CareExchange.in _ Satheshwaran Manoharan's Blog
How to Implement Address Book Policies in Exchange 2010 SP2 Effectively
First will Explain what is Address Book Policy Before Going into it.
In Layman’s Term Every Department will See their own Global Address list
Commercial GAL segregation wasn’t been Supported in Exchange 2003 and Exchange 2007
It was supported in HMC 4.5 in Exchange 2007, Where you got to buy a license for it separately
In Exchange 2007 only Internal GAL segregation was supported as per the white paper
http://technet.microsoft.com/en-us/library/bb936719(v=exchg.80).aspx
In spite of more complications
Exchange 2010 Hosting was introduced But No Upgrade will be provided by Microsoft
http://blogs.technet.com/b/exchange/archive/2011/10/13/future-of-hosting-mode.aspx
Now Exchange 2010 SP2 is the one of the Best solution for GAL segregation commercially and internally which is more efficient and easy it implement.
You need to Perform Some Check Lists before going into implementation of Address Book Policies
1. Address book Policies will work only on Exchange 2010 Service Pack 2 sever.
2. Exchange 2010 should not be installed on a GC or DC , Especially Client Access Server
(Address book policies won’t work for Outlook but It will work for OWA alone,)
3.Any Client Device or Client Software access Active Directory directly for Directory Access then ABP won’t work
Like , Outlook is hard coded to GC &
Entourage 2008
4. Outlook clients should be at least – Outlook 2007, Outlook 2010
Outlook 2003 with Latest Service pack does recognize Address book policies but we might face little complications , its my personal experience
Like , login credentials should be the exact same as the Email Credential
Those are the most important Check lists before you going to implement it
Now will Explain how to Deploy Address book policies in Different Scenarios as per the TechNet
Before Getting into Address book Policies we should first plan how we are going to Segregate the users
There are Various filters you can use to segregate users ,
Refer Link -
http://technet.microsoft.com/en-us/library/bb738157%28EXCHG.80%29.aspx
But we have something called Custom Attributes
We have 14 Custom attributes where we can use to Segregate users
Personally , Segregation is much more easier and Easily manageable using Custom attributes
In Simple Words Experts Prefer Custom Attributes
Now will explain how to segregate users in the below scenario
Scenario 1: Two Separate Companies in One Exchange Organization
First we will plan to segregate the Users
For Organization A , I will use Custom attribute1
Custom attribute1 = OrgA
For Organization B , I will use Custom attribute2
Custom attribute2 = OrgB
We got to Create a Separate Address book policy for Every Organization.
Organization A people should not see Organization B People in their Global Address list
We got to Create 4 things for the Organizations to Implement Address Book Policies
1. Global Address list
2. Address list
3. Rooms list
4. Offline Address book
Once we create that we can Assign it to the Users , Every User can have only one Address book policy.
1. Creating a Global Address list
Need Exchange Management Shell to create Global Address list ,
Where users with Custom attribute 1 with value ORGA , Only they will show up in the Global Address list
New-GlobalAddresslist “Organization A” –ConditionalCustomAttribute1 “OrgA” –IncludedRecipients “AllRecipients”
2 . Creating a Address list
Where users with Custom attribute 1 with value ORGA , Only they will show up in the Address list
Creating a New Address list for ORGA users
Setting the Domain as Default Domain
Setting the Custom Attribute1 value as ORGA
Now Address List have been Created Successfully.
3. Creating a Rooms list
New-AddressList -Name ORGA-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute1 -eq "ORGA")-and (RecipientDisplayType -eq "ConferenceRoomMailbox") -or (RecipientDisplayType -eq "SyncedConferenceRoomMailbox")}
4. Creating Offline Address book
Have a keen look at it , Am not using GUI , Because I want to have the users see the New GAL which I have created for Organization A
Using GUI , I won’t have an option to add the New GAL created
New-OfflineAddressBook -Name "ORGA-OAB" -AddressLists "Organization A"
Created Offline address book Successfully
Am not going to use PF distribution in the OAB properties in the GUI cause there is no Outlook 2003 clients.
If you still have it , Go ahead and check that option , Make sure you have a PF database
Now Going to Create an Address book Policy for Organization A users
Created an Address book policy successfully !!
