In Part I, we have quickly described the scenario that we were using. We have also described the steps needed prior creating the Address Book Policies. At the end of the previous part, we were ready to create the Address book policies for our fictious Organization.
Implementing Address Book Policy…Continued
Creating Address Book Policies
In the previous post, we have basically created all the address book objects needed in order to create the Address book policies. We have created the GAL, Address lists, OAB and Room lists for both divisions present within our organization. Now, it’s time to create these Address Book policies.
To perform this, in the Exchange console, expand the organization configuration node > Mailbox. Then Go to Address book policies and right-click on an blank space and select New Address Book Policy (or click on the New Address Book Policy link on the right menu)
The Address Book Policy Wizard opens. You simply need to provide the information about your segmented GAL, OAB, Room list and add the Address lists that you’ve just created above. When you are happy, press New
Click on image for better resolution
Review the summary page and Press Finish
Click on image for better resolution
Again, you have to perform this operation for both entities covered in our scenario. At the end of the process, you should end up with 2 Address book policies like shown in the following screenshot.
Click on image for better resolution
Assigning ABPs To user mailboxes
The final step in the creation process is to assign the appropriate ABP to the user mailbox. To perform this, you will simple select one or multiple mailboxes within your exchange console, right-click on them and select properties. In the properties page, you will click on the tab Mailbox Settings.
Click on image for better resolution
Then, you will simply click on the Address book policy option and you will be able to associate an address book policy to this mailbox. As you can see, you can only associate one ABP per mailbox.
Click on image for better resolution
When users member of DivA logs into their mailbox (via Outlook or OWA); they should see only the GAL for DivA. Users B will be also able to see only their own GAL (GAL_Div)
Click on image for better resolution
In the screenshot, you see clearly that each user have only access to their own GAL. However, remember that the ABP does not prevent a user A To sent an email to user B as long as the user a know the email address of the recipient.
Update April 2013
Based on the recurrent comments we have received about ABP and outlook, we have double-checked this post and we can confirm that this procedure is working also for Outlook 2007 and later. As shown in the screenshot below, as long as you have configured the Address Book Policy, the user should view only its custom Global Address List.
Click on picture for Better Resolution
Click on picture for Better Resolution
If you install Exchange on top of a domain controller, you are basically bypassing the ABP functionality and you will have a not working environment. Also, the same situation can occur when trying your settings from an Exchange CAS where Outlook is installed as you can see on the screenshot below.
Click on picture for Better Resolution
Final Notes
We have quickly explain how to use the ABP using a really simple scenario where there was a clear distinction between the entities. In some case, you might need to have some kind of interaction between the entities. If this is the case, you will need to create another Address book policies where some people (managers for example) can have an address list where users in both entities are visible.
All in all implementation of ABP is not too complex. The real challenge is the planning of such policies based on the organization requirements. I have to say that this appraoch (ABP) makes things a little bit easier than in the past.
Till next Time
See ya
Does user unable to see default GAL and address list (when user click on drop down GAL)? What is the user default after ABP?
Hello Kelvin,
Basically, this is the idea behind the Address book policies. This is to segment address book and let see to the users only the information you want them to see. If you implement ABP for a user, the user should see the “segregated Address book” you have created for him
Hope this help
See ya
Hi your article very nice
on the OWA its working grate but no outlook
do you have some ides
Thanks Rubi
Hello Rubi,
If it’s working for Outlook WebApp, It should be working with Outlook. Describe a little bit your environment
Which outlook version
Outlook cached mode enabled or disabled
Exchange installed on a dedicated server or on top of the Domain controller ?
Do you see your custom address list in Outlook ?
If the Exchange is on top of a domain controller, ABP are bypassed
Hope this help
See ya
Works very fine. I’ve tested on OWA and Outlook Anywhere
Thanks for the tutorial. Great job!
Thank you Sami,
Nice to hear that the post is still good…
Till next time
See you around
Hello,
Great article! Helped me a lot although somethings had to be done in a different order.
Here too the problem: OWA working perfect with the APB, but Outlook sees the enitre server and ALL groups/users etc.
It also sees the newly created group, but it’s just one of the bunch.
Win ENT 2008 R2 and EX 2010 SP2 installed both on ONE VM.
Is this the problem? I really need to separate them for hosting.
If you have exchange and Domain controller on the same box, you bypass the Address book service….
Please read previous comments
Till nest time
see ya
Hi, This worked but only for OWA.
really need a solution for users using outlook.
server 2008 Exchange 2010 SP2.
If anybody can help it would be great.
ian@ijen-it.com
Hello Ian,
The feature is working as expected. I’ll publish/update this post with some screenshots to better illustrate the usage with Outlook
A lot of people are making a quite common configuration mistake which is putting exchange on top of Domain controller.
Outlook ABP will not work if you bypass the Address book service calls.
This can happen if you have installed Exchange on top of a Domain Controller (DC/GC)
You have installed Outlook on Exchange server and try to test your ABP policy on this server, ABP might not work as expected
if you are using Outlook 2003, might be working but you might encounter some issues
you need Exchange 2010 SP2
Hope this help
Till next Time
See ya
Hi All,
We have exchange server 2010 SP1. and i implement suggestion list in OWA. How is does happen ?
@Ankush,
What’s your question exactly ?? Have you read the Part I of the post ?? What do you want to achieve ? If you have implemented ABP on your exchange you will see these Address book in Outlook and OWA
Till next time
See ya