The steps in this article can be used to hide some or all other users from other users using Address Book Policies (ABP) in Exchange 2010 (SP2+). This was required for one of my clients, who had some shared mailboxes that were used by an external company. They didn’t want the external company to be able to see all of their users and groups when using the shared mailboxes.
The steps below will setup a new ABP that can be applied to select mailboxes, so they have a limited view of the GAL. Mailboxes that don’t have an ABP applied to them will still use the default GAL. Following these steps won’t prevent users in the default GAL from seeing the mailboxes that have the new ABP applied to them. The quick solution for this is to just hide the mailboxes, but if this isn’t a workable option multiple ABPs will be needed. To limit users so they don’t see other users you will need to create at least two ABP and the different ABP to the different sets of mailboxes, for details on how to do this see this article by Steve Goodman: http://searchexchange.techtarget.com/tip/How-to-implement-Exchange-address-book-policies.
Basic Steps
- Create a new GAL for Tailspin
- Create a new Address Lists for Tailspin mailboxes·
– At a minimum two Address Lists are required, one for mailboxes and another for rooms - Create a new Offline Address Book for Tailspin
- Create new ABP and select the new GAL, OAB, and rooms list
- Assign the new ABP to the mailboxes, that you want to have a limited view of the GAL
- Set attribute(s) on the objects you want to be visible in the new ABP
– This can done using one of the common properties, like Company, CustomAttribute1-15, or any other attributes supported by the –RecipientFilter parameter
Example PowerShell steps
Create new GAL for Tailspin:
- This step can only be done via PowerShell, all the rest of these steps can be done in the EMC.
Create new Address List(s) for Tailspin:
Only one Address List is required but one can be created for each object type in Exchange if needed. This can be created from EMC or EMS.
New-AddressList “TailSpin Mailboxes” -RecipientFilter {((CustomAttribute1 -eq “TailSpin”) -and (RecipientType -eq ‘UserMailbox’))} | Update-AddressList
A rooms address list is also required when creating a ABP, so you must create one for TailSpin or you could use the default one.
New-AddressList “TailSpin Rooms” -RecipientFilter {((CustomAttribute1 -eq “TailSpin”) -and (Alias -ne $null) -and ((RecipientDisplayType -eq ‘ConferenceRoomMailbox’) -or (RecipientDisplayType -eq ‘SyncedConferenceRoomMailbox’)))} | Update-AddressList
Create new OAB for Tailspin:
New-OfflineAddressBook “TailSpin Offline Address Book” -AddressLists “TailSpin Global Address List”
Create new Address Book Policy:
New-AddressBookPolicy -Name “TailSpin Address Book Policy” -AddressLists (Get-AddressList TailSpin*) -OfflineAddressBook “TailSpin Offline Address Book” -GlobalAddressList “\TailSpin Global Address List” -RoomList “\TailSpin Rooms”
Set custom attribute on mailboxes, groups, or other objects that should be included in the new GAL:
The cmdlet below will update all mailboxes in the TailSpin OU to have CustomAttribute1 = TailSpin, which is the filter used on Address Lists created above.
Get-Mailbox -OrganizationalUnit company.com/TailSpin | Set-Mailbox -CustomAttribute1 TailSpin
Set the mailboxes to use the new ABP:
Get-Mailbox -Filter {(CustomAttribute1 -eq “TailSpin”)} | Set-Mailbox -AddressBookPolicy “TailSpin Address Book Policy”
Now if everything is setup correctly, when “TailSpin” user’s login and browse the GAL they will only see other TailSpin users.
Jason (Izzy) Sherry's Blog 
hey,
i already install exchange 2013 in my lab. i cant set CustomAttribute on groups,contacts, and room mailbox. on users mailbox i set. can you tell me how to set CustomAttribute on groups,contacts, and room mailbox in exchange 2013 ?
Regards
sajid
LikeLike
Did you try this: http://bit.ly/14Zb8QE
LikeLike