Try the desktop-based Microsoft 365 Reporting and Management tool from Specmasoft to hide and unhide user mailboxes and group email addresses from GAL and other Outlook clients. This tool offers a variety of pre-configured Exchange Online reports and allows you to manage mailboxes in bulk, including resetting email address, setting auto-reply message, configuring email forwarding, and more. Read more »
We can use the Exchange Powershell cmdlet Set-Mailbox to hide and un-hide mailbox users from the Global Address List (GAL). We need to change the mailbox-associated property HiddenFromAddressListsEnabled to hide a user from GAL.
Before proceeding, run the following command to load Exchange Online Powershell commands:
$365Logon = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $365Logon -Authentication Basic -AllowRedirection Import-PSSession $Session
Hide and Un-hide a mailbox user from Global Address Book
Run the following command to hide a single mailbox user.
Set-Mailbox -Identity [email protected] -HiddenFromAddressListsEnabled $true
The following command un-hide the given mailbox user from GAL.
Set-Mailbox -Identity [email protected] -HiddenFromAddressListsEnabled $false
Hide multiple mailbox users from GAL
We can use the Get-Mailbox cmdlet to fetch set of required mailboxes by applying proper filter and then pipe the results to Set-Mailbox command to hide every mailbox from GAL.
Get-Mailbox -ResultSize Unlimited | Where {$_.Office -eq "Office1"} | Set-Mailbox -HiddenFromAddressListsEnabled $true
Import mailbox users from CSV and hide from GAL
We may required to hide bulk mailboxes from Global Address Book, in this case we can store the mailbox user ids in csv file and import csv in powershell using Import-Csv cmdlet and pass every mailbox to Set-Mailbox cmdlet. Consider the CSV file Hide_Mailboxes.csv which contains mailbox users with the column header UserPrincipalName.
Import-Csv 'C:\Hide_Mailboxes.csv' | ForEach-Object { $upn = $_."UserPrincipalName" Set-Mailbox -Identity $upn -HiddenFromAddressListsEnabled $true }
Export hidden mailboxes to CSV file
We can use the powershell cmdlet Export-csv to export all the hidden mailbox users to csv.
Get-Mailbox -ResultSize Unlimited | Where {$_.HiddenFromAddressListsEnabled -eq $True} | Select DisplayName,UserPrincipalName, HiddenFromAddressListsEnabled | Export-CSV "C:\Hidden_MailBoxes_GAL.csv" -NoTypeInformation -Encoding UTF8
Hi – I get an error msg saying "the object is being synchronized from your on-premises organization". Is it possible to run these Powershell commands against AD, rather than 365?
Thanks, Richard
Hi Richard,
Yes, you can use the same commands against On-Premises Exchange.
Cool, I'll gone that a go.
Cool, I'll give that a go. Cheers!
Just in case it comes up, yes the commands work with on-prem AD *if* the on-premises AD has the Exchange schema. Most of the time, if they’ve ever run an Exchange server on that domain, this won’t be an issue. Nearly all of the companies I deal with it isn’t a problem But if you have a very new domain that was setup without the Exchange schema, because it was made specifically for Azure AD, then you will need to look up “how to add the Exchange schema to your Active Directory”.
#AD synced users:
##Prerequisite – turn off staging mode – Stage mode will only prep the changes, it won’t commit them to azure. You need to disable staging mode if you want the changes to take affect in the cloud##
#————————————————————————————————————————-#
##if errors – create outbound rule##
#Azure AD Connect Synchronization Rules Editor
#Select Direction: Outbound
#Add new rule
#Connected System: .onmicrosoft.com – AAD
#Transformations
#FlowType: Direct
#Target Attribute: msExchHideFromAddressLists
#Source: msExchHideFromAddressLists
##notes – initial sync is required after making the sync rule changes so it can populate the new attributes accordingly.
##notes – If the user doesn’t have E3 or E1 assigned Exchange Online Portal wont’t touch that attribute.
#————————————————————————————————————————-#
import-csv “C:\temp\GALhideusers.csv” | foreach {set-aduser $_.UPN -replace @{msExchHideFromAddressLists=$true}}
#2nd method
### msDS-cloudExtensionAttribute1 can also be changed to “HideFromGAL” (note, this is case sensitive)” ###
###the second option requires a delta sync once atributes have been changed to commit to azure###
Trying to use the import-csv command. For each it shows:
Cannot bind argument to parameter ‘Identity’ because it is null.
+ CategoryInfo : InvalidData: (:) [Set-Mailbox], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Set-Mailbox
+ PSComputerName : outlook.office365.com
I have all the UPNs in one column with the top cell saying UserPrincipalName. Is it the wrong format?
I know I’m late and you’ve probably figured this out, but
I think the top cell needs to be ‘UPN’ (no quotes) not ‘UserPrincipalName’