GAL Segregation for a Specific OU Using Address Book Policy
GAL segregation allows you to isolate the Global Address List for users within a specific Organizational Unit (OU). With this setup, users only see other users from the same OU instead of the entire Active Directory user list.
Prerequisites
Ensure that a dedicated OU exists containing the users you want to isolate. You'll also use a custom filter (e.g., OU-ISOLATA) set in CustomAttribute1 for all relevant mailboxes.
1. Create the custom GAL
New-GlobalAddressList "NUOVAGAL" -ConditionalCustomAttribute1 "OU-ISOLATA" -IncludedRecipients "AllRecipients"
2. Create a new Address List
- Use the EMS or GUI wizard
- Select the domain (not a specific OU)
- Filter by CustomAttribute1 = OU-ISOLATA
3. Create Room Address List
New-AddressList -Name "OUISOLATA-Rooms" -RecipientFilter {
(Alias -ne $null) -and (CustomAttribute1 -eq "OU-ISOLATA") -and
(RecipientDisplayType -eq "ConferenceRoomMailbox") -or
(RecipientDisplayType -eq "SyncedConferenceRoomMailbox")
}
4. Create Offline Address Book
New-OfflineAddressBook -Name "OUISOLATA-OAB" -AddressLists "NUOVAGAL"
5. Create Address Book Policy
New-AddressBookPolicy -Name "OUISOLATA-ABP" -GlobalAddressList "\NUOVAGAL" -OfflineAddressBook "\OUISOLATA-OAB" -RoomList "\OUISOLATA-Rooms" -AddressLists "\OUISOLATA-AL"
6. Assign CustomAttribute1 to user mailboxes
Get-Mailbox -OrganizationalUnit "MIA-OU" | Set-Mailbox -CustomAttribute1 "OU-ISOLATA"
7. Apply the ABP to users
Get-Mailbox -OrganizationalUnit "MIA-OU" | Set-Mailbox -AddressBookPolicy "OUISOLATA-ABP"
8. Update the Default GAL
Update-GlobalAddressList -Identity "Default Global Address List" -DomainController "YourDomainControllerName"
Note
Once complete, users within the OU will only see each other in the address book and not users from other organizational units.
Alternate EMS-only procedure (script version)
# 1. Create GAL
New-GlobalAddressList "name-GAL" -ConditionalCustomAttribute1 "name-CA" -IncludedRecipients "AllRecipients"
# 2. Create Address List
New-AddressList -Name "name-AL" -RecipientContainer "acs-hosting.local" -IncludedRecipients "AllRecipients" -ConditionalCustomAttribute1 "name-CA" -Container "\" -DisplayName "name-AL"
# 3. Create Room Address List
New-AddressList -Name "name-ROOMS" -RecipientFilter {
(Alias -ne $null) -and (CustomAttribute1 -eq "name-CA") -and
(RecipientDisplayType -eq "ConferenceRoomMailbox") -or
(RecipientDisplayType -eq "SyncedConferenceRoomMailbox")
}
# 4. Create OAB
New-OfflineAddressBook -Name "name-OAB" -AddressLists "name-GAL"
# 5. Create ABP
New-AddressBookPolicy -Name "name-ABP" -GlobalAddressList "\name-GAL" -OfflineAddressBook "\name-OAB" -RoomList "\name-ROOMS" -AddressLists "\name-AL"
# 6. Assign attribute to users
Get-Mailbox -OrganizationalUnit "OU_name" | Set-Mailbox -CustomAttribute1 "name-CA"
# 7. Apply ABP
Get-Mailbox -OrganizationalUnit "OU_name" | Set-Mailbox -AddressBookPolicy "name-ABP"
# 8. Update GAL
Update-GlobalAddressList -Identity "Default Global Address List"
