The "segregation" of the GAL is the operation that aims to isolate the Global Address List (GAL) of a single OU (Organizational Unit), ie the users belonging to that OU will only see the users of the same OU and not the 'full list of users which would be the default behavior.
To obtain the result, proceed as follows, the pre-requisite is that you have already created an OU with all the users you want to isolate inside, then proceed as follows.
The system requires the use of a parameter to be entered in AD ConditionalCustomAttribute1 to be set to a certain value (OU-ISOLATED) to identify all users who must be isolated from the rest of the AD.
1. Create a new LAG through the EMC:
New-GlobalAddressList "NUOVAGAL" -ConditionalCustomAttribute1 "OU-ISOLATA" -IncludedRecipients "AllRecipients"
where is it:
NUOVAGAL = name of the LAG used by the isolated ou
OU-ISOLATED = attribute to identify users in the OU to be isolated
in this example the new LAG has the name "NewGal" and uses the OU-ISOLATED attribute, this will be useful later.
2. Create a new Address List through the EMS:
the name should have an -AL to indicate that it is an Address List
Follow the wizard,
create-address-list-1
SELECT THE DOMAIN (NOT THE OU)
Select CustomAttribute1 and input the identifier value used previously (OU-ISOLATED)
3. Create a new room address list via EMS
Through the EMC use the following command:
New-AddressList -Name OUISOLATA-Rooms -RecipientFilter {(Alias -ne $ null) -and (CustomAttribute1 -eq "ATTRIBUTE") -and (RecipientDisplayType -eq "ConferenceRoomMailbox") -or (RecipientDisplayType -eq "Syncedbox} )ConferenceMail
Again use the OU-ISOLATED filter used to create the new LAG
4. Create the Offline Address Book via EMS
New-OfflineAddressBook -Name OUISOLATA-OAB -AddressLists "NUOVAGAL"
where is it:
OUISOLATA-OAB = name of the Offine address book, OAB indicates this
NUOVAGAL = Name of the LAG created at point number 1
5. Create a new address book Policy through EMS
Specify in the name OUISOLATA-ABP and the new GAL created, the Offline Address Book created and the room list created.
6. Assign the CustomAttribute1 to all users of my OU
To do this use the EMS:
Get-Mailbox -OrganizationalUnit “MIA-OU” | Set-Mailbox -CustomAttribute1 "OU-ISOLATA"
7. Associate the Address Book Policy with users
Always via EMS:
Get-Mailbox -OrganizationalUnit “MIA-OU” | Set-Mailbox -AddressBookPolicy "OUISOLATA-ABP"
8. Update the LAG
Update-GlobalAddressList -Identity "Default Global Address List" -DomainController "YourDomainControllerName"
At this point the process is over.
PROCEDURA CON SOLO UTILIZZO DI EMS (Exchange Management Shell)
Parametri
nome_ou = nome della OU
nomegal = nome da dare alla GAL
1. Create New GAL
New-GlobalAddressList “nomegal-GAL” -ConditionalCustomAttribute1 “nomegal-CA” -IncludedRecipients “AllRecipients”
2. Create Address List
new-AddressList -Name 'nomegal-AL' -RecipientContainer 'acs-hosting.local' -IncludedRecipients 'AllRecipients' -ConditionalCustomAttribute1 'nomegal-CA' -Container '\' -DisplayName 'nomegal-AL'
3. Create New ROOM AddressList
New-AddressList -Name nomegal-ROOMS -RecipientFilter {(Alias -ne $null) -and (CustomAttribute1 -eq "nomegal-CA") -and (RecipientDisplayType -eq "ConferenceRoomMailbox") -or (RecipientDisplayType -eq "SyncedConferenceRoomMailbox")}
4. CREATE OFFLINE ADDRESS BOOK
New-OfflineAddressBook -Name nomegal-OAB -AddressLists “nomegal-GAL”
5. CREATE ADDRESS BOOK POLICY
new-AddressBookPolicy -Name 'nomegal-ABP' -GlobalAddressList '\nomegal-GAL' -OfflineAddressBook '\nomegal-OAB' -RoomList '\nomegal-ROOMS' -AddressLists '\nomegal-AL'
6. Assign Custom Attribute to Project User Accounts
Get-Mailbox -OrganizationalUnit “nome_ou” | Set-Mailbox -CustomAttribute1 “nomegal-CA”
7. Apply Address Book Policy To User Accounts
Get-Mailbox -OrganizationalUnit “nome_ou” | Set-Mailbox -AddressBookPolicy “nomegal-ABP”
8. Update default GAL
Update-GlobalAddressList -Identity “Default Global Address List”
