Home > Exchange 2010, Microsoft, Office 365 > Hide federated user from GAL on Office 365 with no Exchange server On-premises

Hide federated user from GAL on Office 365 with no Exchange server On-premises

January 26, 2012

While working on a clients environment a RFC came in to hide certain users from the Global Address List as they were no longer working for the company.
Which brings us to a minor set back within full cloud environments; since there was no local exchange server how do I change the attribute for hiding a user?

First thing I tried off the bat was since I do have an Exchange environment running, is add their Exchange Online environment into my management console.
Which works perfectly and if they weren’t federated users (dirsync running locally for SSO) I would not have had this error:















So this brings me to a challenge on how to solve this, which is actually quite simple, I’ll break it down into 8 simple steps for you:

1. Logon to a local DC and make sure you are an Enterprise & Schema Admin.
2. On the same server insert the Exchange 2010 CD (or download Exchange 2010 SP2 and unpack it).
3. Open up a CMD prompt and browse to the CD/SP2 directory.
4. Extend the schema by executing the following command: setup.exe /ps (if this is not sufficient you can also do “setup.exe /PrepareAD” and “setup.exe /pl“)
5. After this is done open up adsiedit.msc and connect to the “Default Nameing Context”
6. Drill down to the user that needs to be hidden and select properties.
7. Find the Attribute called “MsExchHideFromAddressLists” and set it to “TRUE” (if the Attribute is not there yet, wait a few minutes as it may still be being populated/synced over other DC’s)


















8. After the setting is made, connect to your dirsync server and start the DirSyncConfigShell.psc1 to force a manual sync by executing the command “Start-OnlineCoexistenceSync

After this you will find that the user is not longer visible in the GAL.

Good luck!

  1. SMFX
    April 26, 2012 at 4:07:50 PM

    Alternatively, if you have an Exchange environment locally, you can open up the Exchange Management Shell (EMS) (against your *On-Premise* Exchange not your Online), you can use the “Set-RemoteMailbox” command. For example:
    PS> Set-RemoteMailbox -Identity “MailboxToHide@domain.tld” -HiddenFromAddressListsEnabled

    That essentially sets the property as well.

  2. October 1, 2012 at 12:30:04 PM

    Add a conclusion: always keep your Onprem Schema up-to-date with the Online Schema when using SSO en DirSync. Keeps you out of trouble.

  1. No trackbacks yet.
Comments are closed.
%d bloggers like this: