Address Book Policies in Exchange 2010 SP2 – Quick How To – Part I

Hello World,

In a previous post, we have mention that Exchange Service Pack 2 was available for download.  This Service pack introduces a new feature called Address Book Policies (ABPs).  I was particularly interested in this feature because in one of my project, there was a need to divide the organization into multiple virtual entities. When we’ve started the deployment of the Exchange infrastructure, we were using Exchange 2010 SP1 and at that time there was no way to segregate Address Lists.

So, in this post, we will have a quick look on how to use this ABP feature. Let’s Go !

Understanding ABPs

Note : In this post, we assume that you have already installed the service pack 2 within your organization.  If not, have look here to see how to install SP2

Address Book policies offers a way to segment Global Address list and to present different address lists to different entities within your Exchange 2010 Organization.  In order to implement this GAL segregation, Address Book policies approach consists of creating custom Address List objects.  In fact, you should know that a ABP is a combination of the following elements :

  • A Global Address List (GAL)
  • An Offline Address book (OAB)
  • One or more Address lists
  • One Room Address list

 When deploying ABPs, you should keep in mind the following Microsoft recomendations :

  • To successfully implement ABPs, users mailbox need to be on an Exchange 2010 SP2 server
  • You cannot use HAB (Hierachical Address Book) and the ABPS at the same time
  • All ABPs must contains a room address list.  If you are not using this feature, you can always create an empty one and associated it to the ABP you are creating.

It’s important to understand that the ABPs will not prevents users within one virtual entity to send mail to other users located in a different virtual entity.  You can implement this restriction through Transport rules.  Note also that you can enforce ABP in your Lync client (for more information see source link at bottom of the article).

When implementing ABPs, Microsoft recommends to use custom attributes (1-15) instead of the standard Active directory Attributes.  The reason behind this recommendation is that the custom attributes have been created to allow customization of your environment but more importantly not all Active Directory Attributes are available to all exchange objects.

Another recommendation is also that you should prefer filters instead of using the Included Recipients. The recommendation is to create filters in order to generate your Address lists that will be included in your ABP.

Our (Simple) Scenario

We will quickly describe our scenario to test the ABP and the steps that are needed in order to successfully implement this feature.

Creating your virtual Organizations 

In our scenario, we have a centralized Active Directory and Exchange infrastructure.  This infrastructure is basically hosting 2 entities that would need to have a different Global Address list.   Within the Active directory, the virtual entities have been mapped to organizational Units.

 

Click on image for better resolution

 

Based on the MS recommendation, we will use a custom attribute (in our case Custom attribute 1) to set the value DivA or DivB. So, recipients located under the OU division_A will get the custom Attribute value set to DivA. recipients under OU Division B will get the value DivB.

Click on image for better resolution

Creating  Address Lists Objects to be used within the ABP

Because we have 2 entities, we will create 2 address Book Policies. However, before doing this, we will first need to create the different address lists “objects” that will be used by the ABPs. In our simple example, we will need to create the following objects

 Object Type  Division A  Division B
Global Address List Gal_DivA Gal_DivB
Address List DivA DivB
Offline Address List OAB_DivA OAB_DivB
Room Address List Room_DivA Room_DivB

The next section will briefly explain how to create these address lists objects and how you can combine them in order to create you Address Book Policies.

Implementing Address Book Policies

Before being able to create address book policies, we will need to create Address list object based on your requirements and how you have segragate you organization.  Based on our simple scenario, we know that we need to create the address list objects defined in the table above.  So, let’s do this…..

Creating Address List per divisions 

We will first create address lists for both Divisions.  You can use the GUI or using the Command shell to create additional Address Lists.  In this example, we will be using the GUI. Under the Organization Node, click on the Mailbox Node and in the mid pane, click on the Address List tab.

 

Click on image for better resolution

Right-click on an empty zone and select the option New Address List.  The New Address List Wizard Starts.  Provide the name for the Address List (in this example DivA) and Press Next

Click on image for better resolution

In the filter page, specify objects you to want to include in your Address list and Press Next

Click on image for better resolution

In the Conditions page, Select the CustomAttribute1 and select the value to be used.  You can check that your condition is correct by clicking on the Preview button.  When ready, click Next

Click on image for better resolution

In the Schedule Page, Select the Option immediately and Press Next

Click on image for better resolution

In this screen, check that everything is OK and press the New button

Click on image for better resolution

In the Complete page, you can simply press Finish if the operation completed successfully

Click on image for better resolution

You’ve just created the address list for Division A.  You need to perform the same for Division B

Creating Room List per divisions

In this example, we will simply use the default room list that already exists within the Organization.  Both divisions can book the same rooms if needed.  If you want to assign dedicated room list for each division, you will need to create additional address list containing only room mailboxes you want to use.  (I do not do it here because you will get too much screenshots).  The other option is to simply create empty room list using a powershell command.

Creating Offline Address List per divisions

Almost there ! We need to create our Offline address book as well.  This is quite easy.  Again, within your Exchange console, you click on the Organization configuration, select the mailbox node and in the middle pane, click on the tab Offline Address Book.

