How to hide users in GAL

Jon L 0 Reputation points
2024-04-26T16:46:02.69+00:00

Hi!

I am scratching my head on this after looking at several posts..

Issue: We have leavers which we disable, remove licenses, convert mailboxes to shared ones and so on. We also moved the users to a non-synchronized OU in AD. However, they still reflect in GAL.

Other than deleting the users in AD; currently can't go that route, is there anything we might be missing. Please advise.

Thanks,

Jon

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,994 questions
Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
4,945 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 142.7K Reputation points MVP
    2024-04-26T20:03:50.0233333+00:00

    They shouldnt be in the Exchange Online GAL if they are moved to an OU not synced to Azure.

    Do you see these accounts in the Outlook web client? Can you confirm they are not in Azure?


  2. Alexander Miller 0 Reputation points
    2024-04-27T01:31:49.27+00:00

    if you are actually removing a user from a syncing ou in AD it will delete the user to the o365 deleted users.

    are you sure you are not checking the online vs offline global address list?

    if the user still shows synced in o365 then they are still in a syncing ou.

    There are 2 options.

    the harder option is preparing your ad schema for exchange so that you can hide the mailboxes via an ad attribute. I do not recommend this way.

    the better option is to create a custom sync rule in microsft entra rules editor from your current ad sync server.

    you can map an existing ad attribute to the msexchhidefromaddresslist mailbox attribute in o365.

    here is a link to a simple step by step guide that is non invasive.

    http://www.uclabs.blog/2023/06/how-to-hide-users-from-gal-if-they-are.html?m=1

    it works great all you have to do moving forward is modify the  msDS-cloudExtensionAttribute1

    when your users are terminated and they will hide from the GAL.

    Cheers!

    0 comments No comments