GAL Segmentation with Address Book Policy - Exchange 2010 SP2 and later

Alright today I had to work on a situation where some external client users were suppose to be given email accounts in our company with legitimate email addresses.

The only difference was that they would have their own GAL and would not be able to see all the users in the "Default Address Book" which houses all the full time employees but those project users should be visible in the default GAL. So here is what I have tested in my lab and by the looks of things it does work and here is how it is done!

First off I created 5 Project Users and placed them in a specific OU so that I could differentiate between the full time users and the project users. 

I logged on as Project User 1 using Outlook 2010 and I could see all the users in the Address Book. Please note that for the sake of this explanation Administrator and Ali Hassan are the full time employees.


Now we have the setup in place lets go ahead and create a new project "Global Address List" using powershell because you cant create a new GAL using the EMC also we are going to assign the value of "ProjectX" to custom attribute 1 so that its easy to differentiate these project users.

New-GlobalAddressList "Project X" -ConditionalCustomAttribute1 "ProjectX" -IncludedRecipients "AllRecipients"



After this you will have to create a new address list where these project users will show in, you need to go under the Organisation Configuration and Mailbox --> Address Lists and create this new project "Address List"


 Let's name the new Address List as PROJECTX-AL

Click on browse and select your domain and leave the radio box selected as "All Recipients Types"

Now let's set the Cutom Attribute value for this address list to "PROJECTX" so that only users with the assigned custom attribute are included in this list.

Schedule the changes immediately on the following screen and finish off the creation as below.


Let's go ahead and now create a new room list called "ProjectX-Rooms" for these users using EMS

New-AddressList -Name ProjectX-Rooms -RecipientFilter {(Alias -ne $null) -and (CustomAttribute1 -eq "PROJECTX") -and (RecipientDisplayType -eq "ConferenceRoomMailbox") -or (RecipientDisplayType -eq "SyncedConferenceRoomMailbox")}


Now it's time to create a new offline address book for these users using the GAL we created for these users a while back which was named "Project X"

New-OfflineAddressBook -Name ProjectX-OAB -AddressLists "Project X"



Time to finally create the New Address Book Policy calling it "ProjectX ABP" using the EMC with all the information created so far..

Assign Custom Attribute to Project User Accounts

Now we need to assign the custom attribute 1 as "ProjectX" for all the project user accounts present, now for the purposes of this tutorial I had created only 5 users so I can go to the "General Tab" on the user accounts individually and set the custom attribute to 1 but what if we had 100 users! This manual way is not the best way unless you love wasting time!

So we are going to use the shell to perform this task, you already know that all our project users are stored in a specific project users OU which makes this task a little easier.

Get-Mailbox -OrganizationalUnit "project users" | Set-Mailbox -CustomAttribute1 "PROJECTX"

The command may vary depending on your setup but I am sure you get the idea...

Apply Address Book Policy To User Accounts

Now lets use the EMS to apply the Address Book Policy to all project user accounts.

Get-Mailbox -OrganizationalUnit "project users" | Set-Mailbox -AddressBookPolicy "Projectx abp"

 Now open up Outlook as the project user and have a look at the address book now and you will notice that now you can only see the custom GAL that we have created and the user who are visible in the GAL are only the Project Users!!

Test mail flow and all that cool stuff and we should be done!

Mission Accomplished! This Post will not self destruct in 10 seconds!