Exchange - Segregating Global Address List

Issue:

Migrated from On-Premise to O365, all the users were created and all the secondary address books were added as external contact, now want to manage our Global Address List so employees can sort the contacts according to their departments and work role.

Resolution:

1. Create/Add Admin roles (this may take 30min – 1hour to propagate)

• Go to EAC > Permissions
• Create new Admin role

Name: Address List Management

Role: Address List

Members: add your global admin account as a member

• Save the role group

*Note: the steps above grant you access to “New-GlobalAddressList” and “New-AddressList” commands that will be used later in this article. 

2. Enable Address Book Policy Routing through PowerShell
3. Open Powershell as an Admin

b. Connect to Exchange Online 

      Set-ExecutionPolicy RemoteSigned  

      $UserCredential = Get-Credential  

      $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection  

      Import-PSSession $Session 

   *If you're Admin has a Multi-factor Authentication use the steps here to connect. 

1. Check if Address Book Policy is enabled

Get-TransportConfig | fl AddressBookPolicyRoutingEnabled

1. If false, run:

Set-TransportConfig -AddressBookPolicyRoutingEnabled $true

3. Identifying Configure GAL Segmentation Based on Custom Attribute

• Create a csv file that needs to be separated

Example column: SalesandMarketing

• Add Custom attribute 1 for the mailboxes based on a CSV file

      Import-Csv "CSV file Path" | foreach {set-mailbox -Identity $_.SalesandMarketing -CustomAttribute1 SalesandMarketing}

4. Creating Address List based on Custom Attribute

• Create Resource Address list

New-AddressList -name "Employees_Room_List" -RecipientFilter {(((RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')) -and (CustomAttribute1 -ne "SalesandMarketing"))} -DisplayName "Employees_Room_List"

• Create User Address list

      New-AddressList -name "Employees_Address_List" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (CustomAttribute1 -ne "SalesandMarketing")} –DisplayName “Employees_Address_List”

• Create Global Address list

     New-GlobalAddressList -name "Employees_Global_Address_List" -RecipientFilter {(CustomAttribute1 -ne "SalesandMarketing")}  

• Create Offline Address list

     New-OfflineAddressBook -name "Employees_Offline_Global_Address_List" -AddressLists "Employees_Global_Address_List"

5. Combine all addresses by creating an Address Book Policy

 New-AddressBookPolicy -name "Employees_Address_Book_Policy" -RoomList "Employees_Room_List” -AddressLists "Employees_Address_List” -GlobalAddressList "Employees_Global_Address_List " -OfflineAddressBook "Employees_Offline_Global_Address_List"

6. Applying the Address Book Policy to all mailboxes with the right Custom Attribute

• List all Mailboxes that has the Marketing Custom Attribute.

     Get-Mailbox -resultsize unlimited | where {$_.CustomAttribute1 -ne "SalesandMarketing"}

• Apply Address Book policy (Step 5) to all Mailboxes that has the SalesandMarketing Custom Attribute.

     Get-Mailbox -resultsize unlimited | where {$_.CustomAttribute1 -ne "SalesandMarketing"} | Set-Mailbox -AddressBookPolicy "Employees_Address_Book_Policy”

User (No Customs Attributes) Sales (Custom Attributes SalesandFinance)

All Contacts No option or Not Visible can see all external mail contacts

Employees_Global _Address_List See All employees list except Salesand Finance No option or Not visible (since we only create global address list for Employees only)

Employees_Room_List visible roomlist visible roomlist

Employees_Address_List cannot see Sales&Marketing list can see all users except SalesandFinance

Default Global Address List See All employees list except Salesand Finance can see online & offline GALs (all users including SalesandFinance)

All user accounts that do not have Custom Attributes 1 = "SalesandFinance" will see the results on column 2. Otherwise, accounts with Custom Attribute 1 = "SalesandFinance" will see the results in column 3.

Now, if you have users in R&D, Purchasing, Account etc. As long as they do not have Custom Attributes 1 = SalesandFinance they will also see the results in column2.

If you want to control for GAL for R&D only, then you need to create an Custom Attributes 2 =  R&D and then create Resource List, User Address List, Global Address list, Offline Address list, Address Book Policy. After creating them, you need to create an Address Book Policy and apply the policy with  the right Custom Attribute.

Here's the example:

Creating Address List based on Custom Attribute:

• Create Resource Address list

New-AddressList -name "R&D_Room_List" -RecipientFilter {(((RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')) -and (CustomAttribute2 -eq "R&D"))} -DisplayName "R&D"

• Create User Address list

New-AddressList -name "R&D_Address_List" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (CustomAttribute2 -eq "R&D")} –DisplayName “R&D_Address_List”

• Create Global Address list

     New-GlobalAddressList -name "R&D_Global_Address_List" -RecipientFilter {(CustomAttribute1 -eq "R&D")}  

• Create Offline Address list 

     New-OfflineAddressBook -name "R&D_Offline_Global_Address_List" -AddressLists "R&D_Global_Address_List"  

Combine all addresses by creating an Address Book Policy

New-AddressBookPolicy -name "R&D_Address_Book_Policy" -RoomList "R&D_Room_List” -AddressLists "R&D_Address_List” -GlobalAddressList "R&D_Global_Address_List " -OfflineAddressBook "R&D_Offline_Global_Address_List"  

Applying the Address Book Policy to all mailboxes with the right Custom Attribute

 Get-Mailbox -resultsize unlimited | where {$_.CustomAttribute2 -eq "R&D"} | Set-Mailbox -AddressBookPolicy "R&D_Address_Book_Policy”