Exchange Hybrid - GAL

Brass Contributor

So we have a hybrid environment with on-premises AD users that are synced to Office 365. Users'mailboxes are on Exchange Online. Azure AD OU filtering is not used yet so we sync all accounts (even disabled ones)

 

In Skype for Business Online when you search for a contact, it will also show the disabled accounts whereas the Exchange Address book won't show the disabled accounts

 

Is that normal, Skype doesn't use the same address book?

 

We are coming from an Exchange on-premises setup but we have almost migrated all mailboxes online, how does the GAL is maintained now Can I delete my on-premises Address lists? How can I create Address lists in Office 365?

9 Replies

Both Exchange and SfB will show disabled accounts, the don't differ I this regard and use the same attribute to "hide" a user.

 

As for address list, you can use the familiar Exchange cmdlets: https://technet.microsoft.com/en-us/library/jj983798(v=exchg.150).aspx

This is not what we are experiencing which is why I thought it had to do with AD Connect.

 

If I go to Outlook and go to Address Book, I do not see the disabled accounts in question.

Now if I open SfB and Type the name in the "find someone" search box the name shows up.

The account in question doesn't have a mailbox (neither on-premises nor online), I also checked the AD attribute msEchHideFromAddressLists which is set to TRUE

 

We observe this behavior for all our disabled accounts

Ah, I see. That explains it actually, Exchange address lists (including the GAL) only include valid Exchange recipient types, if the user doesn't have a mailbox (and is not represented by a mail-user object on-premises), Exchange Online will ignore it. I wrongly assumed you are talking about Exchange-related objects.

Would you know how to explain the difference between the Skype and Exchange Online contacts?

 

I am trying to understand how I could make that disabled accounts don't show up on Skype.

 

It's not about contacts per se, it's about the recipient type for the corresponding object. Here's an example to try in your tenant: create a user directly in the O365, do not license it for Exchange, but give it a SfB license. Such user will be visible in SfB, but NOT visible in Exchange, as it is not recognized as any valid Exchange recipient. The same applies when you sync objects from on-premises - only the objects that are recognized as valid Exchange recipients will show up in the GAL.

I still don't know what I should do...As an example, I have a user who left the company, her account is disabled in AD, the Exchange properties have been removed, her mailbox deleted, she is not licensed for anything in Office 365, she is an OU that gets synced by Azure AD connect, she shows p in SfB but not Exchange.

 

So the only way for her to not show in SfB is to remove the sync on the OU she is in?

 

If you do that, you might loose any data stored in her ODFB, so make sure you back that up if needed.

One more thing the disabled accounts will only show when you use the SfB client from a laptop or PC.

If we use the mobile client on Android or iPhone they don't show

One quick thought from reading about this issue is that when Skype desktop client downloads it's address book, it then saves the address book in the users Skype profile. If you sign on to a PC or laptop, Try deleting the Skype profile> exit out of the skype client by right clicking the skype icon in systray and clicking exit. Restart Skype. This will force a new download of the address book. If the deleted account still appears in searches, then you will need to alter the Skype online address book.

 

The simplest solution to alter the skype online address book would involve moving deleted users or users that should be hidden to an OU and configure AAD to filter that OU from AAD replication.