Now will Learn how to Apply Custom attributes for Users and other Active Directory objects
Open Exchange Management Console – Recipient Configuration – Mailbox – Properties of User Mailbox
You can have the Custom Attribute 1 Value Set for One User for Testing Purposes
Or
You can run in Exchange Management Shell
Get-mailbox “User1” | Set-mailbox –customattribute1 “ORGA”
To apply for all the mailboxes
Get-mailbox | Set-mailbox –customattribute1 “ORGA”
To apply for the Users in a Specific Database
Get-mailbox –database “Database Name” | Set-mailbox –customattribute1 “ORGA”
Example -
Allocated OrganizationA users in ORGA-Database
Applying the Custom Attribute in bulk for ORGA users
To Apply for one Distribution group
Get-DistributionGroup “Group1” | Set-Distributiongroup –customattribute1 “ORGA”
To Apply for one Dynamic Distribution Group
Get-DynamicDistributionGroup “Group1” | Set-Distributiongroup –customattribute1 “ORGA”
Now to View and Understand Better – Click on View – Add/Remove Columns
Choose Custom Attributes which you want to view in Recipient Configuration
Now you can see the Custom Attribute Values to the Assigned Users
Now we can Apply Address book Policy for a Specific User
Exchange Management Console – Recipient Configuration – Mailbox – Properties of User Mailbox – Mailbox Settings – Address Book Policy
To apply in Bulk for all the Users in a Database
Get-mailbox –Database “Database Name” | set-mailbox –addressbookpolicy ORGA-ABP
Now Logging into OWA as Test1-ORGA am seeing ORGA users alone in the Global Address list
Now Logging into Outlook as Test1-ORGA am seeing ORGA users alone in the Offline Address book
Now Coming in to Email Addresses for the organizations
If you are planning to Give Different Domain Names for this Organizations
Custom attributes will make things Simple for us
First we will Create a Accepted Domain for ORGA -
Clicking on New will get the Accepted Domain Ready
Now will create a Email Address Policy where it will Stamp only for ORGA users
Now stamping Email Address for only ORGA users, CustomAttribute1 – ORGA
Now Choosing the Accepted Domain -
Now you can see that our OrgA users are Stamped with ORGA.com
Great !!
Now ORGA is Ready
Lets make the ORGB ready – Its just the same thing but am going to use CustomAttribute2 as ORGB and going to use Commands as you are familiar now
As We know already we need to Create 4 things for an Organization to Implement Address Book Policies
1. Global Address list
2. Address list
3. Rooms list
4. Offline Address book
1. Global Address list
Creating a Global Address list
Need Exchange Management Shell to create Global Address list ,
Where users with Custom attribute 1 with value ORGA only will show up
New-GlobalAddresslist “Organization B” –ConditionalCustomAttribute2 “OrgB” –IncludedRecipients “AllRecipients”
2. Address list
New-Addresslist ORGB-AL –ConditionalCustomattribute2 ORGB –IncludedRecipients “AllRecipients”
3. Rooms list
New-AddressList -Name ORGB-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute2 -eq "ORGB")-and (RecipientDisplayType -eq ‘ConferenceRoomMailbox’) -or (RecipientDisplayType -eq ‘SyncedConferenceRoomMailbox’)}
4. Offline Address book
New-OfflineAddressBook -Name "ORGB-OAB" -AddressLists "Organization B
Now will Create an Address Book Policy -
New-AddressBookPolicy -Name "ORGB-ABP" -AddressLists "\ORGB-AL -OfflineAddressBook \ORGB-OAB -GlobalAddressList "\Organization B" -RoomList "\ORGB-Rooms"
To apply in Bulk for all the Users in a Database
Get-mailbox –Database “ORGB-Database” | set-mailbox –addressbookpolicy ORGB-ABP
Now Logging into OWA as Test1-ORGB am seeing ORGB users alone in the Global Address list
Now Logging into Outlook as Test1-ORGB am seeing ORGB users alone in the Offline Address book
New-AcceptedDomain –name “ORGB.com” –DomainName “ORGB.com” –DomainType “Authoritative”
Now Creating an Email Address Policy
Great !
Now Both the Organizations are Ready
And They have been Segregated with Different GlobalAddresslist
Will Get Back with More Interesting Scenarios !!
Publisher of CareExchange.in
I have been supporting Microsoft Exchange for some years . Thanks for your visit . Please share you thoughts via Comments
For Feedback or Improvements : Admin@careexchange.in
Thank you
you made it simple. great work!!
Thanks Santhosh , More to Come !
Great Job!!!!!!! easy to learn !!!!!!!
Thanks Priya !
Can you please tell me what i’m doing wrong? In OWA everything fine, but in Outlook 2010 I can see all other adress lists and Default GAL.
Is Exchange 2010 installled on a DC or GC ?
I have exchnage already installed on a DC , do i have to reinstall it? or remove DC or GC
Hi Paul,
ABP won’t work , if Exchange is installed on a GC
Get a new GC and bring down Existing GC to a DC
or
Exchange on GC or DC is not supported which might give more issues in the future
Running DC promo now to remove GC . Will Screw the Exchange Server
It better to safely uninstall in and Install Exchange which is not a GC or DC
I go to see day-to-day some websites and blogs to read articles or reviews,
except this webpage provides feature based content.
Hello,
just a question : for ORG A you are using custom attribute 1 and for ORG B custom attribute 2.
