Create Hierarchical Address Books in Office 365

The hierarchical address book (HAB)

The hierarchical address book (HAB) is a feature in Microsoft Exchange Server 2013, Exchange Online (Office 365) and Microsoft Outlook that enables end users to browse for recipients in their Exchange organization using an organizational hierarchy. In most Exchange deployments, users are limited to the default global address list (GAL) and its associated recipient properties. Additionally, the structure of the GAL often doesn’t accurately reflect the management or seniority relationships among recipients in your organization. Being able to customize an HAB that maps to your organization’s unique business structure provides your users with an efficient method for locating internal recipients.

The nice place to start with HAB is the kb article here

HAB in Office 365

In a recent blog article, MS has informed that Hierarchical Address Books have arrived at Office 365 too. After reading the announcement, I have decided to play something around on the new stuff in Office 365 !!!

How HAB Looks Like

So, my aim is to build something like shown below:

IC412984

The top-level tier represents the root organization Contoso, Ltd.

  • The second-level child tiers represent the business divisions within Contoso, Ltd: Corporate Office, Product Support Organization, and Sales & Marketing Organization.
  • The third-level child tiers represent departments within the Corporate Office division: Human Resources, Accounting Group, and Administration Group.

How to start with establishing a HAB

It has found as a tenant administrator for Office 365 is able to configure a HAB using the same commands one would in an on premises deployment through PowerShell only. So my reference to play around is Enable or Disable Hierarchical Address Books in Exchange 2013

The general steps are found as follows:

  1. Create a distribution group that will be used for the root organization (top-level tier).
  2. Create distribution groups for the child tiers and designate them as members of the HAB. Modify the SeniorityIndex parameter of these groups so they’re listed in the proper hierarchical order within the root organization.
  3. Add organization members. Modify the SeniorityIndex parameter of the members so they’re listed in the proper hierarchical order within the child tiers.
  4. For accessibility purposes, you can use the PhoneticDisplayName parameter, which specifies a phonetic pronunciation of the DisplayName parameter.

The following table shows all the required cmdlets to configure a HAB.

Cmdlet Parameter
Set-OrganizationConfig HierarchicalAddressBookRoot
Set-Group IsHierarchicalGroupSeniorityIndexPhoneticDisplayName
Set-User SeniorityIndexPhoneticDisplayName
Set-Contact SeniorityIndexPhoneticDisplayName

Steps to Enable HAB in your Office 365 organization using Remote PowerShell

1. Create the Global Distribution Group, in which all the Hierarchical Address Books and users are member of

New-DistributionGroup -Name “ExchangeOnline” -DisplayName “ExchangeOnline Global” -Alias “ExchangeOnlineGlobal” -Type “Distribution”

The PowerShell Output shows as follows:

11

2. Make the ‘ExchangeOnline’ Global Distribution Group as the root Distribution Group for the HAB

Set-OrganizationConfig -HierarchicalAddressBookRoot exchangeonline

See the corresponding PowerShell Output as below:

12

3. Create a new distribution group ‘ExchangeOnline.in’ and add it as a member of the Global group

New-DistributionGroup -Name “ExchangeOnline.in” -DisplayName “ExchangeOnline.in” -Alias “ExchangeOnlineIndia” -Type “Distribution”

Add-DistributionGroupMember -Identity “ExchangeOnline” -Member “ExchangeOnline.in”

Corresponding PowerShell Output:

111

4. Create distribution groups for the other tiers in the HAB. For this example, we would create the following groups: Messaging, Infrastructure, Office 365. This example creates the distribution group Messaging. Likewise create other groups too

New-DistributionGroup -Name “Messaging” -DisplayName “Messaging” -Alias “Messaging” -Type “Distribution”

3

5. Designate each of the groups as members of the HAB. For this example, we would designate the following groups as being hierarchical groups: ExchangeOnline, ExchangeOnline.in, Messaging, Infrastructure, Office 365, Consultants, Architects, Administrators. This example designates the distribution group ExchangeOnline as a member of the HAB.

