How to Implement Address Book Policies in Exchange 2010 SP2 Effectively

Posted on March 29, 2012 | Category :Address book Policies, Exchange 2010 | 59 Comments

First will Explain what is Address Book Policy Before Going into it.


In Layman’s Term Every Department will See their own Global Address list


Commercial GAL segregation wasn’t been Supported in Exchange 2003 and Exchange 2007

It was supported in HMC 4.5 in Exchange 2007, Where you got to buy a license for it separately

In Exchange 2007 only Internal GAL segregation was supported as per the white paper

In spite of more complications

Exchange 2010 Hosting was introduced But No Upgrade will be provided by Microsoft


Now Exchange 2010 SP2 is the one of the Best solution for GAL segregation commercially and internally which is more efficient and easy it implement.



You need to Perform Some Check Lists before going into implementation of Address Book Policies


1. Address book Policies will work only on Exchange 2010 Service Pack 2 sever.

2. Exchange 2010 should not be installed on a GC or DC , Especially Client Access Server

(Address book policies won’t work for Outlook but It will work for OWA alone,)

3.Any Client Device or Client Software access Active Directory directly  for Directory Access then ABP won’t work

Like , Outlook is hard coded to GC &

Entourage 2008

4. Outlook clients should be at least – Outlook 2007, Outlook 2010

Outlook 2003 with Latest Service pack does recognize Address book policies but we might face little complications , its my personal experience

Like , login credentials should be the exact same as the Email Credential


Those are the most important Check lists before you going to implement it


Now will Explain how to Deploy  Address book policies in Different Scenarios as per the TechNet


Before Getting into Address book Policies we should first plan how we are going to Segregate the users

There are Various filters you can use to segregate users ,

Refer Link –

But we have something called Custom Attributes

We have 14 Custom attributes where we can use to Segregate users


Personally , Segregation is much more easier and Easily manageable using Custom attributes

In Simple Words Experts Prefer Custom Attributes


Now will explain how to segregate users in the below scenario

Scenario 1: Two Separate Companies in One Exchange Organization



First we will plan to segregate the Users

For Organization A , I will use Custom attribute1

Custom attribute1 = OrgA

For Organization B ,  I will use Custom attribute2

Custom attribute2 = OrgB


We got to Create a Separate Address book policy for Every Organization.

Organization A people should not see Organization B People in their Global Address list



We got to Create 4 things for the Organizations to Implement Address Book Policies

1. Global Address list

2. Address list

3. Rooms list

4. Offline Address book

Once we create that we can Assign it to the Users , Every User can have only one Address book policy.


1. Creating a Global Address list

Need Exchange Management Shell to create Global Address list ,


Where users with Custom attribute 1 with value ORGA , Only they will show up in the Global Address list


New-GlobalAddresslist “Organization A” –ConditionalCustomAttribute1 “OrgA” –IncludedRecipients “AllRecipients”




2 . Creating a Address list


Where users with Custom attribute 1 with value ORGA , Only they will show up in the Address list




Creating a New Address list for ORGA users




Setting the Domain as Default Domain




Setting the Custom Attribute1 value as ORGA





Now Address List have been Created Successfully.


3. Creating a Rooms list

New-AddressList -Name ORGA-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute1 -eq “ORGA”)-and (RecipientDisplayType -eq “ConferenceRoomMailbox”) -or (RecipientDisplayType -eq “SyncedConferenceRoomMailbox”)}


4. Creating Offline Address book

Have a keen look at it , Am not using GUI , Because I want to have the users see the New GAL which I have created for Organization A

Using GUI , I won’t have an option to add the New GAL created

New-OfflineAddressBook -Name "ORGA-OAB" -AddressLists "Organization A"

Created Offline address book Successfully

Am not going to use PF distribution in the OAB properties in the GUI  cause there is no Outlook 2003 clients.

If you still have it , Go ahead and check that option , Make sure you have a PF database






Now Going to Create an Address book Policy for Organization A users





Created an Address book policy successfully !!


