How to hide users from the Office 365 GAL when the user is synced from on-prem AD

Spread the love

If this was a cloud only user then its really simple. You just go to exchange admin center select the user and tick or untick the option.

Or you can run the below PowerShell command.

Set-Mailbox -Identity user@domain.com -HiddenFromAddressListsEnabled $true

But things get different when its comes change the above when the user is synced from the onprem Active Directory.

So what’s the attribute we have onprem to change this value

msExchHideFromAddressLists

If its just a matter of setting it true or false why we discuss this as so complicated?

It becomes complicated when you cant find the attribute msExchHideFromAddressLists because this is a exchange attribute. if you don’t have an exchange server you wont find this attribute.

Now what? 😮

We need to use some other un-used attribute from the onprem and match it with the cloud attribute HiddenFromAddressListsEnabled. Lets see how to do it.

We need to make some sync rules to do this. Lets open azure AD connect Synchronization service manager and go to connectors tab.

Select your verified domain and click on properties.

Then click on “Select Attribute”

From the top right click Show all and scroll down to find the list of attributes named “msDS-cloudExtensionAttribute” This will be listed from 1 to 20 and in our case will select attribute 1.

Now lets create a sync rule using the “Synchronization Rule Editor”

You will need it to “Run as Administrator”

Click on Add new Rule. Fill the list as below.

Click next and skip “Scoping Filter” and “Join Rules” and stop at “Transformations” for the remaining config.

Click add transformation and fill it as below.

For the source field enter the below. 
IIF(IsPresent([msDS-cloudExtensionAttribute1]),IIF([msDS-cloudExtensionAttribute1]="HideFromGAL",True,False),NULL)

Then click on Add rule. This will require a full sync. so lets run,
Start-ADSyncSyncCycle -PolicyType initial