On this blog http://c-nergy.be/blog/?p=2113 they are just using custom attribute 1 and give it a value of ORG A or ORG B.
Is there a different result?
Best regards
Anthony
Both should work the Same ,
–
But If you want to get a Common person who should be visible on both the ORG A & B,
-
I wil just Fill custom attribute 1 & custom attribute 2
-
But if we use the Same attribute for both the ORG . we need to create a New ABP for the common person as well.
-
it totally depends on ur environment
Regards
Satheshwaran Manoharan
Hi – Thanks For the Posting-
Question: When I complete step 1 Cmdlet to create GAL – I end up with an entry for that GAL Name (In your case Organization A) When you show Step 2 “Organization A” that was created in step 1 is not in there ?? – I am seeing GAL I created from Cmdlet in step 1 in the address list — can you please clarify
Thanks.
Step 1
This will Creat your Dedicated gal for Organization A
New-GlobalAddresslist “Organization A” –ConditionalCustomAttribute1 “OrgA” –IncludedRecipients “AllRecipients”
Step 2
Am Creating an Sample address list for Organization A
–
You can share me screen shots to admin@careexchange.in
I can clear your confusion for sure
Excellent !! Have created ABP Based on this step by step —
Only thing I had to Change was step 3. cmdlet all needed double quotes instead of single
Thanks…SM
Corrected the blog with double quotes Tom !!
Thank you !!
Hi Satheshwaran,
Can you confirm if the creation of an additional third GAL (counting the default GAL as well) is required? Why not setup a second GAL for the additonal organisation and call it OrgB and use the default GAL for OrgA…or does it absolutely require the addition of a third GAL? what happens to the Default GAL in your scenario where you have one for OrgA and OrgB? Is it hidden? or just left alone? Many Thanks, James
You can Use the Default GAL, You can use Default GAL for ORGA. But ORGA users will see ORGB
Default GAL won’t have any restriction – They will see everything. !!
Default GAL is still alive. If you don’t apply a ABP for a user. he will look at the Default GAL.
Like admins, I didnt apply abp for admin so that they can see everyone .
Thanks Satheshwaran- in this particular scenario I am implementing, the fact that users in the default GAL (OrgA) can see the users in OrgB is needed, what is wanted, is to prevent OrgB users from seeing OrgA users…brilliant, thank you for the clarification
You are Most welcome !!
thank you for posting this, it was incredibly helpful as we are trying to implement a mult-tenant exchange hosting environment. have a question…
typically our night staff will add all new user AD account as well as exchange accounts. they know very little about exchange other then creating the account. they will not remember to add a custom attribute or assign an address book policy to each user. since we have each customer in a seperate OU, i create 2 powershell scripts. one to apply a customer attribute to each member of the OU every night, and another script to assign it an address book policy(also based on the OU). this allows new users to be created and have both attributes added to thier exchange account automatically.
1)is there an easier way to do this?
2)assuming all members of the OU have both the attribute and correct ABP, do you see any issues with the scripts trying to apply these values to users who already have them?
thanks
Check the below link
http://itswapshop.com/tutorial/creating-tenants-exchange-2010-sp2-multi-tenant
you can find some predefined scripts . Who does all this for you in the back ground. But you got to customize it and spend some time. So that you can make it suitable for you.
If you customized it perfectly. For a longer run. Managing multiple tenants will be much simpler for you.
I would suggest all the tenants in a separate OU which will be good for a longer run
Thanks
thanks
Welcome Mark !
Hello
First, thanks for this great Tutorial!
I did it like you, but all addresses will be show… I think it loads the Default Global Address List and not the organisation-specified GAL… I have install exchange on my DC, because i have only one VPS Server… Can you help me? :/
If you Install Exchange on DC.
Address book Policies Won’t Work. Its by Design !.
Bravo!!
Great tutorial!
Works perfect.
Thank you Sami !!
I followed your steps and it worked perfectly. Thank you!
So I copied your syntax verbatim and just changed the names to suit my needs. Here’s my situation – I have 5 users in ORGA, but only 1 of them is assigned to the ORGA-ABP. That 1 user only sees himself in the list of users in the OrgA GAL. Once I add the other 5 users, then he sees all 5. This did not happen when I recreated your example – it only happened when I change the names. Any ideas?
I resolved this on my own. I used the Update-GlobalAddressList command on my new listed after everything was created and that seems to resolve this.
Great article – Thank you!
Happy to hear it keith !
Just desire to say your article is as astounding. The clearness on your publish is just cool and i could assume you are an expert on this subject. Fine with your permission let me to seize your RSS feed to stay updated with imminent post. Thanks one million and please carry on the enjoyable work.
Thank you for your comments !
Great article. Saved me a lot of time trying to get the Address Lists created from shell. And now I have a much better understanding of how ABP’s work.
Thank you for your comments Raj