Tag Archives: Office 365

Office 365: How to hide a user from the Global Address List when using Dirsync,AADSync or Azure Active Directory Connect

It’s easy to hide a user from the Global Address List(GAL) when your Office 365 tenant is not being synced to your on-premise Active Directory, but if you are syncing to Office 365 which with any of the following tools:

  • Windows Azure Active Directory Sync (DirSync)
  • Azure AD Sync (AADSync)
  • Azure Active Directory Connect

Then you will be unable to hide a user from using the Office 365 Web Interface or PowerShell. From both interfaces you will get the following error:

The operation on mailbox “Paulie” failed because it’s out of the current user’s write scope. The action
‘Set-Mailbox’, ‘HiddenFromAddressListsEnabled’, can’t be performed on the object ‘Paulie’ because the object
is being synchronized from your on-premises organization. This action should be performed on the object in your
on-premises organization.

From the web interface it will look like this:

Unable to hide mailbox from Office 365 when synced to on-premise active directory

How to hide a user from the Global Address List

So, now that we know that is has to be done on-premise, what needs to be changed and what is the quickest and easiest way to change it?

The active directory property “msExchHideFromAddressLists” property needs to be set to “true” and here are two ways of changing it.

Using ADSI Edit to hide a user from the Global Address List

You can use ADSI Edit and navigate to your user and modify the property “msExchHideFromAddressLists” and simply change it to true. It is quite easy to do, but long winded and awkward.

Using adsiedit to set MsExchHideFromAddressLists to true to hide a user from the Office 365 GAL

Using PowerShell to hide a user from the Global Address List

The same operation as above can be achieved in a single line of Powershell using the Set-User cmdlet. This is a much faster and less error prone method of doing the same operation.

Here is an example:

Set-ADUser paulie -Replace @{msExchHideFromAddressLists=$true}

and to un-hide the user:

Set-ADUser paulie -Replace @{msExchHideFromAddressLists=$false}

It’s really much easier to do in Powershell than ADSI Edit, but either way will work and the next time your AD synchronises with Office 365, the user should be hidden.

msExchHideFromAddressLists property missing from Active Directory?

If you discover that the msExchHideFromAddressLists property does not exist in your local active directory if you have never had a Microsoft Exchange Installed locally:

Image of ADSI Edit showing that the msExchHideFromAddressLists Active Directory property is missing
msExchHideFromAddressLists property missing from Active Directory

It is possible to extend the active directory schema to contain the required Exchange attributes without purchasing or installing Microsoft Exchange server. The easiest way to achieve this is to download the evaluation of Exchange Server 2013 and then:

  • Extract the contents of the download to a folder of your choice.
  • Run “setup.exe /prepareschema /iacceptexchangeserverlicenseterms” as per this screenshot:
    Screenshot of Extending the AD Schema to include Exchange Attributes
  • You should now have the¬†msExchHideFromAddressLists active directory property available:
    msExchHideFromAddressLists property added to active directory by extending schema using Exchange 2013 evaluation


To list all users that are hidden from the GAL

Bonus bit of PowerShell – if you want to list all users that are hidden from the GAL, try this:

Get-ADUser -Filter {msExchHideFromAddressLists -eq "TRUE"} |Select-Object UserPrincipalName


Mail (microsoft outlook 2016) application not found

When migrating a customer to Office 365 I had a problem opening the mail control panel applet. It simply showed the error message “Application not found”:

Error message when trying to run the mail applet from Microsoft Outlook 2016 "Application not found"

This seemed to be occurring on 64-Bit machines where we had installed 32-Bit Office 2016 from the Office 365 portal.

I found two workarounds for this:

Workaround One: Run the mail applet directly from the command line

  1. Press Windows Key + R to bring up the run dialog
  2. Paste the following:
    C:\Program Files (x86)\Microsoft Office\root\Office16\MLCFG32.CPL

Workaround Two: Run the mail applet from Outlook 2016

If you in Outlook you can run the control panel mail applet from within Outlook by going to File and clicking on account settings, at the bottom of the account settings drop down you should see a “Manage Profiles” button, which will take you into the mail applet.
Manage mail profiles from within Outlook 2016

I would like to find a proper solution for why this is happening, so if anyone comes across a solution, I’d appreciate it if you share your solution.