users should not be export to Organization B users.
First we will plan to segregate the Users
For Organization A , I will use Custom attribute1
Custom attribute1 = OrgA
For Organization B , I will use Custom attribute2
Custom attribute2 = OrgB
We got to Create a Separate Address book policy for Every Organization.Where each organization will be assigned with their own Address book policy.
Before creating a Address Book Policy
We need to do four tasks for each Organizations to segregate them using Address Book Policies
1. Global Address list
2. Address list
3. Rooms list
4. Offline Address book
Once we create Address book policies and assign to users, Note that each User can have only one Address book policy.
Note : Address Book Policy Routing agent : GAL1 user can view the information residing in contact cards of the GAL2 user. To avoid that
you can configure the ABP Routing Agent, If that level of separation is not required . you can safely skip these process.
When the ABP Routing agent is installed and configured, users that are assigned to different GALs appear as external recipients and they can’t view external recipients’ contact cards.
Use below link if your going to enable it. Otherwise please continue.
1. Creating a Global Address list
Need Exchange Management Shell to create Global Address list,
Where users with Custom attribute 1 with value ORGA will be showing up in their Address list,
New-GlobalAddressList -Name "ORGA-GAL" -RecipientFilter {(CustomAttribute1 -eq "ORGA")}
2 . Creating a Address list
Where users with Custom attribute 1 with value ORGA will be showing up in their Address list
New-AddressList -Name "ORGA-AL" -RecipientFilter {((RecipientType -eq 'UserMailbox') -or (RecipientType -eq "MailUniversalDistributionGroup") -or (RecipientType -eq "DynamicDistributionGroup")) -and (CustomAttribute1 -eq "ORGA")}
3. Creating a Rooms list
Where users with Custom attribute 1 with value ORGA will be showing up in their Rooms list
New-AddressList -Name ORGA-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute1 -eq "ORGA")-and (RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')}
4. Creating Offline Address book
Assign the Global Address list created for OrganizationA for the Org A offline address book
New-OfflineAddressBook -Name "ORGA-OAB" -AddressLists "ORGA-GAL"
Created Offline address book Successfully
Lets create an Address book Policy to Get them linked under one umbrella.
Now Going to Create an Address book Policy for Organization A users
New-AddressBookPolicy -Name "OrgA-ABP" -AddressLists "\ORGA-AL" -OfflineAddressBook "\ORGA-OAB" -GlobalAddressList "\ORGA-GAL" -RoomList "\ORGA-Rooms"
Created an Address book policy successfully !!
Now we will Learn how to Apply Custom attributes for Users and other Active Directory objects
Open Exchange Administration Center (EAC) – Recipients – Properties of User Mailbox – Click on more options.
You can have the Custom Attribute 1 Value Set for One User for Testing Purposes
Or
To Apply for One user using Exchange Management Shell :
You can run in Exchange Management Shell
Get-mailbox "User1" | Set-mailbox –customattribute1 "ORGA"
To apply for all the mailboxes :
Get-mailbox | Set-mailbox –customattribute1 "ORGA"
To apply for the Users in a Specific Database :
Get-mailbox –database "Database Name" | Set-mailbox –customattribute1 "ORGA"
To Apply for one Distribution group :
Get-DistributionGroup "Group1" | Set-Distributiongroup –customattribute1 "ORGA"
To Apply for one Dynamic Distribution Group :
Get-DynamicDistributionGroup "Group1" | Set-Distributiongroup –customattribute1 "ORGA"
Now to View and Understand Better – Click on More options (***) – Add/Remove Columns
Choose Custom Attributes 1 and 2 which you want to view in Recipient Configuration
Now you can see the values assigned on the Users
Now we can Apply Address book Policy for a Specific User
Exchange Admin Center (EAC) – Recipients – Mailboxes – Properties of User Mailbox – Mailbox features – Address Book Policy
Now Logging into OWA as User1-ORGA am seeing ORGA users alone in the Global Address list
You can log into Outlook as user1-ORGA and test the same.
