How to hide users from the Lync Address Book

This has come up a few times in different engagements in the past, and I decided it would be worth publishing some guidance around how to set this up.

Why would I want to hide users?

Perhaps you have members of the organisation that you don’t want contacted by everybody else. Say if you have a strict communications policy that the CEO shouldn’t be directly contactable, you could hide them from appearing in the address book.

Another example is if you have resource accounts setup that are enabled for Lync whose purposes is for only making calls, there’s no need for these to be discoverable in the address book. Or perhaps you don’t want them searchable because they are private numbers or are in private areas, you would hide these from the Lync Address Book.

How it’s done

First, on one of your Lync Front End servers, install the Lync Server 2010 Resource Kit. You can download it here.

Next, on the server using Windows Explorer, browse to C:\Program Files\Microsoft Lync Server 2010\ResKit and double click the application named ABSConfig. You’ll be presented with the UI below.

Lync ABS Configuration Tool

Firstly, you’ll see a list of AD Attribute Names. To achieve this, we need to create a new one and specify the AD Attribute we want to use to filter accounts. Here I’ve specified the AD Attribute comment, but you can use whatever takes your fancy.

Next, you need to specify where it says Which users do you want to include in the ABS files? whether you want to:

  1. Only include users that have a value for the AD attribute you specify or;
  2. Exclude all users who have a value for the AD attribute you specify.

For this blog post, we’re going to select Exclude all users who have a value for this AD attribute. In the field next to this, we’re going to type the name of the AD attribute (comment) that we specified above. In each user account we want to hide, we will use this AD attribute to populate with a data value.

Once you’re done, hit Apply changes and you’re good to go. Changes will take affect next time the Address Book processes do their thing (by default, this happens at 1:30am each night).

Now, whenever the Lync User Replicator process sees a user with a value for the attribute you specified, it will exclude it from the Address Book and that user will not appear when you search for them in the Lync client.

22 thoughts on “How to hide users from the Lync Address Book

  1. Pingback: How to hide users from the Lync Address Book | Justin Morris on UC « JC’s Blog-O-Gibberish

  2. Pingback: Como “esconder” usuários do Lync Address Book (LAB) « Rodrigo Rodrigues .:. www.andersonpatricio.org

  3. Craig Rudko

    I followed your directions but still do not see my new attribute listed in AD. Where do I make the actual change to the user profile to remove them from the address book in Lync?? thanks

    Reply
  4. Craig Rudko

    ok-I am in the ADSIEdit but don’t know what class to choose. thanks in advance for your help. I used the word hide for as my attribute name in AD.

    Reply
  5. D Blaylock

    Does anyone know of a way to restrict visibility by OU? Essentially, what I’m trying to do is keep users from doing a lookup on anyone in another Organizational Unit.

    Reply
  6. Kelvin Teang

    Is it possible to configure such as
    1. Child1 doesn’t see certain group of users in Child2.
    2. Child2 sees all users (Child1&Child2 include those group that hidden for Child2)
    Note:
    a. root and multiple child domain
    b. Child1 domain is using OCS2007R2 whereas child2 domain is using Lynce.

    Reply
  7. Kelvin Teang

    Perhaps create 2 different location for ABS
    1. \\ocs\ABS – for ocs users
    2. \\Lync\ABS – for Lync users

    Reply
  8. Lorna

    I am trying to use the AD Attribute (it already exists in AD) of msExchHomeServer to filter that db since disabled users lose the value in this field. But I am getting an error when I go to apply the filter.

    ee the end of this message for details on invoking
    just-in-time (JIT) debugging instead of this dialog box.

    ************** Exception Text **************
    System.IndexOutOfRangeException: Index was outside the bounds of the array.
    at ABSConfig.MainForm.UpdateOccurances(String name)
    at ABSConfig.MainForm.ValidateAttrConfig(String filterValue, String adAttrName)
    at ABSConfig.MainForm.Save_Click(Object sender, EventArgs e)
    at System.Windows.Forms.Control.OnClick(EventArgs e)
    at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)

    Sorry, that is not the whole message, but didn’t want to paste to much. I’ve just been cancelling but should I continue?

    Reply
    1. Sean Dawson

      Hi Lorna, I am getting the same error when saving the changes. Did you find out what the issue was?

      Reply
  9. Rico Roy

    Any update to this blog? I am getting the same error and something appears to be missing in the documentation.

    Reply
  10. Mike Koch

    We recently populated phone numbers for users in a child domain, and now they’re being included in the Lync address book (they show up in searches). I want to exclude all users in the child domain, so I used AbsConfig to include only users that have a value in the msRTCSIP-PrimaryUserAddress attribute, but that seems to have no effect. This is a Lync 2010 environment. Is there any way to exclude everyone from the child domain?

    Reply
  11. Pingback: Disabled (AD) users still searchable in Lync/SfB – A random blog from a sysadmin

  12. Mark

    Thanks for the article. seems I am bit late here. My query is if we hide this user using ABSConfig. Then can anyone still search him using his SIP address and chat? Or no one can search him at all?

    Reply

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.