Automatic Global Address List to Mobile Phone Contact Sync
A customer recently asked Hunter Strategy consultants to provide a solution where all company contacts would be seamlessly synced to every end user’s company-provided mobile device. While contacts in the Global Address List (GAL) do sync to mobile phones, they do not show in the list organically unless a specific user is searched for. The primary goal of this implementation is to sync accounts in the GAL with an Office phone number to each user’s mailbox contacts ensuring they are easily available and visible at all times via their mobile phones.
This project provided value to the customer because they were able to ensure all employees would be seamlessly provided up to date contact information for others without requiring them to search the GAL.
The project demonstrates Hunter Strategy innovation because a solution like this was not readily available, and we were able to deliver one quickly with minimal effort.
How Does It Work?
To ensure this script can run reliably and at a regular cadence, it must run unattended and account for phone numbers changing over time.
To achieve this, the following topics will be addressed:
- Registering an application for the script to run unattended
- Setting up the environment
- Checking each user’s contact list for the given GAL contact to see if it already exists
- If yes, the script will ensure the phone number is correct in the user’s contact list
- If no, the script will create a new contact for the GAL contact
Register the Application
1. Navigate to the Azure AD portal at https://portal.azure.com/
2. Under Manage Azure Active Directory, click View.
3. On the Overview page, under Manage, click App registrations.
4. On the App registrations page, click New registration.
5. When the Register an application page is presented, configure the following settings:
— App Name Here: Enter something descriptive, such as “Contacts Sync.”
— Supported account types: Verify that Accounts in this organizational directory only is selected.
6. Click Register.
7. Leave the App registrations page open. It will be used it in the next step.
Required Permission
- On the left-hand navigation, click on API permissions
- Select Add a permission
- Under Microsoft APIs select Microsoft Graph
- Then select Application permissions
- In the Search Box, search for and add the following permissions:
- Contacts.ReadWrite
- Exchange.ManageAsApp
- MailboxSettings.ReadWrite
- OrgContacts.Read.All
- User.ReadWrite.All
An Admin will need to grant consent for the requested permissions.
Certificate Authentication
For this script certificate authentication will be used. Below is a quick walkthrough of the necessary steps but for a full reference, Microsoft outlines the steps to follow here: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-self-signed-certificate#option-2-create-and-export-your-public-certificate-with-its-private-key
1. Using an elevated permission PowerShell prompt, run the following command and leave the PowerShell console session open. Replace {certificateName} with the desired certificate name.
$certname = “{certificateName}”
$cert = New-SelfSignedCertificate -Subject “CN=$certname” -CertStoreLocation “Cert:\CurrentUser\My” -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256
2. The $cert variable in the previous command stores the certificate in the current session and allows it to be exported. The command below exports the certificate in .cer format. Specify the preferred location.
Export-Certificate -Cert $cert -FilePath “C:\{Specificy Export Location}\$certname.cer”
3. Still in the same session, create a password for the certificate private key and save it in a variable. In the following command, replace {myPassword} with the password that will be used to protect the certificate private key.
$mypwd = ConvertTo-SecureString -String “{myPassword}” -Force -AsPlainText
4. Now, using the password stored in the $mypwd variable, secure, and export the private key. Specify the preferred location.
Export-PfxCertificate -Cert $cert -FilePath “C:\{Specificy Export Location}\$certname.pfx” -Password $mypwd
Prerequisites
The following modules are required to be installed for the script to run:
- Exchange Online PowerShell Module
- Microsoft Graph PowerShell SDK
Exchange Online PowerShell Module
In an elevated PowerShell window, install the Exchange Online PowerShell V2 (EXO V2) module by running the following command:
Install-Module -Name ExchangeOnlineManagement
Full reference here: About the Exchange Online PowerShell V2 module | Microsoft Docs
Microsoft Graph PowerShell SDK
In the same PowerShell window, run the following command to install the software development kit (SDK) in PowerShell Core or Windows PowerShell.
Install-Module Microsoft.Graph -Scope CurrentUser
Full reference here: Install a Microsoft Graph SDK — Microsoft Graph | Microsoft Docs
Script Variables
$Organization = “contoso.onmicrosoft.com”
$AppId = “1111111–1111–1111–1111–1111111111”
$Tenantid = “1111111–1111–1111–1111–1111111111””
$Thumbprint = “123456789abcdefghijklmnopqrstuvwxyz”
After the application has been created in the previous steps, the required variables must be updated in the script before running.
Script Download
The links below will take you to the Hunter Strategy GitHub where the scripts can be downloaded. You will find two versions, one for commercial Office 365 Tenants and then another for GCC High Tenants.
Commercial: Commercial GAL to Contacts Sync Script
GCC High: GCC High GAL to Contacts Sync Script
Overall, this was fun project to work on and we are excited to share with you how we went about solving it. If your business needs help solving cloud problems, or if you are interested in learning more about what Hunter Strategy can do for you click the link below!
Contact Us