Now Coming into the topic of assigning Email Addresses for the virtual organizations mailboxes,If you are planning to Give Different Domain Names for this Organizations
Custom attributes will make things Simple for us, as we can use the same filter for applying the email address polices as well.
First we will Create a Accepted Domain for ORGA –
EAC – Mail flow – Accepted Domains
Enter Name and Accepted domain and Click on Save.
Now will create a Email Address Policy where it will Stamp only for ORGA users
\
Enter policy Name and Click on “+” below Email Address format.
Choose the Accepted domain we just created. Click save.
Click on add rule and specify the custom attribute value1 ORGA. You can preview before saving as well.
Now you can see that OrgA users are Stamped with ORGA.com
Great !!
Now ORGA is Ready
Lets make the ORGB ready – Its just the same thing but am going to use CustomAttribute2 as ORGB and going to use Commands as you are familiar now
As We know already we need to Create 4 things for an Organization to Implement Address Book Policies
1. Global Address list
2. Address list
3. Rooms list
4. Offline Address book
1. Creating a Global Address list
Need Exchange Management Shell to create Global Address list,
Where users with Custom attribute 2 with value ORGB will be showing up in their Address list,
New-GlobalAddressList -Name "ORGB-GAL" -RecipientFilter {(CustomAttribute2 -eq "ORGB")}
2 . Creating a Address list
Where users with Custom attribute 1 with value ORGA will be showing up in their Address list
New-AddressList -Name "ORGB-AL" -RecipientFilter {((RecipientType -eq 'UserMailbox') -or (RecipientType -eq "MailUniversalDistributionGroup") -or (RecipientType -eq "DynamicDistributionGroup")) -and (CustomAttribute2 -eq "ORGB")}
3. Creating a Rooms list
Where users with Custom attribute 1 with value ORGA will be showing up in their Rooms list
New-AddressList -Name ORGB-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute2 -eq "ORGB")-and (RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')}
4. Creating Offline Address book
Assign the Global Address list created for OrganizationB for the Org B offline address book
New-OfflineAddressBook -Name "ORGB-OAB" -AddressLists "ORGB-GAL"
Lets create an Address book Policy to Get them linked under one umbrella.
Now Going to Create an Address book Policy for Organization A users
New-AddressBookPolicy -Name "OrgB-ABP" -AddressLists "\ORGB-AL" -OfflineAddressBook "\ORGB-OAB" -GlobalAddressList "\ORGB-GAL" -RoomList "\ORGB-Rooms"
To apply in Bulk for all the Users in a Database –
Get-mailbox –Database "ORGB-Database" | set-mailbox –addressbookpolicy ORGB-ABP
Now Logging into OWA as User3-ORGB we can see only ORGB users alone in the Global Address list
You can log into Outlook as Test1-ORGB and test the same for Offline address book.
New-AcceptedDomain –name "ORGB.com" –DomainName "ORGB.com" –DomainType "Authoritative"
Now Creating an Email Address Policy for ORGB as similar we did for ORGB
And apply the email address policy.
Now Both the Organizations are Ready to use. And They have been Segregated with Different GlobalAddresslists
Will Get Back with More Scenarios !!
—-
How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 2
How to Implement Address Book Policies in Office 365/Exchange 2013/2016 Effectively – Part 3
 and Education (‘A’ plans)){kind=link}
Hello,
Thanks a lot for this great article!
I followed all the steps but I still face one issue.
I want to give our students an account with a subdomain.
Teachers have an e-mail address with the root domain and students the subdomain.
I followed all your steps but the test student can see both the LLNACC-AL (which I added using your guide) and he can see all users. (Also the teachers account).
On the screenshot you provided there’s no ‘all users’ under Directory.
When I login with the test student account I get the following under Directory:
All rooms
All users
All distribution lists
All contacts
All groups
LLNKSDH-AL
LLNKSDH-Rooms
Offline Global address list
Public folders
What am I doing wrong?
Thanks a lot!
Hi ,
Nice article.