On the right pane, click on new Offline Address book and the Wizard will start.  In the first page, simply provide the name for the OAB, the generation server and which Address List should be included in this OAB. When Done, Press Next

Click on image for better resolution

Then choose the way to distribute your OAB (using public folders or Web Distribution mechanism). When Done, Press Next

Click on image for better resolution

In the completioin page, review the info and press Finish

Click on image for better resolution

You have to perform the same operation for both divisions (in my example). When this is done, you can move the the next step

Creating GAL per divisions

You will need to create 2 additional GAL in this scenario.  You cannot create them using the GUI, you have to use the Shell.  Simply type the appropriate command and check that GAL are created within your Exchange Console.

Click on image for better resolution

 

At this stage, you should be ready to create you Address Book Policy.

Click on image for better resolution

The steps needed to create the Address book will be explained in part II . I have the feeling that the article is becoming too long….

Till next Time See ya

 

Source : http://technet.microsoft.com/en-us/library/hh529948.aspx

8 thoughts on “Address Book Policies in Exchange 2010 SP2 – Quick How To – Part I

  1. Hi,
    Everything is working and I thank you for your help. Only one thing I have having problems with. How to add the custom attribute to the OU. There isn’t a custom attribute button there is only Attribute editor. I KNOW this is a dumb question but really want to make this work at the OU level. If I add the attribute to each mailbox it works.

  2. Hello Pam,

    If you read Exchange Technincal library, the best practice and recommended way is to use custom attributes on recipients objects (and not on OU level). If you need to configure these attributes per OU, You can use the Exchange Management Shell command or the Exchange GUI and simply specify the Scope you want to use…

    For example, you can simply issue this command to set customATtribute1 to mailbox objects located in the OU called OU=DIVISION_A,DC=Contoso,DC=Com
    $List=Get-Mailbox -OrganizationalUnit “OU=Division_A,DC=Contoso,DC=COM

    $List | ForEach-Object {

    Set-Mailbox $_.DistinguishedName -CustomAttribute1 “Division_A”

    }

    You can also use the GUI – Right-click on the recipient node and select recipient scope, specify the OU you want to use. then select the objects in the mid pane, and right-click on them. select properties. The Dialog box is displayed. Click on the custom attributes and set your value. Click OK- The changes will be applied to all selected object.

    Hope this help
    See ya

  3. I have followed the instructions and I have enabled it on our Exhcange 2010 and it works great when accessing with Outlook Web app. When you create a new e-mail you only see the address list you are supposed to see. The problem arises is when you use outlook anywhere. Outlook insists on displaying all the address lists. Have you seen that or did I screw up somewhere?

    thanks

  4. Hello Dino,

    Should be working for any client connecting to your CAS Server. The only situation where the address book service is bypassed (as far as I know) is when you install your CAS on top of a Global Catalog.

    If it’s working for owa, it should be working for Outlook and Outlook anywhere. To debug, i would first configure outlook (not configured for rpc over http) within your lan and see if you have the address book policies applied correctly. If you have the expected results, you can then move to the situation with OUtlook anywhere.

    Hope this Help

    See ya

  5. Hello admin

    I have the CAS on top of my Global Catalog. Exact the same that you explain in your last poste.

    Is it possible to configure the Global Catalog, that its not possible for the Outlook – Client, to watch in this Global Catalog? Or is the only solution for this ABP problem to install a new AD whit the Global Catalog and join this Domain whit the Exchange – Server as member?

    Thank you for the answer.

    Greezes bak

  6. Hello there,

    I do not understand fully the question but I’ll try to answer to it

    Point 1 – As a best practice, you never install an Exchange on top of a Domain controller (which can be also a Global Catalog). In My setup(s), I always separate Domain controllers from Exchange Servers.

    Point 2 – If you install CAS Role on top of a Global Catalog, the Name Service Provider Interface (NSPI) will be used instead of the Address Book. You are bypassing the Address Book Service
    The Outlook Client that connect to this CAS server will in fact connect to the NSPI service and the address book policies will never come into the picture

    Point 3 – What you should do (I’m assuming you have only one Exchange Server (the one on the Global Catalog) : install a new Exchange Server, move your mailboxes (if any on the old Domain controller), and then remove Exchange from the global Catalog. You should then have a working Address book Policies feature in place.

    To configure outlook to connect to a specific global catalog, we were using this in the past :http://support.microsoft.com/kb/319206

    Hope this help

  7. Hello Griffon

    many thanks for your input.

    Is that right, that the Exchange Server should be member of a DC, which manage the users of the domain and the Exchange Server contains the Mailboxes for this users?
    Or is it possible to have an Exchange Server without any domain-connection?

  8. Hello Hello;

    Quick Answer is :

    No Active Directory Domain -> No Exchange installaton.

    In order to install Exchange, you will need to have an Active Directory up and running. Exchange heavily relies on Active Directory which provide Directory services to the Exchange.

    Till Next

    Time See ya

Leave a Reply