This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 99%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Our company has an hybrid environment server that runs Active Directory on a Windows server, and also is currently syncing and running with Exchange and Azure AD. Both are syncing in a way that if one user's password is reset in one, the other will be updated in a few minutes.
I've been trying to create a powershell or command prompt code that allows me to find any users that are disabled in AD, either a single user or an array of users, and every single user or users disabled will have their Global Address List turned off, or hidden from said list. We want to make this the default option for other companies and clients who has the same hybrid system.
I tried to run the commands or use the set up to run a command on Powershell and CMD but my problem ends up being that whenever I am trying to find the Active Directory Atribute or Property msExchHideFromAddressLists and I keep getting an error that the property is invalid, or that it doesn't exist, and yet it shows if I run a command like this:
$groupname = "Domain Users"
$users = Get-ADGroupMember -Identity $groupname | Where-Object {$_.objectclass -eq "user"}
foreach ($activeusers in $users) {
Get-ADUser -Identity $activeusers | Where-Object {$_.enabled -eq $false} | Select-Object Name, SamAccountName, UserPrincipalName, Enabled, msExchHideFromAddressLists
}
Where the property shows {} but nothing else, is there something I am missing or do I need to activate something here in order to make it work?
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 18%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
If the answer is any of help to you, please click on ACCEPT ANSWER as it could help other members of the Microsoft Q&A community who have similar questions to reference. It will also help the community grow to help you better in the future!
Thanks for your understanding.
Hi @Jesús Valencia,
Thank you for posting to Microsoft Community.
Based on your description, I understand there are some concerns about msExchHideFromAddressLists attribute.
However, I have the following about the attribute to share with you.
If these objects were on-premises and then migrated to Exchange Online, then the change should occur on-premises. And if you are using Azure AD Connect, you should modify the msExchHideFromAddressLists attribute on your internal Active Directory. You need to use on-premises Exchange server to extend your AD schema. To manage the mail related attributes from on-premises AD with directory synchronization without an on-premises Exchange is not officially supported.
Sometimes the msExchangeHideFromAddressLists attribute on the on-premises AD won't sync to the AAD account unless you have the mailNickname attribute set as well. Please set mailNickname to match the username portion of their email address. You could refer to Changes to msExchangeHiddenFromAddressList not updated - Exchange | Microsoft Learn for more information.
Also, please try Get-ADObject to get the msExchangeHideFromAddressLists attribute as below. Get-ADObject is a bit more specific in what you give it as an identity, so pipe the results of Get-ADUser into Get-ADObject to check what attributes are showing.
Get-ADUser username | Get-ADObject -properties *
Hope it helps, if there is anything else you need help with, please let me know.
Just checking in to see if above information was helpful.
If the issue has been resolved, please mark the helpful replies as answers.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
You should be using the Exchange mgmt tools to set this
Find the disabled users and then set with Exchange powershell
I dont think msExchHideFromAddressLists is populated in AD unless its set to $true already
Example:
Set-Mailbox -Identity <user> -HiddenFromAddressListsEnabled:$true