Scroll Top
Evotec Services sp. z o.o., ul. Drozdów 6, Mikołów, 43-190, Poland
+48 502 469 760
contact@evotec.pl

Office 365 – msExchHideFromAddressLists does not synchronize with Office 365

Office 365 – msExchHideFromAddressLists does not synchronize with Office 365
Azure AD Hybrid
By Przemyslaw Klys Azure AD Office 365 PowerShell March 24, 2020

In my life I've deployed multiple Office 365 tenants connected with Active Directory and I've been synchronizing msExchHideFromAddressLists field from Active Directory to HiddenFromAddressListsEnabled in Azure AD without any issues. Recently I was notified that msExchHideFromAddressLists is not getting properly synchronized and surely enough the issue was that Exchange hybrid deployment was not checked.

So you tick the checkbox do Initial sync and you're done.

Start-ADSyncSyncCycle -PolicyType Initial

Except that it doesn't work.

get-mailbox -Identity 'bartosz.klys@evotec.ooo' | Format-List *HiddenFromAddressListsEnabled*

Command above would still show FALSE for HiddenFromAddressListsEnabled. Quick check AD side and msExchangeHideFromAddressLists is Enabled.

Get-ADUser -filter { userprincipalname -eq 'bartosz.klys@evotec.ooo' } -Properties msExchHideFromAddressLists

So what to do?

How to make sure HiddenFromAddressListsEnabled works as expected?

To make sure hidding mailboxes from Global Address List (GAL) works correctly you should verify few things

  • Active Directory has Exchange Extended Schema – this can be done by downloading Exchange 2016 CU15 or similar and executing Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema command

  • Exchange hybrid deployment is selected in Azure AD Connect

  • Run Initial Synchronization after any change of configuration
Start-ADSyncSyncCycle -PolicyType Initial
  • Update msExchHideFromAddressLists for each user that you want to hide from GAL (set TRUE as value)
  • Refresh directory schema with any change to AD Schema

All the steps above I've done and shown that it's not working. The final and often omitted step is what also needs to be set for each user

  • Update mailNickName attribute to proper, non-empty value

Not so obvious right? Of course, if you have local Exchange, it would be done automatically, but most small Clients don't have resources to run an additional machine. While it's technically not a supported scenario, it's how most SMB Clients are working. Now we just need to fix all our users that have Mail field set, and are missing MailNickName.

$WhatIf = $true
$Forest = Get-ADForest
foreach ($Domain in $Forest.Domains) {
    $Users = Get-ADUser -Filter { Mail -like '*' -and MailNickName -notlike '*' } -Properties mailNickName, mail,msExchHideFromAddressLists -Server $Domain
    $Users | Format-Table -AutoSize Name, SamAccountName, DisplayName, Mail,mailNickName, Enabled, msExchHideFromAddressLists,DistinguishedName
    foreach ($_ in $Users) {
        Set-ADUser -Identity $_ -Replace @{mailNickname = $_.SamAccountName } -Server $Domain -WhatIf:$WhatIf
    }
}
Przemyslaw Klys / About Author
System Architect with over 14 years of experience in the IT field. Skilled, among others, in Active Directory, Microsoft Exchange and Office 365. Profoundly interested in PowerShell. Software geek.
More posts by Przemyslaw Klys

