Remove a user from the Global Address List?

Question

Remove a user from the Global Address List?

Keith Hampshire 96

We are using Office365 Exchange for our email service. We also have a one way Azure AD sync going from on-prem to the cloud.

I would like to remove disabled users from the GAL, but I'm receiving error messages stating I need to do this from the on-prem location. Nothing in 365 admin center will allow me to do this.

We do not have exchange on-prem.

How can I force the user to NOT show up in the GAL?

Yuki Sun-MSFT 41,376 Reputation points Moderator

2021-08-23T09:54:36.343+00:00

Hi @Keith Hampshire ,

The error message indicates that the mailbox was synced from the on-prem environment so by design it can only be managed using the on-prem tools.

Considering that you do not have an on-prem Exchange server, if you only want to hide the mailbox from the GAL, agree with Andy that you can set the msExchHideFromAddressLists attribute to TRUE in AD using tools like ADUC.

Here's a similar thread which also mentions about setting the object's attribute MSExchHideFromAddressLists to TRUE in your local AD:
Problems hiding users when using Office 365 and AD Sync

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Yuki Sun-MSFT 41,376 Reputation points Moderator

2021-08-27T01:39:22.843+00:00

Hi @Keith Hampshire ，

It's been a few days and I am writing to see if you have managed to remove the user from GAL. Should you need any further help on this issue, feel free to post back.

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 answer

Your answer

Yuki Sun-MSFT 41,376 Reputation points Moderator

2021-08-23T09:54:36.343+00:00

Hi @Keith Hampshire ,

The error message indicates that the mailbox was synced from the on-prem environment so by design it can only be managed using the on-prem tools.

Considering that you do not have an on-prem Exchange server, if you only want to hide the mailbox from the GAL, agree with Andy that you can set the msExchHideFromAddressLists attribute to TRUE in AD using tools like ADUC.

Here's a similar thread which also mentions about setting the object's attribute MSExchHideFromAddressLists to TRUE in your local AD:
Problems hiding users when using Office 365 and AD Sync

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Yuki Sun-MSFT 41,376 Reputation points Moderator

2021-08-27T01:39:22.843+00:00

Hi @Keith Hampshire ，

It's been a few days and I am writing to see if you have managed to remove the user from GAL. Should you need any further help on this issue, feel free to post back.

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 1

Andy David - MVP 157.4K MVP Volunteer Moderator

Create an OU or use an existing OU on-prem and exclude that from the AADConnect Sync.

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#organizational-unitbased-filtering

Then move the AD account associated with those mailboxes to that OU and they will be removed from Azure ( remove any licenses first)

I assume you dont just want to hide them from the GAL. If so:
then you will need to set :
msExchHideFromAddressLists
to TRUE in AD for each account.

Then it will sync and hide the user from JUST the Address Lists but not removed from Azure....

Andrew Dubry 16 Reputation points

2021-09-22T20:37:20.133+00:00

I am just trying to hide the user from the GAL, and I've set the msExchHideFromAddressLists to TRUE, but even days later, they can still be found in the GAL by searching for their name.

Except in ONE case. Not sure why, but doing this worked for 1 person, and I can't find them in the GAL, but on the other 5 or 6 people I've tried the same exact thing, they still show up in the GAL 5+ days later. I'm using c# to update the Active Directory records to do this, and verifying it's working by having someone look in the AD GUI to verify my change occurred.

I will check on that other thread that YukiSun-MSFT linked to to see if there more I have to do besides just setting that to TRUE in order to hide them. thanks!
AE-LCC 1 Reputation point

2021-09-30T21:53:32.33+00:00

Also experiencing the problem as AndrewDubry-8581 describes it. I know I had made this change in the past and it was successful.
Andrew Dubry 16 Reputation points

2021-09-30T22:55:08.433+00:00

I forgot that I solved this. I had to also set mailNickname to their samaccountname value and THEN set the msExchHideFromAddressLists to TRUE and then it made them disappear within about 1 hour. So I went thru a loop and made thru every user had their mailNickname set to their samaccountname and then went thru and hide all the terminated employees. It worked about 99% of the time, heh. 3 out of about 120 people are still sticking around though for an unknown reason, but otherwise it worked pretty well.
Jabulani Motloung 191 Reputation points

2021-12-15T08:45:52.24+00:00

Hi,

Also having this issue, I have set the mailNickname to their samaaccountname value and set msExchHideFromAddressLists value to True but this hasn't worked for me.

I don't want to remove the users from Azure but just hide the from the GAL.

Any work arounds here?
Andrew Dubry 16 Reputation points

2021-12-15T16:39:32.34+00:00

Not sure if this helps, but I remember running into a 'case' problem. My code looks like this:

// Remove from GAL. Value must be UPPERCASE.
aduser.updateProperty("msExchHideFromAddressLists", "TRUE", termedEmp);

Try uppercase? seems odd, but I must have written that comment for a reason, hehe.
Bryan Scott 6 Reputation points

2022-09-29T18:14:09.03+00:00

This was the solution for me. I had about 23 accounts to hide, and 8 of them were being stubborn. After checking all 8 accounts, none of them had mailNickname set, so I made it the same as the samAccountName, along with msExchHideFromAddressLists = True, synced to O365, and the names no longer appear. Thank you!

Share via

Remove a user from the Global Address List?

1 answer

Your answer