Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, March 3, 2015 7:30 PM
I have updated the local settings for these users to set the hidefromaddressbook value to TRUE. I have forced a sync, but still these users show up in the GAL.
I tried to do the same setting from the powershell connected to O365, Exchange and got an error stating this needs to be changed at the local level.
We are a Hybrid AD environment that syncs the Local AD users with O365.
does it make a difference if these users have Shared mailboxes? If so how do I go about hiding these shared mailboxes from the GAL? The hidefromaddressbook as TRUE is not removing them, so I am guessing something in the fact they are Shared mailboxes is preventing them from not being shown in the GAL?
They reason they are shared mailboxes is they are ex-employees, but because of litigation we can not remove them, so they where moved to shared mailboxes so as to not have to use a license for them.
Any thoughts on how to get these mailboxes to not be shown in the GAL?
Thank you.
Curt Winter
Certified Microsoft Professional
All replies (14)
Wednesday, March 4, 2015 9:37 AM âś…Answered
Try this:
https://virtualizingit.wordpress.com/2014/06/11/office-365-hide-from-address-lists-gal/
Friday, January 8, 2016 6:28 PM
Hi,
Did you get this resolved? We are in the hybrid environment too and running into the same situation. These "synced" shared mailboxes were ex-workers' but need to be hidden from GAL.
I get the error that I can't do it in O365 because it is synced from on-premises. Of course, we can't do it either on-premises because the mailbox is in O365. It is a dilemma situation. (The link below is just for the "in cloud" mailbox, not for "synced" mailbox)
PS C:\ Set-Mailbox -Identity deantestz0 -HiddenFromAddressListsEnabled $true
The operation on mailbox "deantestz0" failed because it's out of the current user's write scope. The action
'Set-Mailbox', 'HiddenFromAddressListsEnabled', can't be performed on the object 'deantestz0' because the object is
being synchronized from your on-premises organization. This action should be performed on the object in your
on-premises organization.
+ CategoryInfo : InvalidOperation: (deantestz0:ADObjectId) [Set-Mailbox], InvalidOperationException
+ FullyQualifiedErrorId : [Server=BY2PR03MB125,RequestId=f0e575f1-9283-4d98-bd67-9f59d42a0757,TimeStamp=1/8/2016 6
:12:57 PM] [FailureCategory=Cmdlet-InvalidOperationException] 2B7535FE,Microsoft.Exchange.Management.RecipientTask
s.SetMailbox
+ PSComputerName : outlook.office365.com
If you know the way to do it, please let me know.
Thanks
Dean
Dean Chen
Thursday, September 15, 2016 3:27 PM
We are doing the exact same thing. Converting an old users mailbox to a shared mailbox but need to hide it from the address list. Did you find a solution?
Troy Ryan
Friday, September 16, 2016 8:50 AM | 1 vote
I have the same problem. Maybe we need to first hide the mailbox from address list using the msExchHideFromAddressLists attribute and only when it is synchronized to O365 convert it to shared maibox?
Friday, September 16, 2016 3:41 PM
I think that will work. After the sync, you should see hide from GAL is checked in O365.
Dean Chen
Wednesday, October 5, 2016 7:30 PM
I've actually just worked through this issue, both with Microsoft and then on my own. Ultimately this issue was escalated through the ranks of Microsoft, after which time (and only after spinning up a lab) did they confirm the fact that 365 won't take the AD attribute changes and put them into production unless the mailbox is licensed.
I've confirmed that only mailboxes that are licensed can be hidden when they are synced on-premise.
So my next question to Microsoft was whether or not re-licensing all of these accounts so that they could be hidden would blown away the litigation hold. I was told it would not. I went as far as to say that if the hold was for a year, and we re-licensed them 11 months after they were disabled, would that purge all but a year in the hold....but I was told that it would not, and that the hold stayed in place in their lab.
Hope this helps.
Friday, October 7, 2016 2:33 PM
We are a Hybrid AD environment that syncs the Local AD users with O365 and we have the same situation.
I've converted the user to a shared mailbox and disabled the user en set the msExchHideFromAddressLists on TRUE. After a month I the user was still in the GAL and then started the search to remove the user from GAL.
When we tried to hide the shared mailbox with powershell:
PS C:\Windows\system32> Set-Mailbox -Identity [email protected] -HiddenFromAddressListsEnabled $true
The operation on mailbox "ND" failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'HiddenFromAddressListsEnabled', can't be performed on the object 'ND' because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.
- CategoryInfo : InvalidOperation: (ND:ADObjectId) [Set-Mailbox],InvalidOperationException
- FullyQualifiedErrorId : [Server=DB6PR0701MB2440,RequestId=6f20430c-71c7-4e74-840d-5ba0811e6008,TimeStamp=7-10-2016 11:36:02] [FailureCategory=Cmdlet-InvalidOperationException] 499EAF85,Microsoft.Exchange.Management.RecipientTasks.SetMailbox
- PSComputerName : ps.outlook.com
Now i'ved edited AD in Attribute Editor and changed msExchHideFromAddressLists together with the field Office: in tab General so I could see when the sync was ready. I was not able to hide the address in the GAL.
When you try to edit the user in O365 console you get the message: The operation on mailbox "ND" failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'HiddenFromAddressListsEnabled', can't be performed on the object 'ND' because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.
Even assigned a Office licence to the user but still no hope. The users mailbox stays visible.
Is there an a solution on this issue (other than wait for a year)
Friday, November 4, 2016 12:54 PM
The only thing that works for me is to delete the AD account after performing all of the steps that everyone else is using. A bit "scorched earth" but it works. I usually wait 60 - 90 days before doing this.
Friday, January 13, 2017 4:27 PM
In AD Users and Computers - move the user into an OU that isn't synchronized with Office 365.
Tuesday, September 19, 2017 3:32 PM | 5 votes
Set the mailNickname attribute in the Properties, Attibute Editor tab. This worked for me, hope it help someone else.
Wednesday, December 20, 2017 10:02 AM
For single user:
Set-RemoteMailbox -Identity [email protected] -HiddenFromAddressListsEnabled $true
.
For bulk...
Check if they are hidden via O365 powershell:
Import-CSV "hidden_list.csv" | % {
Get-Mailbox -Identity $_.EmailAddress | Where {$_.HiddenFromAddressListsEnabled -eq $False} | select UserPrincipalName, HiddenFromAddressListsEnabled
} | export-csv not_hidden.csv
.
Hide a remote (365) mailbox from the GAL via EMC on prem:
Import-CSV "not_hidden.csv" | % {
Set-RemoteMailbox -Identity $_.EmailAddress -HiddenFromAddressListsEnabled $true
}
.
(where EmailAddress is the column name in the CSV)
Friday, January 26, 2018 9:05 PM
Thank you so much for sharing this information. This worked and solved a real nuisance.
Friday, February 9, 2018 4:25 PM
This helped, thanks.
Friday, April 6, 2018 4:12 PM
Thank You! I was searching forever to figure this out. about a third of my mailboxes would not sync the msExchHideFromAddressLists setting until I also set the mailNickname.