This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
Few days ago I've discovered a problem with hiding email addresses in GAL. Problem was that parameter msExchHideFromAddressLists was set to TRUE but in Admin Center in M365 it didn't changed and users could see this email address in Outlook.
What I've discovered is rule in AAD Sync that states mailNickname must be ISNOTNULL.
After changing mailNickname of a user his address was hidden, so it's a success, but...
We've got three on-prem AD which are synced to the cloud and some users that were created a long ago have and some of them don't have mailNickname. How does this parameter work? When it's set in local AD automatically and when not?
Because from my understanding now I'd have to use PowerShell to set that parameter to users logon name.
Or can it be set to whatever, for example "123"?
For all users we use E3 and E5 Security licenses.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hi @ kd_gul ,
Just checking in to see how things are going on with this thread.
If Michev's reply was helpful, you can click the "Accept Answer" button under this post so that other's with similar question can benefit from this thread as well.
If you still have further questions or concerns, feel free to post back.
mailNickname, also known as Alias, should generally be set to the username part of the UPN (or sAMAccountName). You can set it to random value if you prefer, but that can create some confusion.
@Vasil Michev
Thank you for clear explanation, it really helps.
Last question - do you know is it possible to have that attribute set automatically when new account in AD is created via snap-in? Or it must be done manually?
Not without making changes to the AD schema, afaik. If you are provisioning user accounts via scripts or third-party tools, make it mandatory therein.
Exactly, we're using Power Automate, will make changes to provision this parameter automatically.
Thank you for your explanation.
Hi @ kd_gul ,
The mailNickname attribute is set automatically when a user is created in Active Directory, either through the Active Directory Users and Computers snap-in or through PowerShell cmdlets such as New-ADUser.
However, it can also be changed manually by using the Set-ADUser cmdlet or by editing the Attribute Editor tab in the user’s properties.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
@Aholic Liang-MSFT Not really. I've created user in AD snap-in and this attribute is not present. I've got like 50% users in AD w/o this parameter.
Ok, I've got that, but what does it really mean "it can create some confusion"?
Can you write some examples when this parameter is used?
Why would I need mailNickname attribute if I've got sAMAccountName with the same value?
Thank you for your help.
It's used by Exchange. It's basically one of the ways to identify an Exchange recipient, and Exchange enforces an uniqueness constraint on it (i.e. only one object within the directory can have said value).
That said, you can set the value to anything, as long as there are no conflicts. But since it's used as identifier in many of the Exchange admin tools, it's best to have the value matching the "user" part of the UPN. Much like it's best practice to have the primary SMTP address match the UPN... but no one is stopping you from setting a different value.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 34%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Users with a blank mailNickname will not be included in dynamic distribution groups. Some sync issue with Exchange online (from on-prem Exchange server in hybrid config).
Why does Microsoft use mailNickname for this syncing piece instead of SAMAccountName? Why is mailNickname blank sometimes?
It seems as long as it's not blank the sync will work. I see no reason to just set it to the user ID, or SAMAccountName. I am not aware of any other issues.
