Cannot hide user from Global address list.

Question

Cannot hide user from Global address list.

Jero Cheng 150

Hello

My Company using Exchange Online and On-Premise AD server,with Azure connect to sync the AD accounts.

I would like to hide some disable users from address list on Exchange online,but it show error below.

2023-10-12 17_02_37-Message trace - Exchange admin center — Mozilla Firefox

Also tired from Azure portal,user properties.

2023-10-12 17_18_57-User Details Panel - Microsoft 365 admin center — Mozilla Firefox

I understand that maybe I need to modify attribute in AD as below.

2023-10-12 17_06_00-Hippo - Remote Desktop Connection Manager v2.90 - Sysinternals_ www.sysinternals

Then I checked the "Directory extension attribute sunc" in Azure connect.

2023-10-06 10_44_27-Duck - Remote Desktop Connection Manager v2.90 - Sysinternals_ www.sysinternals.

And also check the rule as below.

2023-10-06 10_45_04-Duck - Remote Desktop Connection Manager v2.90 - Sysinternals_ www.sysinternals.

Then refresh connector schema.

2023-10-12 17_10_26-AADConnect and extending the on-prem AD schema - Blog — Mozilla Firefox

But the users still show in address list.

May I know what I missed or what I have to do further more?

Thanks

Accepted answer

1 additional answer

Your answer

Answer 1

Vasil Michev 119.5K MVP Volunteer Moderator

If the objects are synced from AD, you need to make the changes therein. For that, you need to have the on-premises AD schema extended with the Exchange attributes. This is different from configuring Directory extensions in AAD Connect, though judging by the screens above, you should be set on that front.

The last important bit is that the rule that syncs Exchange-related attributes between on-premises and Azure AD requires that the mailNickname/alias attribute be populated on the object. Without said attribute, the changes will not be synced, so make sure you have a non-null value for it. Refer to the official documentation for more info: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/concept-azure-ad-connect-sync-default-configuration

Exchange related attributes are only synchronized if the attribute mailNickName has a value.

Jero Cheng 150 Reputation points

2023-10-18T02:24:23.4766667+00:00

@Vasil Michev

Hello

Thanks for your info.

I added "Mailnickname" attribute to several users then the address hidden successfully.

To change the "mailnickname" attribute for large number of "disabled" user.May I know if the following Powershell script work?

Get-ADUser $leaver -filter * -searchbase “OU=Disabled User,DC=internal,DC=abc,DC=com” | Set-ADUser -replace @{mailnickname=$leaver}

Thanks
Vasil Michev 119.5K Reputation points MVP Volunteer Moderator

2023-10-18T05:10:31.8+00:00

Yes, something like this should do. If you already have the identity of the user stored in $leaver, no need to filter for it. And you might have to add -Properties mailnickname (or -Properties *).
Jero Cheng 150 Reputation points

2023-10-18T05:16:32.23+00:00

Thanks.Vasil.

Just tried to setup the "mailnickname" AD attribute for all used in "Disabled User" OU

But only about half of the users got hidden in GAL and the hide from address list "switch" on Exchange Online is checked.The remaining are still show in address list and the "switch" is still not checked .

The users are in same OU and "hidefromaddresslist=TRUE" ,"mailnickname" is not null.

Any idea of this?Its make me headache.
Vasil Michev 119.5K Reputation points MVP Volunteer Moderator

2023-10-18T07:44:16.0866667+00:00

Double-check the object properties on-prem, including msExchHideFromAddressLists, and make sure there are no sync errors. While you're at it, check the object properties in the metaverse: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/tshoot-connect-object-not-syncing#connector-space-object-properties

Answer 2

Anonymous

Hi partner,

Have you tried the PowerShell command?

More details: Hide Users From Global Address List (GAL)

(Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)

User's image

Regards

Shaofan

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Jero Cheng 150 Reputation points

2023-10-17T04:20:29.3733333+00:00

Hello

I tired the set-mailbox command but show following output.

Please advise.
Anonymous

2023-10-17T05:55:46.32+00:00

Hello @Jero Cheng

Depending on your error, I think you need to go to on-prem and re run it.(Exchange Management Shell)

Unable to unhide a user from the GAL

Also, you can take a look at this, although this is a distribution group, I think this should work as well.

https://learn.microsoft.com/en-us/exchange/troubleshoot/groups-and-distribution-lists/cannot-manage-dg

(Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)
Jero Cheng 150 Reputation points

2023-10-18T02:21:47.2933333+00:00

@Anonymous

Hello,The way mentioned in your link is work.But that is quite time consuming for a large nunber of users.

"we had put the user in an NON-sync OU, run delta sync, go into 365 > deleted users > restore user > open user in exchange (in the cloud) and I was finally able to uncheck the "Hide from GAL" and save it."

Share via

Cannot hide user from Global address list.

1 additional answer

Your answer