question

KeithHampshire-3198 avatar image
0 Votes"
KeithHampshire-3198 asked AndrewDubry-8581 commented

Remove a user from the Global Address List?

We are using Office365 Exchange for our email service. We also have a one way Azure AD sync going from on-prem to the cloud.

I would like to remove disabled users from the GAL, but I'm receiving error messages stating I need to do this from the on-prem location. Nothing in 365 admin center will allow me to do this.

We do not have exchange on-prem.

How can I force the user to NOT show up in the GAL?

125162-image.png

125070-image.png


office-exchange-server-administrationoffice-exchange-online-itpro
image.png (17.2 KiB)
image.png (26.6 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @KeithHampshire-3198,

The error message indicates that the mailbox was synced from the on-prem environment so by design it can only be managed using the on-prem tools.

Considering that you do not have an on-prem Exchange server, if you only want to hide the mailbox from the GAL, agree with Andy that you can set the msExchHideFromAddressLists attribute to TRUE in AD using tools like ADUC.

Here's a similar thread which also mentions about setting the object's attribute MSExchHideFromAddressLists to TRUE in your local AD:
Problems hiding users when using Office 365 and AD Sync


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

Hi @KeithHampshire-3198

It's been a few days and I am writing to see if you have managed to remove the user from GAL. Should you need any further help on this issue, feel free to post back.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

1 Answer

AndyDavid avatar image
1 Vote"
AndyDavid answered AndrewDubry-8581 commented

Create an OU or use an existing OU on-prem and exclude that from the AADConnect Sync.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#organizational-unitbased-filtering

Then move the AD account associated with those mailboxes to that OU and they will be removed from Azure ( remove any licenses first)

I assume you dont just want to hide them from the GAL. If so:
then you will need to set :
msExchHideFromAddressLists
to TRUE in AD for each account.

Then it will sync and hide the user from JUST the Address Lists but not removed from Azure....

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am just trying to hide the user from the GAL, and I've set the msExchHideFromAddressLists to TRUE, but even days later, they can still be found in the GAL by searching for their name.

Except in ONE case. Not sure why, but doing this worked for 1 person, and I can't find them in the GAL, but on the other 5 or 6 people I've tried the same exact thing, they still show up in the GAL 5+ days later. I'm using c# to update the Active Directory records to do this, and verifying it's working by having someone look in the AD GUI to verify my change occurred.

I will check on that other thread that YukiSun-MSFT linked to to see if there more I have to do besides just setting that to TRUE in order to hide them. thanks!

0 Votes 0 ·
AELCC-6115 avatar image AELCC-6115 AndrewDubry-8581 ·

Also experiencing the problem as AndrewDubry-8581 describes it. I know I had made this change in the past and it was successful.

0 Votes 0 ·

I forgot that I solved this. I had to also set mailNickname to their samaccountname value and THEN set the msExchHideFromAddressLists to TRUE and then it made them disappear within about 1 hour. So I went thru a loop and made thru every user had their mailNickname set to their samaccountname and then went thru and hide all the terminated employees. It worked about 99% of the time, heh. 3 out of about 120 people are still sticking around though for an unknown reason, but otherwise it worked pretty well.

1 Vote 1 ·