Mail-enabled security group isn't hidden from GAL after directory synchronization in a hybrid deployment
Original KB number: 3205648
Problem
You have an Exchange Online hybrid deployment. You want to hide a mail-enabled security group that was created in the on-premises Active Directory so that it's not available to Microsoft 365 users. However, after a directory synchronization, the security group is listed in the global address list (GAL) and visible to Microsoft 365 users.
Cause
This problem occurs because the msExchHideFromAddressLists attribute of the security group is not set.
Solution
To resolve this problem, follow these steps:
Set the
msExchHideFromAddressListsattribute of the security group to True. To do this, follow these steps:- Open Active Directory Users and Computers.
- Locate and then right-click the group object, select Properties, and then select the Attribute Editor tab.
- Locate the
msExchHideFromAddressListsattribute, click Edit, and then change the value from <Not set> to True.
Wait for directory synchronization to occur. Or, force directory synchronization.
More information
Still need help? Go to Microsoft Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for