This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 41%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Hi!
I am scratching my head on this after looking at several posts..
Issue: We have leavers which we disable, remove licenses, convert mailboxes to shared ones and so on. We also moved the users to a non-synchronized OU in AD. However, they still reflect in GAL.
Other than deleting the users in AD; currently can't go that route, is there anything we might be missing. Please advise.
Thanks,
Jon
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 7.000000000000001%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
If they are on-prem accounts change the attribute msExchHideFromAddressLists to true. Here is a guide with step by step instructions.
https://activedirectorypro.com/hide-users-from-global-address-list-gal/
They shouldnt be in the Exchange Online GAL if they are moved to an OU not synced to Azure.
Do you see these accounts in the Outlook web client? Can you confirm they are not in Azure?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 11%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Hi @Jon L ,
It has been a while and I am writing to see how things are going on with this issue. If you have any further updates on this issue, please feel free to post back.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 25%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
if you are actually removing a user from a syncing ou in AD it will delete the user to the o365 deleted users.
are you sure you are not checking the online vs offline global address list?
if the user still shows synced in o365 then they are still in a syncing ou.
There are 2 options.
the harder option is preparing your ad schema for exchange so that you can hide the mailboxes via an ad attribute. I do not recommend this way.
the better option is to create a custom sync rule in microsft entra rules editor from your current ad sync server.
you can map an existing ad attribute to the msexchhidefromaddresslist mailbox attribute in o365.
here is a link to a simple step by step guide that is non invasive.
http://www.uclabs.blog/2023/06/how-to-hide-users-from-gal-if-they-are.html?m=1
it works great all you have to do moving forward is modify the msDS-cloudExtensionAttribute1
when your users are terminated and they will hide from the GAL.
Cheers!