OABs are only useful to outlook clients that work in cached Exchange mode. Clients working online have access to the complete GAL unless they are constrained by changes to the access controls and other settings maintained in Active Directory.

King:

Setup /PrepareAD /OrganizationName:1ask2corp

FW and EX2:

setup /m:install /roles:CAS,HT,MT

Queen:

setup /m:install /roles:mb,MT /mdbname:vanarts

Configuring the Receiving Connector to receive Internet Traffic

Set-ReceiveConnector "EX2\Default EX2" -Bindings "0.0.0.0:25"
Set-ReceiveConnector "FW\Default FW" -Bindings "0.0.0.0:25"

Set-ReceiveConnector "EX2\Client EX2" -Bindings "0.0.0.0:587"
Set-ReceiveConnector "FW\Client FW" -Bindings "0.0.0.0:587"

Set-ReceiveConnector -Identity "EX2\Default EX2" -PermissionGroups ExchangeUsers, ExchangeServers, ExchangeLegacyServers,anonymousUsers
Set-ReceiveConnector -Identity "FW\Default FW" -PermissionGroups ExchangeUsers, ExchangeServers, ExchangeLegacyServers,anonymousUsers

Configuring Send Connector to Internet

New-SendConnector -Name "ToInternet" -Usage 'Internet' -AddressSpaces 'SMTP:*;1' -DNSRoutingEnabled $false -SmartHosts 'Shawmail.vc.shawcable.net' -SmartHostAuthMechanism 'None' -SourceTransportServers FW,EX2

New-SendConnector -Name "ToInternet" -Usage 'Internet' -AddressSpaces 'SMTP:*;1' -DNSRoutingEnabled $false -SmartHosts 'mail.vanarts.com' -SmartHostAuthMechanism 'None' -SourceTransportServers FW,EX2

NLB configuration

Internet Name:mail.1ask2.com and IP:191.121.3.3

Dnscmd King.1ask2.com /recordadd 1ask2.com Exserver A 191.121.3.3
Dnscmd King.1ask2.com /recordadd 1ask2.com mail A 191.121.3.3
Dnscmd King.1ask2.com /recordadd 1ask2.com . A 191.121.3.3

If you don't create the 1ask2.com record, you must create the autodiscover record. The autodiscover service first tries the https://1ask2.com/autodiscover/autodiscover.xml. If failed, it tries the https://autodiscover.1ask2.com/autodiscover/autodiscover.xml.

Mail.1ask2.com is for Internet use and External DNS will set it to a public IP address.
EXServer.1ask2.com is for internal use.

New-ClientAccessArray -Name EXServer -Fqdn Exserver.1ask2.com -Site Default-First-Site-Name

Set-MailboxDatabase -Identity vanarts -RpcClientAccessServer Exserver.1ask2.com

Outlook Anywhere

Enable-OutlookAnywhere –server EX2 –ExternalHostName 'mail.1ask2.com' –DefaultAuthenticationMethod 'ntlm' -SSLOffloading:$false
Enable-OutlookAnywhere –server FW  –ExternalHostName 'mail.1ask2.com' –DefaultAuthenticationMethod 'ntlm' -SSLOffloading:$false

cd $Exscripts
Get-MailboxServer Queen | .\new-TestCasConnectivityUser.ps1

Test-OutlookConnectivity -RpcProxyTestType:Internal -RpcTestType:Server

Turn off Windows Firewall and the test is a success.

Because NLB is configured, I want to use the cluster name as internal address.

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InternalUrl https://exserver.1ask2.com/owa -ExternalURL https://mail.1ask2.com/owa
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -InternalUrl https://exserver.1ask2.com/ecp -ExternalURL https://mail.1ask2.com/ecp
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl https://exserver.1ask2.com/EWS/Exchange.asmx -ExternalURL:https://mail.1ask2.com/EWS/EXchange.asmx
Get-oabvirtualDirectory | Set-OabVirtualDirectory -InternalUrl "https://exserver.1ask2.com/oab" -ExternalURL https://mail.1ask2.com/oab
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://exserver.1ask2.com/autodiscover/autodiscover.xml

If you mistype https://exserver.1ask2.com/autodiscover/autodiscover.xml, the outlook cannot download the offline address book.You can find the mistake by test-outlookconnectivity -protocol:tcp -verbose

Default offline address book generation schedule:

Get-OfflineAddressBook | fl IDENTITY,schedule

Identity : \Default Offline Address Book
Schedule : {Sun.5:00 AM-Sun.5:15 AM, Mon.5:00 AM-Mon.5:15 AM, Tue.5:00 AM-Tue.5:15 AM, Wed.5:00 AM-Wed.5:15 AM, Thu.5:0
0 AM-Thu.5:15 AM, Fri.5:00 AM-Fri.5:15 AM, Sat.5:00 AM-Sat.5:15 AM}

Associating the Default Offline Address Book to the vanarts database

Set-MailboxDatabase -Identity Vanarts -OfflineAddressBook '\Default Offline Address Book'

To force the generation of offline address book

Update-OfflineAddressBook -Identity "\Default Offline Address Book"

Outlook fails to download the offline address book.

And the autoconfiguration test does not include the OAB URL. Why?

Reason:

Solution:

Get-OfflineAddressBook | Set-OfflineAddressBook -VirtualDirectories 'EX2\OAB (Default Web Site)','Fw\OAB (Default Web Site)'

Update-FileDistributionService -Identity "FW" -Type OAB
Update-FileDistributionService -Identity "EX2" -Type OAB

Both FW and EX2 are CAS servers.