Now will Learn how to Apply Custom attributes for Users and other Active Directory objects


Open Exchange Management Console – Recipient Configuration – Mailbox – Properties of User Mailbox

You can have the Custom Attribute 1 Value Set for One User for Testing Purposes




You can run in Exchange Management Shell

Get-mailbox “User1” | Set-mailbox –customattribute1 “ORGA”


To apply for all the mailboxes

Get-mailbox | Set-mailbox –customattribute1 “ORGA”


To apply for the Users in a Specific Database

Get-mailbox –database “Database Name” | Set-mailbox –customattribute1 “ORGA”

Example –

Allocated OrganizationA users  in ORGA-Database

Applying the Custom Attribute in bulk for ORGA users



To Apply for one Distribution group

Get-DistributionGroup “Group1” | Set-Distributiongroup –customattribute1 “ORGA”


To Apply for one Dynamic Distribution Group

Get-DynamicDistributionGroup “Group1” | Set-Distributiongroup –customattribute1 “ORGA”

Now to View and Understand Better – Click on View – Add/Remove Columns


Choose Custom Attributes which you want to view in Recipient Configuration


Now you can see the Custom Attribute Values to the Assigned Users



Now we can Apply Address book Policy for a Specific User


Exchange Management Console – Recipient Configuration – Mailbox – Properties of User Mailbox – Mailbox Settings – Address Book Policy



To apply in Bulk for all the Users in a Database

Get-mailbox –Database “Database Name” | set-mailbox –addressbookpolicy ORGA-ABP



Now Logging into OWA as Test1-ORGA  am seeing ORGA users alone in the Global Address list



Now Logging into Outlook as Test1-ORGA am seeing ORGA users alone in the Offline Address book




Now Coming in to Email Addresses for the organizations

If you are planning to Give Different Domain Names for this Organizations

Custom attributes will make things Simple for us


First we will Create a Accepted Domain for ORGA –





Clicking on New will get the Accepted Domain Ready

Now will create a Email Address Policy where it will Stamp only for ORGA users





Now stamping Email Address for only ORGA users, CustomAttribute1 – ORGA




Now Choosing the Accepted Domain –





Now you can see that our OrgA users are Stamped with



Great !!

Now ORGA is Ready


Lets make the ORGB ready – Its just the same thing but am going to use CustomAttribute2 as ORGB and going to use Commands as you are familiar now


As We know already we need to Create 4 things for an Organization to Implement Address Book Policies

1. Global Address list

2. Address list

3. Rooms list

4. Offline Address book


1. Global Address list

Creating a Global Address list

Need Exchange Management Shell to create Global Address list ,

Where users with Custom attribute 1 with value ORGA only will show up

New-GlobalAddresslist “Organization B” –ConditionalCustomAttribute2 “OrgB” –IncludedRecipients “AllRecipients”


2. Address list

New-Addresslist ORGB-AL –ConditionalCustomattribute2 ORGB –IncludedRecipients “AllRecipients”


3. Rooms list

New-AddressList -Name ORGB-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute2 -eq “ORGB”)-and (RecipientDisplayType -eq “ConferenceRoomMailbox”) -or (RecipientDisplayType -eq “SyncedConferenceRoomMailbox”)}


4. Offline Address book

New-OfflineAddressBook -Name “ORGB-OAB” -AddressLists “Organization B


Now will Create an Address Book Policy –

New-AddressBookPolicy -Name “ORGB-ABP” -AddressLists “\ORGB-AL -OfflineAddressBook \ORGB-OAB -GlobalAddressList “\Organization B” -RoomList “\ORGB-Rooms”




To apply in Bulk for all the Users in a Database

Get-mailbox –Database “ORGB-Database” | set-mailbox –addressbookpolicy ORGB-ABP



Now Logging into OWA as Test1-ORGB am seeing ORGB users alone in the Global Address list




Now Logging into Outlook as Test1-ORGB am seeing ORGB users alone in the Offline Address book



New-AcceptedDomain –name “” –DomainName “” –DomainType “Authoritative”


Now Creating an Email Address Policy






Great !

Now Both the Organizations are Ready


And They have been Segregated with Different GlobalAddresslist


Will Get Back with More Interesting Scenarios !!

Satheshwaran Manoharan

Exchange MVP , Publisher of
I have been supporting/Deploying/Designing Microsoft Exchange for some years . If you any Questions ?. Please share you thoughts via Comments.

LinkedIn Google+ Skype 

» Tags: ,

Comments 59

  1. Santhosh Reply

    you made it simple. great work!!

  2. 12/03/31

    Thanks Santhosh , More to Come !

  3. priya vardhini Reply

    Great Job!!!!!!! easy to learn !!!!!!!

  4. 12/03/31

    Thanks Priya !