I am not sure, whether I understood what you tried to deliver fully.
However what if we want to hide ORGA user in ORGB address list and vise versa.
Do we need to use Set-Mailbox -HiddenFromAddressListsEnabled $true attribute on each user’s mail box.
Please advise. Thank you in advance.
No- This is for different purpose. Set-Mailbox -HiddenFromAddressListsEnabled $true
Unless you going to do a lab. you are not going to get a proper understanding. Try a small lab.
Please, I need your support.
I’ve apply all procedure. It’s done perfectly with the OWA but my Global list in outlook 2010 is empty. Can’t update or see the offline adress book list/Global list.
Hi,
If I follow your guide here to separate address lists from one another, does that also include the calendar? If I have 2 users in OrgA and they want to see each other’s calendar agenda, is that possible? Of course they are not supposed to the calendars of people in OrgB.
Please advice.
Thanks
Hi,
Although I agree that using attributes is a much more reliable way of putting together address lists when using multiple ABPs. There is unfortunately no way that I can think of to assign Azure AD created groups (Distribution, Dynamic of Univseral) to different ALs as they do not a customattribute field to select them by and combine them in a GAL with synced groups and users from on prem.
Do you have any experience or suggestions regarding selecting Azure AD created groups?
Good thought. I will think about those scenarios.
Hi Satheshwarean,
Thank you for very nice document.
I have a question,
we want to setup a Hybrid connection between our On-prem exchange 2010 and Office365. we did sync some of user to office 365.
I did follow your steps and create the ORGA and now when go to the users properties – mailbox features there I can see the OrgA-EAP.
but follow the same steps for ORGB, when go to the mailbox features there I can see only the OrgA-EAP and cannot see the OrgB-EAP.
Any idea?
Thanks
Sorry I meant OrgB-ABP
After following part 1 of this tutorial I have successfully segmented the GAL for my two domains. However, I now no longer see distribution lists in the GAL on office365.com or in the outlook client. Did I miss something?
Go through your filters again.
Hi Satheshwaran,
Thank you for the article.
Our requirement is to make ORGB contacts to be seen by ORGA and default GAL but to be hidden from external users. Is that possible?
ORGA – GAL1 – Default GAL
ORGB – GAL1 – Default GAL
OrgC – GAL2 0 Empty GAL for External Contacts. They will not see anything in their GAL.
Top 10 Best Hookup Sites for Casual Sex in 2019 (5563 single women who want sex in your location): http://softknowpilpo.tk/yppo?&etied=zUIAY
Top 5 IE Casual Dating Sites 2019 (8757 single girls who want sex in your location): http://theodiryssoft.tk/13fi?&ynwyp=rCaLKXoPQmBFh
Dating-Sites fur Sex: http://v.ht/icdO2?&hgjwb=Az4LFGj6GHu
Hi, thanks for the solution. It works great. But, there is one issue. I want to apply filter to restrict users from Org A to search Org B users. Now Org A has their own address book, Org b their own. But when Org A user is searching for someone in the address book people from Org B also appears in search result.
Thanks in advance
Do you know how I can hide the new GAL from the users?
When I follow your steps, I got both the new address list and the new GAL showing up in OWA in O365. E.g. both ORGA-AL and ORGA-GAL. This causes some confusions.
It seems like you don’t have this problem on your screenshots.
you need to run some automated scripts to set an address book policy for new users. otherwise, they will end up seeing a default global address list.
hi could any of you help me write a rule in the exchange admin center to search in the address book of names as below
i mean searching for addresses in the “To” and “Cc” windows when writing a message.
Examples
– I need to write an e-mail to jan.kowalski@company-name-jablko.com, and I MUST enter “jan” or “kowalski:” for his e-mail to pop up, I cannot, for example, enter “company-apple” as I remember them in my head
– I need to write to Janina Kowalska j.kowalska@nazwafirmy.com – here, in turn, when she enters “Janina”, she searches for me, but when I enter “kowalska” or “company name”, she no longer searches it
Thank you