This has come up a few times in different engagements in the past, and I decided it would be worth publishing some guidance around how to set this up.
Why would I want to hide users?
Perhaps you have members of the organisation that you don’t want contacted by everybody else. Say if you have a strict communications policy that the CEO shouldn’t be directly contactable, you could hide them from appearing in the address book.
Another example is if you have resource accounts setup that are enabled for Lync whose purposes is for only making calls, there’s no need for these to be discoverable in the address book. Or perhaps you don’t want them searchable because they are private numbers or are in private areas, you would hide these from the Lync Address Book.
How it’s done
First, on one of your Lync Front End servers, install the Lync Server 2010 Resource Kit. You can download it here.
Next, on the server using Windows Explorer, browse to C:\Program Files\Microsoft Lync Server 2010\ResKit and double click the application named ABSConfig. You’ll be presented with the UI below.
Firstly, you’ll see a list of AD Attribute Names. To achieve this, we need to create a new one and specify the AD Attribute we want to use to filter accounts. Here I’ve specified the AD Attribute comment, but you can use whatever takes your fancy.
Next, you need to specify where it says Which users do you want to include in the ABS files? whether you want to:
- Only include users that have a value for the AD attribute you specify or;
- Exclude all users who have a value for the AD attribute you specify.
For this blog post, we’re going to select Exclude all users who have a value for this AD attribute. In the field next to this, we’re going to type the name of the AD attribute (comment) that we specified above. In each user account we want to hide, we will use this AD attribute to populate with a data value.
Once you’re done, hit Apply changes and you’re good to go. Changes will take affect next time the Address Book processes do their thing (by default, this happens at 1:30am each night).
Now, whenever the Lync User Replicator process sees a user with a value for the attribute you specified, it will exclude it from the Address Book and that user will not appear when you search for them in the Lync client.