  5. Marcel Reply

    Can you please tell me what i’m doing wrong? In OWA everything fine, but in Outlook 2010 I can see all other adress lists and Default GAL.

  6. 12/04/05

    Is Exchange 2010 installled on a DC or GC ?

    • Paul Reply

      I have exchnage already installed on a DC , do i have to reinstall it? or remove DC or GC

      • 12/04/11

        Hi Paul,

        ABP won’t work , if Exchange is installed on a GC

        Get a new GC and bring down Existing GC to a DC


        Exchange on GC or DC is not supported which might give more issues in the future

        Running DC promo now to remove GC . Will Screw the Exchange Server

        It better to safely uninstall in and Install Exchange which is not a GC or DC

  7. outlook transfer Reply

    I go to see day-to-day some websites and blogs to read articles or reviews,
    except this webpage provides feature based content.

  8. Anthony Ide Reply


    just a question : for ORG A you are using custom attribute 1 and for ORG B custom attribute 2.
    On this blog they are just using custom attribute 1 and give it a value of ORG A or ORG B.
    Is there a different result?

    Best regards

    • 12/08/08

      Both should work the Same ,

      But If you want to get a Common person who should be visible on both the ORG A & B,

      I wil just Fill custom attribute 1 & custom attribute 2

      But if we use the Same attribute for both the ORG . we need to create a New ABP for the common person as well.

      it totally depends on ur environment

      Satheshwaran Manoharan

  9. Tom Reply

    Hi – Thanks For the Posting-
    Question: When I complete step 1 Cmdlet to create GAL – I end up with an entry for that GAL Name (In your case Organization A) When you show Step 2 “Organization A” that was created in step 1 is not in there ?? – I am seeing GAL I created from Cmdlet in step 1 in the address list — can you please clarify


    • 12/10/16

      Step 1
      This will Creat your Dedicated gal for Organization A
      New-GlobalAddresslist “Organization A” –ConditionalCustomAttribute1 “OrgA” –IncludedRecipients “AllRecipients”
      Step 2
      Am Creating an Sample address list for Organization A

      You can share me screen shots to
      I can clear your confusion for sure

  10. Tom Reply

    Excellent !! Have created ABP Based on this step by step —
    Only thing I had to Change was step 3. cmdlet all needed double quotes instead of single

  11. James Reply

    Hi Satheshwaran,
    Can you confirm if the creation of an additional third GAL (counting the default GAL as well) is required? Why not setup a second GAL for the additonal organisation and call it OrgB and use the default GAL for OrgA…or does it absolutely require the addition of a third GAL? what happens to the Default GAL in your scenario where you have one for OrgA and OrgB? Is it hidden? or just left alone? Many Thanks, James

    • 12/11/12

      You can Use the Default GAL, You can use Default GAL for ORGA. But ORGA users will see ORGB
      Default GAL won’t have any restriction – They will see everything. !!

      Default GAL is still alive. If you don’t apply a ABP for a user. he will look at the Default GAL.
      Like admins, I didnt apply abp for admin so that they can see everyone .

      • James Reply

        Thanks Satheshwaran- in this particular scenario I am implementing, the fact that users in the default GAL (OrgA) can see the users in OrgB is needed, what is wanted, is to prevent OrgB users from seeing OrgA users…brilliant, thank you for the clarification

  12. mark Reply

    thank you for posting this, it was incredibly helpful as we are trying to implement a mult-tenant exchange hosting environment. have a question…

    typically our night staff will add all new user AD account as well as exchange accounts. they know very little about exchange other then creating the account. they will not remember to add a custom attribute or assign an address book policy to each user. since we have each customer in a seperate OU, i create 2 powershell scripts. one to apply a customer attribute to each member of the OU every night, and another script to assign it an address book policy(also based on the OU). this allows new users to be created and have both attributes added to thier exchange account automatically.

    1)is there an easier way to do this?

    2)assuming all members of the OU have both the attribute and correct ABP, do you see any issues with the scripts trying to apply these values to users who already have them?


  13. mark Reply


  14. 13/02/11

    Hello :)

    First, thanks for this great Tutorial!

    I did it like you, but all addresses will be show… I think it loads the Default Global Address List and not the organisation-specified GAL… I have install exchange on my DC, because i have only one VPS Server… Can you help me? :/

  15. Sami Reply

    Great tutorial!
    Works perfect.

