Hide users disbaled users and shared mailboxes from GAL

%3CLINGO-SUB%20id%3D%22lingo-sub-1235275%22%20slang%3D%22en-US%22%3EHide%20users%20disbaled%20users%20and%20shared%20mailboxes%20from%20GAL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1235275%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20using%20Office%20365%20with%20AD%20sync.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20problem%20where%20I%20cannot%20hide%20shared%20mailboxes%20from%20the%20GAL...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20shared%20mailboxes%20where%20once%20users%20but%20after%20they%20leave%20have%20been%20converted%20to%20a%20Shared%20Mailbox.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20set%20msExchHideFromAddressLists%20to%20TRUE%20on%20the%20AD%20side%20but%20still%20they%20are%20visible%20in%20the%20GAL%20(Even%20after%2024hours)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20cannot%20set%20them%20hidden%20via%20the%20admin%20centre%20as%20i%20get%20the%26nbsp%3B%20failed%20because%20it's%20out%20of%20the%20current%20user's%20write%20scope%20error...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20delete%20the%20AD%20object%20and%20it%20removes%20the%20users%20from%20the%20GAL%20but%20then%20it%20also%20removes%20the%20shared%20mailbox%20too.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20know%20a%20work%20arround%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1235275%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1235945%22%20slang%3D%22en-US%22%3ERe%3A%20Hide%20users%20disbaled%20users%20and%20shared%20mailboxes%20from%20GAL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1235945%22%20slang%3D%22en-US%22%3E%3CP%3ECheck%20whether%20the%20attribute%20change%20is%20picked%20up%20via%20the%20MIIS%20Client%20as%20detailed%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-object-not-syncing%23connector-space-object-properties%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-object-not-syncing%23connector-space-object-properties%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1254268%22%20slang%3D%22en-US%22%3ERe%3A%20Hide%20users%20disbaled%20users%20and%20shared%20mailboxes%20from%20GAL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1254268%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F585538%22%20target%3D%22_blank%22%3E%40Fairtrade%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20Check%20if%20the%26nbsp%3B%3CSPAN%3E%22mailNickname%22%20attribute%20for%20the%20disabled%20users%20%2F%20shared%20mailbox%20is%20populated.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAnother%20user%20attribute%20that%20must%20be%20populated%20for%20msExchHideFromAddressLists%20to%20work%20is%20the%20%22mailNickname%22.%20Set%20this%20to%20their%20username.%20and%20run%20a%20delta%20sync.%20If%20this%20is%20not%20set%2C%20then%20msExchHideFromAddressLists%20doesn't%20work%20correctly.%20The%20GaL%20should%20update%20instantly%20on%20OWA.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Visitor

We are using Office 365 with AD sync.

 

I have a problem where I cannot hide shared mailboxes from the GAL...

 

The shared mailboxes where once users but after they leave have been converted to a Shared Mailbox.

 

I have set msExchHideFromAddressLists to TRUE on the AD side but still they are visible in the GAL (Even after 24hours)

 

I cannot set them hidden via the admin centre as i get the  failed because it's out of the current user's write scope error...

 

I can delete the AD object and it removes the users from the GAL but then it also removes the shared mailbox too.

 

Does anyone know a work arround? 

2 Replies
Highlighted

Check whether the attribute change is picked up via the MIIS Client as detailed here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-object-not-syncing#con...

Highlighted

@Fairtrade 

Please Check if the "mailNickname" attribute for the disabled users / shared mailbox is populated.

Another user attribute that must be populated for msExchHideFromAddressLists to work is the "mailNickname". Set this to their username. and run a delta sync. If this is not set, then msExchHideFromAddressLists doesn't work correctly. The GaL should update instantly on OWA.