How to hide users from GAL if they are AD Connect synchronized
How to hide and un-hide users from Global Address List (GAL) in Exchange Online if they are AD Connect synchronized
Hiding User from GAL isn't possible if those are synchronized form On-Premises Active Directory. The local AD is the leading system for all important attributes, like SMTP, UPN and hiding from GAL.
Especially during a cross-tenant migration, you do not want to see not migrated user in the GAL. Those User aren't actively working until their cut-over day.
Since the Exchange Online attribute msExchHideFromAddressLists is an AD on-premises parameter, we have two possible ways hiding user in BME from GAL.
- Modify the AD Connect for your teant with a custom rule, by using a
extensionAttribute to set the HidefromGAL. In this rule, for users which have an entry
in the extensionAttribute, hiding / un-hiding will be controlled by AD Connect
This is the best option for Cross-Tenant Migration, if you run 2 or more AD Connect system
- We direct modify the AD hide attribute in AD
This option isn't the best for cross-tenant migrations
I would recommend the first option.
Modifying the AD Connect Role:
Synchronization Rules Editor:
Create a new Rule (INBOUND)
the following for the description:
Connected System Object Type:
Metaverse Object Type:
Precedence: (this can be any number less than 100. Just make sure you don't duplicate numbers if you have other custom rules or you'll receive a dead-lock error from SQL Server)
Click on and, those can remain blank
the following Transformation page, click the button,
fill out the form with the values below, and then click
Now perform an initial sync
Select the Attributes Editor tab, find , and enter the value , click and to close out of the editor.
Select the user account that is listed and click On the , you should see Azure AD Connect triggered an to Azure AD to set set to