Remember to convert every groups you wish to be there as a Hierarchical Group listed in your Address Book

Set-Group -Identity “ExchangeOnline” -IsHierarchicalGroup $true

Set-Group -Identity “ExchangeOnline.in” -IsHierarchicalGroup $true

Set-Group -Identity “Messaging” -IsHierarchicalGroup $true

Set-Group -Identity “Administrators” -IsHierarchicalGroup $true

etc…

See how the PowerShell Output looks like:

123

6. Add each of the subordinate groups as members of the root organization. For this example, distribution groups Messaging, Infrastructure, Office 365 are added as members of the root organization ExchangeOnline.in in the HAB. This example adds the Messaging distribution group as a member of the ExchangeOnline.in root distribution group

Add-DistributionGroupMember -Identity “ExchangeOnline.in” -Member “Messaging”

See how it is operated in PowerShell

5
7. Add each of the groups that are subordinate to the distribution group ‘Messaging’ as members of the group. For this example, distribution groups Architects, Consultants, and Administrators are added as members of the distribution group ‘Messaging’. This example adds the Architects distribution group as a member of the Messaging distribution group.
Add-DistributionGroupMember -Identity “Messaging” -Member “Architects”
8. Set the SeniorityIndex parameter for groups in the HAB. For example, the Messaging group contains three child groups: Architects, Consultants, Administrators. Instead of having the groups listed in ascending alphabetical order, which is the default, the preferred sorting will be Administrators (SeniorityIndex = 100), Consultants (SeniorityIndex = 50), and then Architects (SeniorityIndex = 25). This example sets the SeniorityIndex parameter for the Administrators group to 100.
Set-Group -Identity “Administrators” -SeniorityIndex 100
The PowerShell Output Looks like as seen below:
8
9. Set the SeniorityIndex parameter for users in the HAB groups. For this example, the Administrators group contains three users already: UserX, UserY, and UserZ. Instead of having the users listed in ascending alphabetical order by default, the preferred sorting will be UserZ (SeniorityIndex = 100), UserX(SeniorityIndex = 50), and then UserY(SeniorityIndex = 25). This example sets the SeniorityIndex parameter for the users UserZ,UserY,UserX to 100.

Set-User -Identity “UserZ” -SeniorityIndex 100

Set-User -Identity “UserX” -SeniorityIndex 50

Set-User -Identity “UserY” -SeniorityIndex 25

See the PowerShell Output too:

9

How the HAB we made looks like?

So, it’s almost done, except the one which is how the HAB looks like in address book. Microsoft has clarified that it can be viewed through Outlook 2010/2013 only as of now (That means no OWA supported for the time being)

Are you ready to see the new addition in Outlook 2013? A new tab is added to the Address book !!!

The HAB is displayed on the Organization tab, similar to the following figure.

HAB

You can also review the hierarchy of display of Groups and Users as we set using SeniorityIndex in a previous step.

Hope, this will help you when you are in need of creating a Hierarchical Address book in your Exchange 2013 or Office 365 environments.

RPC virtual Directory Basic Authentication keeps getting disabled

I met an interesting issue today during the troubleshooting of an RPC/HTTP connectivity issue on a Windows 2008R2/Exchange 2013 environment.

Observation: The observation was RPC virtual Directory Basic Authentication keeps getting disabled in about 5 minutes even when we enable it manually.  The intermittent observation has noticed during the testing of the RPC/HTTP via http://exrca.com/. It keeps passed when the Basic Authentication keeps enabled and failed when the change has introduced automatically.

Also, the cmdlet output for Get-OutlookAnywhere |fl showed the IISAuthenticationMethods as follows:

auth

 

So the Exchange was forcefully overwriting the Windows IIS settings for RPC virtual Directory with on some minutes every time.

Requirement:

Default Settings for Exchange Virtual Directories for Exchange 2013 showed the following requirement for RPC Virtual Directory under ‘Default Website’ in IIS

RPCAlso IISAuthenticationMethods for OutlookAnywhere should be listed as follows:

auth2

 

How to Fix the issue

The TechNet Blog published here mentioned some hints to fix the issue.

The fix is set the Exchange OutlookAnywhere settings forcefully by using the following cmdlet:

Get-OutlookAnywhere | Set-OutlookAnywhere -IISAuthenticationMethods: Basic, ntlm

After setting this, I have manually Enabled the RPC virtual Directory Basic Authentication and it keeps maintaining the settings because of the fix.

Hope this will help you also !!!!

