Yes, Address List Segregation, it is time to talk about it. In Exchange Server 2007, Address List Segregation is really the heart of Hosted Exchange. If we do the address list segregation correctly, then the client should not be able to see another tenant and each tenant will sort of have their very own virtual organization in the same Exchange environment.
Microsoft provides a white paper on how to do Address List Segregation, http://technet.microsoft.com/en-us/library/bb936719(EXCHG.80).aspx. This white paper however isn't meant for Hosters. Hosters or those who wish to provide commercial hosting, HMC is the solution. HMC follows the very similar concept but went sightly further with transport agent and etc. I have also written a blog on this in the past, http://blogs.technet.com/b/provtest/archive/2008/12/10/hmc-4-5-and-exchange-2007-sp1-part-2.aspx.
Exchange Server 2007 wasn't designed for hosting deployment out of the box, to achieve address list segregation, there are quite a few things needed to be tweaked. Sometimes, some of those changes cause confusions because there were not a lot of documentations and explanations.
Fortunately, Exchange Server 2010 SP1 really makes things simpler. The truth is that, most of those tweakings in Exchange Server 2007 are required because of a single Exchange configuration container and that Exchange server really only recognized one Address List container. In Exchange Server 2010 SP1, this is no longer the case. Each tenant has their own configuration container and their own address list container. The CAS also become smarter as it knows where to scope the connection to when Outlook or OWA connects to it based on authentication. So, really, there isn't much to talk about.
When you create a tenant organization in Exchange Server 2010 SP1, it wil create (assuming that the default service plan includes all the features),
(1) Default Global Address List
Every tenant organization will have their own Default Global Address List. Phew... remember those days where we have to harden the Default GAL to avoid security issue? Not needed any more. Here is a screenshot of the Global Address List I created for the organization, AlpineSkiHouse. You can see that the filter doesn't even need to include anything specific to the organization itself.
(2) Address Lists
It create 5 different address lists.. Remember in the past in HMC, we have to remove these address lists? Well, now Outlook connection to a tenant organization in Exchange Server 2010 SP1 really looks like it is connecting to an enterprise Exchange environment. You will have all the address lists. Note, there is also an Offline Global Address List, this address list is used for the Offline Address Book.
(3) Offline Address Book
And lastly, the Offline Address Book. One interesting thing to note is that the offline address book generation schedule. Part of the New-Organization algorithm is to randomly generate a time schedule for each of the Offline Address Book so that we don't get all the OABs generate at the same time.
There you go, simple and nice now.
Oh, you should also know that there is a new cmdlet calledEnable-AddressListPaging. This cmdlet is called when we create the new organization. This cmdlet enable Active Directory virtual list view for address lists. Virtual list view allows you to display the address lists in the organization as page instead of loading and viewing the entire directory. This is actually quite essential for scalability purpose.