Exchange 2016: Address Book Policies
In this tutorial we are going to learn how you can segment your global address list into particular groups to create customized GALs present in Outlook and Outlook Web App.
- Global address list (GAL) segmentation (also called GAL segregation) is the kind of process whereby administrators may segment users into particular populations to offer customized views of their organization’s GAL.
- Address book policies (ABPs) permits you to segment users into particular groups to provide customized views of your companies global address list (GAL).
- When creating an ABP, you allot a GAL, an offline address book (OAB), a room list, and single or more address lists to the policy.
- You might then allot the ABP to mailbox users, offering them with access to a customized GAL in Outlook and Outlook Web App.
- The objective is to provide a simpler mechanism to achieve GAL segmentation for on-premises organizations which require multiple GALs.
ABPs are mainly to optimize the GAL and address lists for each and every group of users, not make it tough for them to see each other or to communicate with other users in your company. Actually, ABPs create a virtual separation, only, of users from a directory perspective, not a legal separation.
How ABPs Work
ABPs consist of the following lists:
- One GAL
- One OAB
- One room list (for booking purposes)
- One or more address lists
In the following figure, Address Book Policy A is inclusive of a subset of the various address objects which exist in the enterprise (shown in the bottom half of the figure).
- The resulting scope of an ABP is equal to that of the GAL included in the policy, in this referred case GAL1.
- When the ABP is generated and allotted to a user, the address objects present in the ABP become the scope of the objects the user is able to see.
You are allowed to use the following methods to allot ABPs to individual mailbox users:
New or existing mailbox?
New-Mailbox cmdlet with the AddressBookPolicy parameter
Set-Mailbox cmdlet with the AddressBookPolicy parameter
- ABPs come into effect when a user’s client application connects to a Client Access server in Exchange 2013.
- In case you alter the ABP, the updated ABP doesn’t take effect till the user restarts or reconnects with their respective client or till you restart the RPC Client Access servers on the Exchange 2013 Mailbox server.
Address book policy routing agent
In an Exchange organization which doesn’t use ABPs, the following things happens when an email is created in Outlook or Outlook Web App and transmitted to another recipient in your Exchange organization:
- The email address resolves. For instance, if you type [email protected] in the To field, the SMTP email address might be resolve to the user’s display name Kweku Ako-Adjei.
- You can access the other person’s contact card. When the name resolves, after that you can double-click the user’s name and access their contact information, like office and phone number.
In case you’re using ABPs, and you don’t wish users in separate virtual enterprise to view each other’s significantly private information, you may turn on the Address Book Policy Routing agent.
- Then, the ABP Routing agent is a Transport agent which controls how recipients are resolved in your company. When the ABP Routing agent is setup and installed and configured, users that are allotted to different GALs appear as external recipients in that they can not view external recipients’ contact cards.
- In the following shown diagram, Fabrikam and Tailspin Toys share the same Exchange company and the same CEO. The CEO is the only employee common to both organizations.
This configuration includes three ABPs:
- One includes Fabrikam employees and the CEO
- One includes Tailspin Toys employees and the CEO
- One includes only the CEO
The ABPs adhere to the following guidelines and rules:
- The users in Tailspin Toys may only view Tailspin Toys employees and the CEO when they browse the GAL.
- The users in Fabrikam may only view Fabrikam employees and the CEO when they browse the GAL.
- The CEO may access all Fabrikam and Tailspin Toys employees when browsing the GAL.
- Users who access the CEO’s group membership can access only groups which belong to the user’s company. They won’t see groups which exist in the other organization.
Entourage, Outlook for Mac, and ABPs
- ABPs usually, do not function for Entourage users or Outlook for Mac users who are usually connected to their corporate network.
- Being inside the corporate network, Entourage and Outlook for Mac clients generally connect directly to the global catalog server and query Active Directory directly rather than using the Client Access server.
- But, Outlook for Mac 2011 clients which connect from the Internet may use an OAB or Exchange Web Services (EWS). Consequently, these clients can search the GAL depending on the assigned ABP.