Hide and Un-hide users from GAL using Powershell

Try the lightweight, desktop-based Microsoft 365 Reporting and Management tool from Specmasoft to hide and unhide user mailboxes and group email addresses in the Global Address List and other Outlook clients. This tool offers a variety of pre-configured Exchange Online reports and allows you to manage mailboxes in bulk, including resetting email address, setting auto-reply message, configuring email forwarding, recipient and message delivery settings, managing email app settings, mailbox archive configurations, and more. Additionally, you can update mailbox permissions and distribution group memberships through an intuitive UI. Read more »

We can use the Exchange Powershell cmdlet Set-Mailbox to hide and un-hide mailbox users from the Global Address List (GAL). We need to change the mailbox-associated property HiddenFromAddressListsEnabled to hide a user from GAL.

Before proceeding, run the following command to load Exchange Online Powershell commands:

$365Logon = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $365Logon -Authentication Basic -AllowRedirection
Import-PSSession $Session

Hide and Un-hide a mailbox user from Global Address Book

Run the following command to hide a single mailbox user.

Set-Mailbox -Identity [email protected] -HiddenFromAddressListsEnabled $true

The following command un-hide the given mailbox user from GAL.

Set-Mailbox -Identity [email protected] -HiddenFromAddressListsEnabled $false

Hide multiple mailbox users from GAL

We can use the Get-Mailbox cmdlet to fetch set of required mailboxes by applying proper filter and then pipe the results to Set-Mailbox command to hide every mailbox from GAL.

Get-Mailbox -ResultSize Unlimited | Where {$_.Office -eq "Office1"} |
Set-Mailbox -HiddenFromAddressListsEnabled $true

Import mailbox users from CSV and hide from GAL

We may required to hide bulk mailboxes from Global Address Book, in this case we can store the mailbox user ids in csv file and import csv in powershell using Import-Csv cmdlet and pass every mailbox to Set-Mailbox cmdlet. Consider the CSV file Hide_Mailboxes.csv which contains mailbox users with the column header UserPrincipalName.

Import-Csv 'C:\Hide_Mailboxes.csv' | ForEach-Object {
$upn = $_."UserPrincipalName"
Set-Mailbox -Identity $upn -HiddenFromAddressListsEnabled $true
}

Export hidden mailboxes to CSV file

We can use the powershell cmdlet Export-csv to export all the hidden mailbox users to csv.

Get-Mailbox -ResultSize Unlimited | Where {$_.HiddenFromAddressListsEnabled -eq $True} |
Select DisplayName,UserPrincipalName, HiddenFromAddressListsEnabled |
Export-CSV "C:\Hidden_MailBoxes_GAL.csv" -NoTypeInformation -Encoding UTF8
Advertisement

8 thoughts on “Hide and Un-hide users from GAL using Powershell”

  1. Hi – I get an error msg saying "the object is being synchronized from your on-premises organization". Is it possible to run these Powershell commands against AD, rather than 365?

    Thanks, Richard

    Reply
    • Just in case it comes up, yes the commands work with on-prem AD *if* the on-premises AD has the Exchange schema. Most of the time, if they’ve ever run an Exchange server on that domain, this won’t be an issue. Nearly all of the companies I deal with it isn’t a problem But if you have a very new domain that was setup without the Exchange schema, because it was made specifically for Azure AD, then you will need to look up “how to add the Exchange schema to your Active Directory”.

      Reply
  2. #AD synced users:

    ##Prerequisite – turn off staging mode – Stage mode will only prep the changes, it won’t commit them to azure. You need to disable staging mode if you want the changes to take affect in the cloud##
    #————————————————————————————————————————-#
    ##if errors – create outbound rule##
    #Azure AD Connect Synchronization Rules Editor
    #Select Direction: Outbound
    #Add new rule
    #Connected System: .onmicrosoft.com – AAD
    #Transformations
    #FlowType: Direct
    #Target Attribute: msExchHideFromAddressLists
    #Source: msExchHideFromAddressLists

    ##notes – initial sync is required after making the sync rule changes so it can populate the new attributes accordingly.
    ##notes – If the user doesn’t have E3 or E1 assigned Exchange Online Portal wont’t touch that attribute.
    #————————————————————————————————————————-#

    import-csv “C:\temp\GALhideusers.csv” | foreach {set-aduser $_.UPN -replace @{msExchHideFromAddressLists=$true}}

    #2nd method

    ### msDS-cloudExtensionAttribute1 can also be changed to “HideFromGAL” (note, this is case sensitive)” ###
    ###the second option requires a delta sync once atributes have been changed to commit to azure###

    Reply
  3. Trying to use the import-csv command. For each it shows:

    Cannot bind argument to parameter ‘Identity’ because it is null.
    + CategoryInfo : InvalidData: (:) [Set-Mailbox], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Set-Mailbox
    + PSComputerName : outlook.office365.com

    I have all the UPNs in one column with the top cell saying UserPrincipalName. Is it the wrong format?

    Reply
    • I know I’m late and you’ve probably figured this out, but
      I think the top cell needs to be ‘UPN’ (no quotes) not ‘UserPrincipalName’

      Reply

Leave a Comment