  16. Keith Reply

    I followed your steps and it worked perfectly. Thank you!

    So I copied your syntax verbatim and just changed the names to suit my needs. Here’s my situation – I have 5 users in ORGA, but only 1 of them is assigned to the ORGA-ABP. That 1 user only sees himself in the list of users in the OrgA GAL. Once I add the other 5 users, then he sees all 5. This did not happen when I recreated your example – it only happened when I change the names. Any ideas?

    • Keith Reply

      I resolved this on my own. I used the Update-GlobalAddressList command on my new listed after everything was created and that seems to resolve this.

      Great article – Thank you!

  17. 13/04/10

    Just desire to say your article is as astounding. The clearness on your publish is just cool and i could assume you are an expert on this subject. Fine with your permission let me to seize your RSS feed to stay updated with imminent post. Thanks one million and please carry on the enjoyable work.

  18. 13/05/09

    Great article. Saved me a lot of time trying to get the Address Lists created from shell. And now I have a much better understanding of how ABP’s work.

  19. 13/06/06

    Great article!
    I saw this article on customattribute and multivalues
    Then you only need to assign 1 attribute for ORGA , ORGB for people that belongs to both?
    Haven’t done any testing yet, I’m new to this

    • 13/06/15

      you can use eq for ORG A
      and you can you AND for ORG B

      Hope you getting my point , Follow my article and do lab
      so that you can understand my user

  20. 13/06/20

    Great step by step guid.
    I have a ABP applied to a certain OU. Is it possible for the policy to automatically be applied to any new users that get added to that OU?
    Or do you have to run the script after any new users are created?


  21. sajid Reply

    can we apply GAL Segregation on Exchange 2013 with AD on 2012 servers ?

  22. 13/09/10

    Thanks Mr.Sathesh ,

  23. Tarique Noorain Reply

    Great !!


  24. Samir Shaikh Reply

    Excellent Job !

  25. Ben Reply

    This is a great read. However I ran into the following issue, when UserA accesses any item in the address list via OWA, he gets an error –
    “Access is denied. This may be because the Active Directory object doesn’t exist or the object has become corrupted or because you don’t have the correct permissions.”

    When UserA accesses the address lists via Outlook2010 and tries to view members of a group the members list is blank.

    Any ideas on where the issues exists?

    • 13/11/22

      When user does not exist in his Gal .

      But he exist in address list only

      Then he gets this . By design

      So to avoid this . Address list users should be listed in Gal

  26. asifrogers Reply

    I have added an accepted domain but its not displaying while adding an emailbox from EMC 2010? It lists only the DOMAIN of DC.

    i.e. mailbox@ACCEPTEDDOMAIN is missing :(

  27. Shahrad Reply

    This has been tried on Exchange 2010 SP3 Single Server.
    Wanted to ask

    Would Exchange 2010 being on a DC affect ABP to work for Outlook clients? IT does work in OWA
    Running Exchange 2010 SP3 UR5 (

    I have followed this guide, in OWA it works great, in Outlook 2007 or 2010 however it still sees Default GAL, which is all tenants domains.

    • Avdhesh Pande Reply


      ABP will not work if your exchange is installed on DC. Uninstall Exchange from DC and install in on meember server.

  28. Avdhesh Reply

    Great blog..followed the same in our environment..

  29. Ruben Lopes Reply

    the rooms list code is not working it’s say:
    “Cannot bind parameter ‘RecipientFilter’ to the target.Exception setting ‘RecipientFilter’ sintax unvaileble

    this is the code:
    New-AddressList -Name ORGA-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute1 -eq “ORGA”)-and (RecipientDisplayType -eq “ConferenceRoomMailbox”) -or (RecipientDisplayType -eq “SyncedConferenceRoomMailbox”)}

    • DM Reply

      Ruben, try manually typing in the command. I initially tried copy-and-pasting it and kept getting that error. I finally just typed the whole thing directly into EMS, and it worked.

  30. Marco Reply

    Gret Tutorial.
    what about if i wanto to share the same Mail contacts in my Exchange to different Tenanats.
    Have you an idea how to implement this ?

    • 15/03/08

      Customattribute 1 = first tenant
      Customattribute 2 = second tenant.

      Common mail contact will have both the attributes filled in.

Leave a Reply

Your email address will not be published.


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current ye@r *

Visit Us On TwitterVisit Us On FacebookVisit Us On Google PlusCheck Our Feed