Azure AD Connect group writeback and msExchnHideFromAddressLists

Alexander 266 Reputation points

I have exact same issue like in this msdn article


Azure AD Connect group writeback and msExchnHideFromAddressLists RRS feed
Archived Forums > Azure Active Directory
Sign in to vote
Sign in to vote
Latest version of AADC in use with group writeback enabled. After AADC creates the O365 Groups in AD, I run update-recipient on the group to give it mail attributes so it can be used by on-prem mail users.

I've created Office 365 Groups and hidden them from the GAL using set-unifiedgroup "group@keyman .com" -HiddenFromAddressListsEnabled $True and this works to hide the O365 Group from cloud mailboxes in O365

The problem is that on-prem mailboxes are still able to see the Office 365 Group in the GAL. If I modify the group in AD and set msExchHidefromAddressLists to TRUE than on-prem users no longer see the O365 Group in the GAL, BUT, on the next AADC Sync, the msExchHidefromAddressLists attribute is overwritten and set back to <not set>

In reviewing sync rules, the Inbound rule named "Out to AAD - Group SOAinAAD" does NOT include msExchHidefromAddressLists int he transformations, so this attribute is never getting into metaverse for any O365 Group objects. To try and address this issue I modified a custom version of this rule and added a transformationf or msExchHidefromAddressLists and did a full sync but this attribute never comes intot he Metaverse on O365 Group objects. I've tried a number of different ways to make this work but none do.

This seems like some kind of bug as there is an Outbound rule named "Out to AD - Group SOAinAAD" includes the msExchHidefromAddressLists attribute in it. This implies MSFT intends for this setting to push from AAD to AD, but since the Inbound rule doesn't have this attribute (nor can I get it to work by manually adding it), the "hide in GAL" setting of an O365 Group set in the cloud can never come down to AD.

Is there some way to resolve this so the msExchnHideFromAddressLists attribute can be sync'd in from Azure AD as part of group writeback?

Edited by HDClown Tuesday, October 30, 2018 4:52 PM

Does anyone have a solution meanwhile?

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,950 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,094 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Stephen Leuthold 1 Reputation point

    @Alexander it appears someone posted a solution. I haven't validated this myself yet, but may help!

    0 comments No comments