Tag Archives: Powershell

Office 365: How to hide a user from the Global Address List when using Dirsync,AADSync or Azure Active Directory Connect

It’s easy to hide a user from the Global Address List(GAL) when your Office 365 tenant is not being synced to your on-premise Active Directory, but if you are syncing to Office 365 which with any of the following tools:

  • Windows Azure Active Directory Sync (DirSync)
  • Azure AD Sync (AADSync)
  • Azure Active Directory Connect

Then you will be unable to hide a user from using the Office 365 Web Interface or PowerShell. From both interfaces you will get the following error:

The operation on mailbox “Paulie” failed because it’s out of the current user’s write scope. The action
‘Set-Mailbox’, ‘HiddenFromAddressListsEnabled’, can’t be performed on the object ‘Paulie’ because the object
is being synchronized from your on-premises organization. This action should be performed on the object in your
on-premises organization.

From the web interface it will look like this:

Unable to hide mailbox from Office 365 when synced to on-premise active directory

How to hide a user from the Global Address List

So, now that we know that is has to be done on-premise, what needs to be changed and what is the quickest and easiest way to change it?

The active directory property “msExchHideFromAddressLists” property needs to be set to “true” and here are two ways of changing it.

Using ADSI Edit to hide a user from the Global Address List

You can use ADSI Edit and navigate to your user and modify the property “msExchHideFromAddressLists” and simply change it to true. It is quite easy to do, but long winded and awkward.

Using adsiedit to set MsExchHideFromAddressLists to true to hide a user from the Office 365 GAL

Using PowerShell to hide a user from the Global Address List

The same operation as above can be achieved in a single line of Powershell using the Set-User cmdlet. This is a much faster and less error prone method of doing the same operation.

Here is an example:

Set-ADUser paulie -Replace @{msExchHideFromAddressLists=$true}

and to un-hide the user:

Set-ADUser paulie -Replace @{msExchHideFromAddressLists=$false}

It’s really much easier to do in Powershell than ADSI Edit, but either way will work and the next time your AD synchronises with Office 365, the user should be hidden.

msExchHideFromAddressLists property missing from Active Directory?

If you discover that the msExchHideFromAddressLists property does not exist in your local active directory if you have never had a Microsoft Exchange Installed locally:

Image of ADSI Edit showing that the msExchHideFromAddressLists Active Directory property is missing
msExchHideFromAddressLists property missing from Active Directory

It is possible to extend the active directory schema to contain the required Exchange attributes without purchasing or installing Microsoft Exchange server. The easiest way to achieve this is to download the evaluation of Exchange Server 2013 and then:

  • Extract the contents of the download to a folder of your choice.
  • Run “setup.exe /prepareschema /iacceptexchangeserverlicenseterms” as per this screenshot:
    Screenshot of Extending the AD Schema to include Exchange Attributes
  • You should now have the msExchHideFromAddressLists active directory property available:
    msExchHideFromAddressLists property added to active directory by extending schema using Exchange 2013 evaluation


To list all users that are hidden from the GAL

Bonus bit of PowerShell – if you want to list all users that are hidden from the GAL, try this:

Get-ADUser -Filter {msExchHideFromAddressLists -eq "TRUE"} |Select-Object UserPrincipalName


Exclude messages from Clutter in Office 365 using a transport rule

This post shows you create a transport rule to exclude messages from clutter and provides the code for you to do it automatically. Clutter is a great feature of Office 365 and allows you to focus on the emails that are important to you, but sometimes you need to see emails even if they don’t really require any attention.

Example: Exclude message from clutter based on the email subject

New-TransportRule -Name "Tachytelic Test Rule" -SubjectContainsWords "Sample Subject to bypass clutter" -SetHeaderName "X-MS-Exchange-Organization-BypassClutter" -SetHeaderValue "true"

The rule is created using the “New-TransportRule” cmdlet as per the above.

Enter your own details below to have the Powershell code to exclude your own messages from clutter below:

PowerShell code to exclude messages from clutter

Rule Name (e.g. Exclude Backup Notifications:

Subject to Exclude (e.g Backup Report):

The New-TransportRule Command Only:

The New-TransportRule Command and required PowerShell to connect to Office 365

The above example should result in the following in the Office 365 Admin Centre:

Screenshot showing rule to exclude messages from clutter

You can check if the rule worked by sending an email from an external account to your Office 365 tenant and checking the properties of the message when it has arrived:

Screenshot showing message properties from a message that has bypassed clutter

As per the screenshot above, you should be able to see a entry in the message header which says:

X-MS-Exchange-Organization-BypassClutter: true

That’s all there is to it! Once you have got the messages you need, consider automatically processing them with an Outlook Macro.

I’ve also written another post on Office 365 Transport Rules, which many have found useful.