SOLVED

Cannot uncheck "Hide from address list" for users

%3CLINGO-SUB%20id%3D%22lingo-sub-3025984%22%20slang%3D%22en-US%22%3ECannot%20uncheck%20%22Hide%20from%20address%20list%22%20for%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3025984%22%20slang%3D%22en-US%22%3E%3CP%3EHi.%20Recently%20an%20employee%20who%20has%20left%20before%20has%20returned%20to%20the%20company%20and%20we'd%20like%20to%20re-activate%20it's%20exchange%20user.%20When%20she%20left%2C%20we%20first%20removed%20her%20license%20in%20Office%20365%2C%20then%20we%20disabled%20her%20account%20in%20on-prem%20active%20directory.%20After%20that%20we%20hide%20her%20mailbox%20from%20the%20address%20list%20and%20at%20last%20we%20convert%20her%20mailbox%20to%20a%20shared%20mailbox.%20(I%20know%20you%20should%20convert%20mailbox%20to%20shared%20mailbox%20first%20then%20remove%20license%20but%20that%20was%20not%20done%20be%20me%20%3A(%3C%2Fimg%3E%20)%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20we%20tried%20to%20re-enable%20her%20mailbox%20and%20user%20again%20but%20we've%20found%20that%20when%20we%20uncheck%20the%20%22Hide%20from%20address%20lists%22%20checkbox%2C%20an%20error%20will%20be%20shown%20saying%20that%3A%3C%2FP%3E%3CP%3E%22The%20operation%20on%20mailbox%20%22User%22%20failed%20because%20it's%20out%20of%20the%20current%20user's%20write%20scope.%20The%20action%20'Set-Mailbox'%2C%20'HiddenFromAddressListEnabled'%2C%20can't%20be%20performed%20on%20the%20object%20'User'%20because%20the%20object%20is%20being%20synchronized%20from%20your%20on-premises%20organization.%20This%20action%20should%20be%20performed%20on%20the%20object%20in%20your%20on-premises%20organization.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20the%20problem%20is%2C%20the%20environment%20is%20not%20a%20hybrid%20environment%20and%20we%20only%20uses%20Azure%20AD%20Sync%20to%20sync%20the%20user%20to%20Azure.%20We%20can't%20find%20%22msExchHideFromAddressLists%22%20in%20the%20user's%20attribute%20editor%20in%20the%20on-prem%20AD.%20(Probably%20due%20to%20the%20fact%20that%20we%20don't%20have%20an%20on-prem%20exchange%20server).%20We've%20been%20looking%20for%20a%20way%20to%20un-hide%20the%20user%20from%20address%20list%20for%20a%20few%20days%20but%20still%20no%20luck.%20Does%20anyone%20knows%20how%20can%20we%20fix%20it%3F%20Thanks.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3025984%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3026333%22%20slang%3D%22en-US%22%3ERe%3A%20Cannot%20uncheck%20%22Hide%20from%20address%20list%22%20for%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3026333%22%20slang%3D%22en-US%22%3EEvery%20scenario%20that%20involves%20AAD%20Connect%20(dirsync)%20requires%20you%20to%20have%20at%20least%20one%20Exchange%20server%20on-premises%2C%20for%20management%20purposes.%20Reason%20behind%20this%20is%2C%20that%20the%20only%20supported%20way%20to%20manage%20Exchange%20objects%20and%20attributes%2C%20including%20those%20in%20Exchange%20Online%2C%20is%20via%20the%20Exchange%20tools.%3CBR%20%2F%3EIn%20your%20case%2C%20at%20the%20very%20least%20you%20need%20to%20extend%20the%20on-premises%20schema%20with%20the%20Exchange%20attributes.%20After%20doing%20so%2C%20you%20can%20manage%20msExchHideFromAddressLists%20and%20other%20Exchange-related%20attributes%20via%20ADSI%20Edit%2C%20PowerShell%2C%20or%20whichever%20tool%20you%20prefer.%20Make%20sure%20to%20refresh%20the%20AAD%20Connect%20schema%20(newer%20versions%20should%20do%20this%20automatically).%20And%20keep%20in%20mind%20that%20this%20is%20still%20not%20considered%20a%20*supported*%20scenario%20though.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3026335%22%20slang%3D%22en-US%22%3ERe%3A%20Cannot%20uncheck%20%22Hide%20from%20address%20list%22%20for%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3026335%22%20slang%3D%22en-US%22%3EThanks%20a%20lot!%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi. Recently an employee who has left before has returned to the company and we'd like to re-activate it's exchange user. When she left, we first removed her license in Office 365, then we disabled her account in on-prem active directory. After that we hide her mailbox from the address list and at last we convert her mailbox to a shared mailbox. (I know you should convert mailbox to shared mailbox first then remove license but that was not done be me :( ) 

 

Now we tried to re-enable her mailbox and user again but we've found that when we uncheck the "Hide from address lists" checkbox, an error will be shown saying that:

"The operation on mailbox "User" failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'HiddenFromAddressListEnabled', can't be performed on the object 'User' because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization."

 

But the problem is, the environment is not a hybrid environment and we only uses Azure AD Sync to sync the user to Azure. We can't find "msExchHideFromAddressLists" in the user's attribute editor in the on-prem AD. (Probably due to the fact that we don't have an on-prem exchange server). We've been looking for a way to un-hide the user from address list for a few days but still no luck. Does anyone knows how can we fix it? Thanks.

 

 

2 Replies
best response confirmed by CUCOOPE (Occasional Contributor)
Solution
Every scenario that involves AAD Connect (dirsync) requires you to have at least one Exchange server on-premises, for management purposes. Reason behind this is, that the only supported way to manage Exchange objects and attributes, including those in Exchange Online, is via the Exchange tools.
In your case, at the very least you need to extend the on-premises schema with the Exchange attributes. After doing so, you can manage msExchHideFromAddressLists and other Exchange-related attributes via ADSI Edit, PowerShell, or whichever tool you prefer. Make sure to refresh the AAD Connect schema (newer versions should do this automatically). And keep in mind that this is still not considered a *supported* scenario though.
Thanks a lot!