Exchange Online GAL federation between two Office 365 tenants

I have recently tried to establish the GAL Federation between two of my Office 365 Exchange Online tenants to share the Free busy Availability between those domains. I have used the domains exchangeonline.in and the free one manuphilip.onmicrosoft.com

1) Connect to Exchange Online through PowerShell as an administrator user on one of the domain

2) Find the existing Federation info between the domains under consideration. Substitute the domain name when asked as below:

Get-FederationInformation -DomainName

EOL

3) Create a New Organization Relationship between the domains and set the Free Busy Properties. In this step, I am going to set the FreeBusyAccessLevel as ‘AvailabilityOnly’

Get-FederationInformation -DomainName “Domain Name” | New-OrganizationRelationship -Name ‘Federaion’ -Enabled $true -FreeBusyAccessEnabled $true -FreeBusyAccessLevel ‘AvailabilityOnly’ -FreeBusyAccessScope $null

eol2

4) Now check the Scheduling Assistant in owa or outlook and see it has shared as below: I have tried to check the availability info of a mailbox located in the federated domain

eol3

5) Similarly, you may also set the ‘FreeBusyAccessLlevel’ as ‘LimitedDetails’ for the existing OrganizationRelationship as below:

Set-OrganizationRelationship ‘Test-Federation’ -FreeBusyAccessLevel LimitedDetails

eol4

Common mailbox / folder sharing scenarios Guided Walkthroughs

Microsoft has published certain Guided Walkthroughs helpful for us when working with Exchange, Outlook, Office 365 (o365) etc. to set up mailbox, calendar etc. Very helpful in learning and troubleshooting instances:

Following are the guided walkthroughs available:

Exchange 2003 to 2010 Migration Roll back

Now as days one of the major migration project handled by exchange administrators are Moving mailboxes from Exchange 2003 to Exchange 2010. When doing this, we should have a proper roll back plan, when we required to move back the mailboxes migrated to Exchange 2010 back to 2003.

Recently one of the customer has requested me to include the steps in the migration plan. I have prepared it as follows:

The reference from Microsoft KB collection for this is found here: http://technet.microsoft.com/en-us/library/dd638157.aspx

1. The first step is to disable the Personal Archive as this is an exclusive feature on Exchange 2010 only. The following cmdlet can do the job

Disable-Mailbox -Identity <identity> -Archive

2. The next step is if ‘SingleItemRecoveryEnabled’ property is ‘True’, this should be disabled by using the following cmdlet:

See if the property is enabled:

get-mailbox <identity> |ft displayname,singleitemrecoveryenabled    

Disable it using the following cmdlet:

set-mailbox <identity> -SingleItemRecoveryEnabled $False

3. Next step is to delete any Retention items presented with Exchange 2010 mailbox. You will need to clear these out before the mailbox is moved to Exchange 2003.

Your admin account should the member of  ‘Discovery Management’ USG in Exchange 2010 to search mailbox for retention items presented in the mailbox.  The following cmdlet can add your username to the particular USG

Add-RoleGroupMember -Identity “Discovery Management” -Member <your account name>

Next is to search the mailbox

Search-Mailbox -Identity <identity> -SearchDumpsterOnly -estimateresultonly |fl Identity, ResultItemsCount, ResultItemsSize

If the properties ResultItemsCount and ResultItemsSize are >0 you will need to clear these out before the mailbox is moved to Exchange 2003. Use the following cmdlet for this

Search-Mailbox -Identity <Identity> -SearchDumpsterOnly -TargetMailbox “Discovery Search Mailbox” -TargetFolder “<Identity>-RecoverableItems” -DeleteContent

Search the mailbox again to confirm the operation

4. Now we are ready to move the mailbox back to Exchange 2003. But we need to find the database GUID of the Exchange 2003 database to substitute in the cmdlet:

(get-mailbox -database “Exchange 2013 Server Name\Storage Group 1\Mailbox Database 1″ | select -first 1).database

The result includes a property called ObjectGuid property and which is will help to identify the correct hive in the registry on the Exchange 2003 server to find the GUID easily

The move cmdlet can be built as below: This is handled in two ways for ‘Same Forest’ as well as in ‘Cross Forest’

For ‘Local’ Move (Same Forest):

new-moverequest -identity “Identity” -targetdatabase GUID

For Remote Move (Cross Forest):

$UserCredential = Get-Credential

New-MoveRequest -identity “Identity” -remotelegacy -RemoteTargetDatabase “DB Name” -RemoteGlobalCatalog “GC Name” -RemoteCredential “$UserCredential” -TargetDeliveryDomain “Domain Name”

Exchange 2010 will be queuing the move request and can be monitored from the Exchange Management Console to see the status.

Hope this helps you in your Migration Rollback activity