If you use an on-premises Active Directory domain controller that syncs with Azure via AAD connect and want to hide an On Premises user from the GAL you should edit the “msExchHideFromAddressLists”attribute.
To do this :
1. Log in to your Active Directory Domain Controller and start Active Directory Users and Computers.
2. Browse to the user and choose properties of the user.
3. Click the Attribute Editor tab
4. Browse to the attribute msExchHideFromAddressLists and set it to True.
Force a domain sync : Powershell : “repadmin /syncall /AdeP”
Start an AAD sync cycle : Powershell : “start-ADSyncSyncCycle -PolicyType delta”
Troubleshooting / Errors :
If it isn’t working you should check if the attribute is a MailNickName has an value.
So you change the msExchangeHiddenFromAddressList
attribute in on-premises but the changes are not updated against the recipient object in Microsoft Exchange Online.
This issue occurs due to one of the following reasons:
- The Alias (
MailNickname
) attribute on the source object that’s located in on-premises doesn’t have the required value. - A sync rule in Azure AD Connect has a scoping filter that states that the Operator of the
MailNickName
attribute is ISNOTNULL. The rule sets Link Type to Join for syncing Exchange attributes together and uses the name In From AD – User Exchange.
See for more info : Changes to msExchangeHiddenFromAddressList not updated – Exchange | Microsoft Lear
To check if it syncs to Azure AD, log in to your AAD connect server and start the Sync rules editor
Check the add line :
After a succesful sync check the user in the Exchange online Admin center and it will show you Hide from global address list (GAL) : Yes