wordpress analytics
Alumni Address Book Policy in Office 365 Education - UK Education Cloud Blog - Site Home - MSDN Blogs
- -
top

UK Education Cloud Blog - Learn About Office 365 Education

home    email us      twitter      deployment guide     resources      upgrade info

Alumni Address Book Policy in Office 365 Education

Alumni Address Book Policy in Office 365 Education

  • Comments 10

We recently took a look at one of the ways you can address the question of supporting alumni users in Office 365 Education, and I mentioned that you would need to look to the new Office 365 Education in order to provide custom address book policies in order to restrict access to your institution GAL by your alumni users.

There are a few reasons why implementing this is a good idea:

  • You probably don’t want your alumni users being able to view the details of your current students and faculty.
  • You will also likely want to maintain the privacy and separation by stopping your students and faculty from seeing all your alumni details, too!
  • Even more importantly, you’ll almost certainly want to stop alumni from seeing each other – as this list grows over time there'll be a lot of names in that list. Who knows, one day some of them might be famous!

What You’ll Need

In order to configure this you’ll need to ensure a few things:

  1. You’re running the new Office 365 (sometimes known as “Wave 15” or the 2013-style).
  2. You’ve enabled address book policy routing.
  3. To use any cmdlets that require the Address List role, you need to add the role to a role group. For details, see the “Add a role to a role assignment policy” section of Manage Role Assignment Policies.
  4. To decide on, and set, a marker to identify your alumni users; for example, using one of the custom attributes to store a value such as “alumni”.

Step One: Create the Address Lists

Address book policies contain address lists, so to begin we need to create an alumni address list for our users, and a blank resource address list for our resources (assuming we don’t want alumni users to see any rooms or resources in the their GAL).

Resource List:

We’ll connect to our tenant using Windows PowerShell and run the following command:

New-AddressList -name "AL_Alumni_Resources" -RecipientFilter {(((RecipientDisplayType -eq 'ConferenceRoomMailbox') -or (RecipientDisplayType -eq 'SyncedConferenceRoomMailbox')) -and (CustomAttribute3 -eq "nullresource"))} -DisplayName "Alumni Room List"

This creates an address list called AL_Alumni_Resources that contains rooms where custom attribute 3 is equal to “nullresource”. This is a bit of a trick since there are no resources with that value, so we get a blank address list as a result. There are probably more elegant ways to do this, but this one works.

Alumni Address List

Again, in PowerShell, we’ll run:

New-AddressList -name "AL_Alumni" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (CustomAttribute2 -eq "alumni")} –DisplayName “Alumni Address List”

This creates an address list called AL_Alumni that contains users where custom attribute 2 is equal to “alumni”.

Global Address List

To create a new GAL we’ll run:

New-GlobalAddressList -name "GAL_Alumni" -RecipientFilter {(CustomAttribute2 -eq "alumni")}

This creates a global address list called GAL_Alumni that contains objects where custom attribute 2 is equal to “alumni”.

Offline Address Book

To set up the OAB we’ll run:

New-OfflineAddressBook -name "OAB_Alumni" -AddressLists "GAL_Alumni"

This creates a offline address book called OAB_Alumni that contains the alumni GAL.

Step Two: Create Alumni Address Book Policy

Now that we’ve got our address lists in place we can create the policy that ties it all together, so in PowerShell we run:

New-AddressBookPolicy -name "ABP_Alumni" -AddressLists "AL_Alumni" -OfflineAddressBook "\OAB_Alumni" -GlobalAddressList "\GAL_Alumni" -RoomList "\AL_Alumni_Resources"

Step Three: Assign the Address Book Policy to users

Now for the moment of truth: applying our newly created policy to our alumni users:

Get-Mailbox -resultsize unlimited | where {$_.CustomAttribute2 -eq "alumni"} | Set-Mailbox -AddressBookPolicy "ABP_Alumni"

Step Four: Test

If we log into OWA with a test alumni user we'll see that if we browse to the people tab, we get the following view:

image

Notice that on the left column, under directory we see the two address lists we created – they’re both empty!

image

image

Step Five: Hide alumni from address lists

The last step, now that we’re satisfied we’ve hidden the rest of our users and lists from our alumni, is to hide our alumni from any other address lists. This is much simpler you’ll be please to know!