Set-OfflineAddressBook -Identity "\Default Offline Address Book" -VirtualDirectories 'FW\OAB (Default Web Site) ','Ex2\OAB (Default Web Site)'

To allow the clients to download the updated version, you have to force CAS servers to poll for the updates without waiting for the set poll interval to elapse;

Mailbox Server:

Client Access Server:

Even though mailbox server has populated its ExchangeOAB folder, the OAB of Client Access Server is still empty until the next polling interval kicks in.

Because Outlook Clients download the OAB from client access server, we can can force the selected CAS servers to poll for updates without wainting for the set poll interval to elapse.

Update-FileDistributionService -Identity "FW" -Type OAB
Update-FileDistributionService -Identity "EX2" -Type OAB

Outlook clients can download the updated address book.

Customizing OABs

new-mailboxdatabase -Server 'queen' -Name 'Telus'
new-mailboxdatabase -Server 'queen' -Name 'Shaw'

Mount-Database Telus
Mount-Database Shaw

New-MoveRequest -Identity James -TargetDatabase Telus
New-MoveRequest -Identity Tonny -TargetDatabase Telus
New-MoveRequest -Identity Jeff -TargetDatabase Shaw
New-MoveRequest -Identity Peter -TargetDatabase Shaw

Get-MoveRequest -MoveStatus 'completed' | Remove-MoveRequest -Confirm:$false

Active Directory Module for Windows PowerShell

Set-ADUser James -Company Telus
Set-ADUser Tonny -Company Telus
Set-ADUser Jeff -Company Shaw
Set-ADUser Peter -Company Shaw

EMS

Customizing Offline Address List

new-AddressList -Name 'Telus List' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'Telus' -Container '\'
new-AddressList -Name 'Shaw List' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'Shaw' -Container '\'

update-AddressList -Identity '\Telus List'
update-AddressList -Identity '\Shaw List'

$a=Get-AddressList 'Telus List'
get-recipient -RecipientPreviewFilter $a.RecipientFilter

$b=Get-AddressList 'Shaw List'
Get-Recipient -RecipientPreviewFilter $b.RecipientFilter

new-OfflineAddressBook -Name 'Telus OAB' -Server 'queen' -AddressLists '\Telus List' -VirtualDirectories 'EX2\OAB (Default Web Site)','FW\OAB (Default Web Site)'
new-OfflineAddressBook -Name 'Shaw OAB' -Server 'Queen' -AddressLists '\Shaw List' -VirtualDirectories 'EX2\OAB (Default Web Site)' ,'FW\OAB (Default Web Site)'

Update-OfflineAddressBook 'Telus OAB'
Update-OfflineAddressBook 'Shaw OAB'

Get-OfflineAddressBook | fl name,guid

Name : Default Offline Address Book
Guid : dd8dccae-0ce6-430a-bf9c-0b879aee6612

Name : Telus OAB
Guid : 71b3edef-467a-48ff-bdf9-a22b5244d9e3

Name : Shaw OAB
Guid : 74edf1bc-b25b-472a-b131-6a4d714c5150

You can see the list of files generated on queen computer.

Without waiting for the polling interval elapse at both FW and EX2 client access servers, to forcefully distribute the OABs:

Update-FileDistributionService -Identity "FW" -Type OAB
Update-FileDistributionService -Identity "Ex2" -Type OAB

If there is no LZX files created, you need to create it again.

set-mailboxdatabase 'Telus' -OfflineAddressBook 'Telus OAB'
set-mailboxdatabase 'Shaw' -OfflineAddressBook 'Shaw OAB'

Test:

Even though the customized address lists are created, the users can still access the default GAL when they work online.

You can make the changes to Active Directory to block access to the default address lists. It's better that you don't do it. It renders many errors, such as address book is not open at all. OWA does not work either.

To assign individual mailbox to use the OAB:

set-mailbox -Identity James -OfflineAddressBook 'Telus OAB'
Set-Mailbox -Identity Telus2 -OfflineAddressBook 'Telus OAB'

I have to restart the Client Access Servers (FW and EX2) to make the customized OAB work.

Don't remove the "default global address list"

Customizing Global Address List

Users from Shaw can only see the list of Shaw and Users from Telus can only see the list of Telus. All other users can see all of them.

New-GlobalAddressList -Name "Global Telus" -IncludedRecipients "AllRecipients" -conditionalCompany "Telus"
New-GlobalAddressList -Name "Global Shaw" -IncludedRecipients "AllRecipients" -ConditionalCompany "Shaw"

Update-GlobalAddressList "Global Telus"
Update-GlobalAddressList "Global Shaw"

$global=get-globalAddresslist "Global Telus"
Get-Recipient -RecipientPreviewFilter $global.RecipientFilter

$global=get-globalAddresslist "Global Shaw"
Get-Recipient -RecipientPreviewFilter $global.RecipientFilter

Active Directory Module for Windows PowerShell

New-ADGroup -Name NoDefault -GroupScope:Universal
New-ADGroup -Name Shaw -GroupScope:Universal
New-ADGroup -Name Telus -GroupScope:Universal

Add-ADGroupMember -Identity 'NoDefault' -Members 'Shaw','Telus'

ADSIEDIT.msc

Global Shaw

Global Telus

Don't forget to deny the "NoDefault" group:READ on "All Address Lists"

Outlook client: Peter can only see the Shaw List and Global Shaw.

From OWA, peter can only see Global Shaw.

The "Global Address List" points to "Global Shaw" for mailbox Peter.

However, the Shaw List (OAB) does not include the Newman mailbox until it is updated at next interval.