In my life I've deployed multiple Office 365 tenants connected with Active Directory and I've been synchronizing msExchHideFromAddressLists field from Active Directory to HiddenFromAddressListsEnabled in Azure AD without any issues. Recently I was notified that msExchHideFromAddressLists is not getting properly synchronized and surely enough the issue was that Exchange hybrid deployment was not checked.
So you tick the checkbox do Initial sync and you're done.
Start-ADSyncSyncCycle -PolicyType Initial
Except that it doesn't work.
get-mailbox -Identity 'bartosz.klys@evotec.ooo' | Format-List *HiddenFromAddressListsEnabled*
Command above would still show FALSE for HiddenFromAddressListsEnabled. Quick check AD side and msExchangeHideFromAddressLists is Enabled.
Get-ADUser -filter { userprincipalname -eq 'bartosz.klys@evotec.ooo' } -Properties msExchHideFromAddressLists
So what to do?
To make sure hidding mailboxes from Global Address List (GAL) works correctly you should verify few things
Start-ADSyncSyncCycle -PolicyType Initial
All the steps above I've done and shown that it's not working. The final and often omitted step is what also needs to be set for each user
Not so obvious right? Of course, if you have local Exchange, it would be done automatically, but most small Clients don't have resources to run an additional machine. While it's technically not a supported scenario, it's how most SMB Clients are working. Now we just need to fix all our users that have Mail field set, and are missing MailNickName.
$WhatIf = $true
$Forest = Get-ADForest
foreach ($Domain in $Forest.Domains) {
$Users = Get-ADUser -Filter { Mail -like '*' -and MailNickName -notlike '*' } -Properties mailNickName, mail,msExchHideFromAddressLists -Server $Domain
$Users | Format-Table -AutoSize Name, SamAccountName, DisplayName, Mail,mailNickName, Enabled, msExchHideFromAddressLists,DistinguishedName
foreach ($_ in $Users) {
Set-ADUser -Identity $_ -Replace @{mailNickname = $_.SamAccountName } -Server $Domain -WhatIf:$WhatIf
}
}
This post was last modified on June 9, 2025 09:59
Ever wondered how to run network diagnostics like Ping, Traceroute, or DNS queries from probes…
Are you tired of manually running network diagnostics like Ping, Traceroute, or DNS queries? The…
Discover new features in the PSWriteHTML PowerShell module – including New-HTMLInfoCard, improved layout controls with…
Security Identifier (SID) History is a useful mechanism in Active Directory (AD) migrations. It allows…
Today, I made the decision to upgrade my test environment and update the version of…
Have you ever looked at your Active Directory and wondered, "Why do I still have…