GAL Segregation
Hi!, todays post will be covering something that the education and enterprises normaly ask for, it´s the GAL segregation on a Exchange Online environment.
So, what is the GAL segregation for? well, a very good example would be a university with 300.000 users and the teachers don’t want to be visible from the student side or viceversa.
Another example would be a recently adquired company and the source wants to integrate the email system but don’t want the recently bought to be able to see each other on the Global Address List. (here you can see an explanation on how Address Book Policies work: http://technet.microsoft.com/en-us/library/hh529948(v=exchg.150).aspx#How)
Well, this was posible before on an on-premises environment but what about Exchange Online?, now is is!. One of the things we need to keep in mind is that in order for this to work fine, we will have to base on the details fields of eah user. On this guide I will be using the «Company» field so I can use the second example I proposed before.
First of all we will have to assign the «Address Lists» role to the «Organization Management» Administrator role and be able to work with the CmdLets we need:
-
Access our Office365 portal.
- Click on «Admin» and then on «Exchange» to enter the EAC
- Click on «Permissions» and then on «admin Roles«
- Double-click «Organization Management» and add «Address Lists» using the «+» button from the list.
- SAVE
Then we’ll need to prepare our powershell environement in order to connect to Exchange Online.
Once we’re connected, we will search for users that have the @contoso.com UPN suffix inside their UserPrincipalName and assign the «Contoso Ltd.» value on the Company field of the user detailes with the following CmdLet:
Get-User -Filter {userprincipalname -like «*@contoso.com«} | Set-User -company «Contoso Ltd.»
Now we have to create the four address lists that the ABP uses.
Creating the GAL:
New-GlobalAddressList -name ContosoGAL -RecipientFilter {(recipienttype -eq «usermailbox») -and (Company -eq «Contoso Ltd.»)}
Creating the Address List:
New-AddressList -name ContosoAddressList -RecipientFilter {(recipienttype -eq «usermailbox») -and (Company -eq «Contoso Ltd.»)}
Creating the OAB:
New-OfflineAddressBook -name ContosoOAB -AddressList ContosoAddressList
Creating the Resource List:
New-AddressList -name ContosoResourceAddressList -RecipientFilter {(recipientdisplaytype -eq «conferenceroommailbox») -and (Company -eq «Contoso Ltd.»)}
Once we have created the four required lists, we will proceed to create the ABP:
New-AddressBookPolicy -Name ContosoABP -AddressLists ContosoAddressList -GlobalAddressList ContosoGAL -OfflineAddressBook ContosoOAB -RoomList ContosoResourceAddressList
And last of all, assign the recently created ABP to the desired users:
Get-User -Filter {userprincipalname -like *@contoso.com} | Set-Mailbox -AddressBookPolicy ContosoABP
If what we want is to assign the ABP to a specific user, simply run this CmdLet:
Set-Mailbox usuario@contoso.com -AddressBookPolicy ContosoABP
Sources:
Microsoft Spain Exchange support team blog (Thanks to Pablo García Merlo): http://blogs.technet.com/b/esexblog/
Microsoft TechNet: http://technet.microsoft.com/en-us/library/hh529948(v=exchg.150).aspx#How