Get-Mailbox -resultsize unlimited | where {$_.CustomAttribute2 -eq "alumni"} | Set-Mailbox -HiddenFromAddressListsEnabled $true

Things to note

  • I’m not a PowerShell expert (sadly!) so there may well be better and more efficient ways to do this.
  • If you have large numbers of users to apply this to you may hit PowerShell throttling policies, so be aware that you may need to do this in chunks of users over a period of time, rather than every user in one go.
  • Test thoroughly – this is just one way and probably won’t fit every scenario. Make sure you test before rolling out!

Find out more

For a more in depth guide on address book policy procedures check out TechNet which contains all the information I needed to structure this article.

  • Thank you for these instructions!  One question/concern I have is that hiding users from the Address List typically plays tricks with certain thick clients especially the calendaring portion of Office365.  For example, an Exchange account set up in Mac Mail will not work in iCal if the user is hidden from the GAL.  Also it inhibits most calendar delegation functions since the various clients use the Address List over the AD directory to confirm delegation settings.  Have any of these issues been addressed in Wave 15?

    Also can a user be in more than one Address List?  We have lots of current employees that are also Alumni.

    Thanks!

  • @Rachel - great questions. I believe a user can be part of more than one address list.

    With regards the hiding of users from address lists, I'm not sure whether the concerns you have are addressed in the new Office 365. This might be a question to ask Microsoft support for confirmation, or start a thread at the Office 365 Community: http://community.office365.com.

  • I've used this guide and replaced certain values to setup Address Book Policys for Students however I don't appear to get any errors when setting up but the Address Book Policy doesn't seem to be apply to the users.

    I've done the following:-

    Get-Mailbox -resultsize unlimited | where {$_.department -eq "Students"} | Set-Mailbox -AddressBookPolicy "ABP_Students"

    I have in my AD Schema under "Department" either Staff or Students to identify them in Office 365

    When I log into Outlook using a student account I can see the newly created Student Address List (they all appear to be empty) - but I can also still see the original address lists with all my users, including staff - If I log in using a staff account, I can also see the newly created student lists.

    What am I doing wrong??

    Basically what I want is when a pupil logs in, they only "see" an address list which does not have any of the staff addresses listed.

    When a member of staff logs in, they can see all other staff and students.

    Thanks

    Matt

  • I "think" I've worked out why it's not working... the custom attribute of department -eq "Students" is on the User and not on the mailbox, so running the query on the Get-Mailbox command returns no results... it's only on the Get-MsolUser command.

    How can I set the custom attributes on the actual users mailboxes?

    Thanks

    Matt

  • Matt, you may need to open two sessions, Exchange Online as well as MSOL, query MSOL users by some attribute values (synced from your on-prem AD using Dirsync) and then pipe the result into Exchange Online commandlets that set the address book policy. I described this in detail here www.flexecom.com/gal-segmentation-in-office-365, if you need more information.

    This blog post here was very helpful in guiding me in the right direction.

    Dennis

  • Does this solution only apply if the organization is running Office 365 EDUCATION?  Will this solution work with Office 365's Enterprise or K Plans?

    Thank you,

    Ron

  • @Ron, this should also apply to enterprise plans.

  • Have you found any issues with custom ABP and offline address book? In my case the OAB url did not get added to the autodiscover xml so no user with the custom ABP has an offline address book.

    I tried calling support and was told ABP's are not supported in Office 365 even though I'm on A licensing.

    Do you know if its supported?

  • @Gerard ABPs are definitely supported for Office 365 Education, if you're really not getting very far with support feel free to drop us a line via the links at the top of the blog; either email or Twitter!

    Thanks for commenting! :-)

  • Is there another way of segregating the default global address list by filtering out the alumni without having to hide them from the GAL?

    Even though they are hidden, they will still be included in the newly created address lists?

Page 1 of 1 (10 items)
Leave a Comment
  • Please add 3 and 8 and type the answer here:
  • Post