Related Posts

Get DNS Duplicate Entries
Finding duplicate DNS entries using PowerShell
Today’s blog post is about Active Directory-integrated DNS and how to find duplicate entries. By duplicate, I mean those where one DNS name matches multiple IP addresses. While some duplicate DNS entries are expected, in other cases, it may lead to problems. For example, having a static IP assigned to a hostname that later on is also updated with dynamic entries.
24 Jul 2022
Powerful hashtables
How I didn’t know how powerful and fast hashtables are
I’ve been using PowerShell for a long while now using Hashtables, OrderedDictionary, and other types of data types in PowerShell, but I never paid attention to how powerful those are. And I don’t mean your general knowledge about hashtables that is already covered by Kevin Marquette in his article Everything you wanted to know about Hashtables or my article PowerShell – Few tricks about HashTables and Arrays I wish I knew when I started. Let’s find out, how Powerful they are, shall we?
19 May 2019
Dashimo
Meet Dashimo – PowerShell Generated Dashboard
Today I wanted to introduce a little product that I’ve created in the last few weeks called Dashimo. It doesn’t cover everything I wanted from it (feature wise), but it already can be used in production. Therefore, I thought it would be a good idea to get some feedback on whether I should spend some more time on it or throw it in the dumpster. Dashimo joins it’s older brother Statusimo of PowerShell modules allowing an easy way to build HTML output. If it will feel familiar, it’s because it was inspired with Bradley Wyatt PowerShell script he did. It gave me the idea of how I would like to build something similar but in a bit different way then he did, with much more flexibility. Still, if it wasn’t for him, the idea wouldn’t be there, therefore you should send him your thanks.
01 Apr 2019
What do we say to health checking Active Directory?
Setting up a new Active Directory is an easy task. You download and install Windows Server, install required roles and in 4 hours or less have a basic Active Directory setup. In an ideal world that would be all and your only task would be to manage users, computers, and groups occasionally creating some Group Policies. Unfortunately, things with Active Directory aren’t as easy as I’ve pictured it. Active Directory is a whole ecosystem and works well ranging from small companies with ten users to 500k users or more (haven’t seen one myself – but so they say!). When you scale Active Directory adding more servers, more domains things tend to get complicated, and while things on top may look like they work correctly, in practice, they may not. That’s why, as an Administrator, you need to manage Active Directory in terms of its Health and Security. Seems easy right? Not quite. While you may think you have done everything, checked everything, there’s always something missing. Unless you have instructions for everything and can guarantee that things stay the same way as you left them forever, it’s a bit more complicated. That’s why Microsoft delivers you tools to the troubleshoot your Active Directory, such as dcdiag, repadmin and some others. They also sell monitoring solutions such as Microsoft SCOM which can help and detect when some things happen in your AD while you were gone. Surely there are some 3rd party companies give you some tools that can help with a lot of that as well. Finally, there is lo of folks within the community creating PowerShell scripts or functions that help with some Health Checks of your Active Directory.
08 Sep 2019
The curious case of $null should be on the left side of equality comparisons PSScriptAnalyzer
If you’re using VSCode with Powershell extension, you probably got used to PSScriptAnalyzer giving you all kind of tips on optimizing things. It makes your code better. Chris Bergmeister does a great job working on it. One of the tips PSScriptAnalyzer gives you when you use $null on the right side of the comparison.
24 Apr 2019
Office 365 – Limiting license to minimum apps required
Office 365 has a lot of options and applications to choose from. Enabling one E1, E3, or any other license gives the user a lot of features, including Exchange, SharePoint, and Teams. But what if you want to make sure that the user can access only Microsoft Teams? By default, you can do it manually during the assignment of the license. Simply choose only Apps you want to assign to a user.
07 Apr 2020
Unlocking PowerShell Magic: Different Approach to Creating 'Empty' PSCustomObjects
Unlocking PowerShell Magic: Different Approach to Creating ‘Empty’ PSCustomObjects
Today I saw an article from Christian Ritter, “PowerShell: Creating an “empty” PSCustomObject” on X that got me curious. Do people create empty objects like Christian proposes? I want to offer an alternative to Christian’s article, which uses OrderedDictionary and converts to PSCustomObject.
10 Aug 2023
Import-PSSession
Office 365 – Using Import-PSSession from separate module
29 Oct 2018
Active Directory – The directory service was unable to allocate a relative identifier
I’ve been testing Disaster Recovery scenario restoring Active Directory. One of the servers was restored, and it worked for a moment after restore. If you can regain your Primary DC, it’s best to do so. If you can’t, a standard thing to do during DR is to move all FSMO roles to the restored server so that it can become a master server. You can find out your FSMO holders by using those commands below:
27 Mar 2019
Office 365
Office 365 – A parameter cannot be found that matches parameter name UserPrincipalName on New-Mailbox
0
28 Jul 2016
Azure Health
Getting Azure Health by parsing HTML using PSParseHTML
Some time ago I’ve wrote PowerShell way to get all information about Office 365 Service Health, and if you were thinking that I would try the same concept for Azure Services you were right. However, I failed. This is because Office 365 Health can be gathered using Microsoft Graph API, and Azure Health information, as far as I know, is not available in the form I wanted it. Azure Status is available as part of Azure Status website. Contrary to Office 365 health you don’t have to login to your Office 365 tenant to read it.
08 Dec 2019
IIS Logs Parser in PowerShell
Reading IIS logs with PowerShell
Today I was reading Twitter, as I am pretty addicted to technology news when Adam Bacon mentioned that he’s surprised that no one has rebuilt IIS Parser as pure PowerShell. While this is not entirely true, and some modules can do some parsing, I decided to try my luck. While doing it from scratch in PowerShell is possible, I opted to use an external C# library that does all the heavy lifting and is optimized for speed.
04 Jun 2022
Free Microsoft Azure/Office365 Fundamentals Training starting February 6th 2023
Being a Microsoft MVP has quite a few benefits. You get to be part of unique offers that help you enhance your knowledge even further. Microsoft Learning team decided to provide free training on Microsoft Fundamentals for MVPs and the Microsoft community, so I’m sharing this with you! Starting next week, Microsoft will run each activity from 9 AM to 5 PM Eastern Standard Time (EST) or 15:00 to 23:00 in Europe (CET).
04 Feb 2023
Mailozaurr – New mail toolkit (SMTP, IMAP, POP3) with support for oAuth 2.0 and GraphApi for PowerShell
Today, I’m introducing a new PowerShell module called Mailozaurr. It’s a module that aims to deliver functionality around Email for multiple use cases. I’ve started it since native SMTP cmdlet Send-MailMessage is obsolete,  and I thought it would be good to write a replacement that adds more features over it as things around us are changing rapidly.
04 Aug 2020
PowerShell
Get-AdPermission – The operation couldn’t be performed because object couldn’t be found
0
25 Feb 2016