none
msExchHideFromAddressLists Azure AD Synchronisation RRS feed

  • Question

  • Hi,

    we have Office 365 subscription with on-premises AD Synchronisation.
    I can't manage the attribute msExchHideFromAddressLists  from Office Admin Panel.

    Ok. I have created this attribute via LDF file:

    dn: CN=ms-Exch-Hide-From-Address-Lists,c
    changetype: ntdsSchemaAdd
    adminDescription: ms-Exch-Hide-From-Address-Lists
    adminDisplayName: ms-Exch-Hide-From-Address-Lists
    attributeID: 1.2.840.113556.1.4.7000.102.73
    attributeSyntax: 2.5.5.8
    isMemberOfPartialAttributeSet: FALSE
    isSingleValued: TRUE
    lDAPDisplayName: msExchHideFromAddressLists
    name: ms-Exch-Hide-From-Address-Lists
    oMSyntax: 1
    objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=domain,DC=com
    objectClass: attributeSchema
    schemaIdGuid:: lgscopOw0hGqBgDAT47t2A==
    searchFlags: 0
    
    dn:
    changetype: modify
    add: schemaUpdateNow
    schemaUpdateNow: 1
    -
    

    It is appeared in the Attributes of User. I set it a TRUE and ran synchronization. But this user still present in the address book, and his property still "unchecked".

    How can i manage "hiding" from On-Premises server? we don't have any on-premises Exchange.

    Thursday, March 23, 2017 3:33 PM

Answers

  • there is the only one way without on-premises Exchange:

    - disable sync for that account (it removes an account from O365, but an account will remain in recycle bin with default O365 settings)
    - recovery deleted account from recycle bin
    - check or uncheck "hide from address book"
    - enable sync for that account with matching

    • Marked as answer by Anahaym Thursday, March 8, 2018 10:49 AM
    Thursday, March 8, 2018 10:49 AM

All replies

  • Hi,

    we have Office 365 subscription with on-premises AD Synchronisation.
    I can't manage the attribute msExchHideFromAddressLists  from Office Admin Panel.

    Ok. I have created this attribute via LDF file:

    dn: CN=ms-Exch-Hide-From-Address-Lists,c
    changetype: ntdsSchemaAdd
    adminDescription: ms-Exch-Hide-From-Address-Lists
    adminDisplayName: ms-Exch-Hide-From-Address-Lists
    attributeID: 1.2.840.113556.1.4.7000.102.73
    attributeSyntax: 2.5.5.8
    isMemberOfPartialAttributeSet: FALSE
    isSingleValued: TRUE
    lDAPDisplayName: msExchHideFromAddressLists
    name: ms-Exch-Hide-From-Address-Lists
    oMSyntax: 1
    objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=domain,DC=com
    objectClass: attributeSchema
    schemaIdGuid:: lgscopOw0hGqBgDAT47t2A==
    searchFlags: 0
    
    dn:
    changetype: modify
    add: schemaUpdateNow
    schemaUpdateNow: 1
    -

    It is appeared in the Attributes of User. I set it a TRUE and ran synchronization. But this user still present in the address book, and his property still "unchecked".

    How can i manage "hiding" from On-Premises server? we don't have any on-premises Exchange.

    If you are synching with AADConnect, you will need to have at least one on-prem exch server for mgmt.

    https://technet.microsoft.com/en-us/library/dn931280(v=exchg.150).aspx

    See:

    Scenario two

    Issue: My organization has been running in a hybrid configuration for about a year now and have finally moved my last mailbox to the cloud. I plan to keep Active Directory Federation Services (AD FS) for user authentication of my Exchange Online mailboxes. (This scenario would apply to any customer that is planning on keeping directory synchronization).


    Exchange 2007 reaches end of life on April 11th. What’s your plan to move?

    Thursday, March 23, 2017 3:44 PM
    Moderator
  • very uncomfortable......
    i thought, if i can manage SMTP aliases via attribute synchronization, then the same solution must work for msExchHideFromAddressLists too
    I will have to change this attribute through deletion and new synchronization. Then user will have only 5-10 mins outage
    Thursday, March 23, 2017 3:56 PM
  • @Anahaym, have you deploy on-premise Exchange server before?

    If so, the On-premises source of authority only can be changed in On-premise, and we need use On-premise Exchange tool to modify its attribute. Meanwhile, it's highly recommend because it's not support to modify attribute by ADSI Edit dircectly.

    More details, refer to: Office 365 and Dirsync: Why should you have at least one Exchange Server on-premises.

    On-premises source of authority:
    For items authored in AD and synchronized via Directory Synchronization tool, must be edited using on-premises Active Directory tools, corresponding cloud objects attributes that are synchronized from on-premises are read-only when accessed through cloud management tools.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Thiago Beier Monday, June 3, 2019 4:12 PM
    Friday, March 24, 2017 7:47 AM
    Moderator
  • have you deploy on-premise Exchange server before?

    no, i haven't

    must be edited using on-premises Active Directory tools
    i edit the attribute "proxyAddresses" in the ADUC. And then it synchronizes to O365.
    I thought, if i create the same attribute as msExchHideFromAddressLists, then i can change it and synchronize.
    Friday, March 24, 2017 9:46 AM
  • Yes, we need run prepare schema and domain with Exchange installation file (do not install Exchange, just prepare schema and domain).

    Then those Exchange attributes (include msExchHideFromAddressLists) will be added and can be modified in ADUC, and sync it to Office 365.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 29, 2017 3:35 AM
    Moderator
  • I have done it. But it still doesn't work.
    I have found the rule, which include a attribute filter. It have to be synced, but it doesn't:

    Wednesday, March 29, 2017 12:09 PM
  • Once you updated the AD Schema on-prem, you need to update the AADConnect Schema

    https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-installation-wizard

    Refresh directory schema

    This option is used if you have changed the schema in one of your on-premises AD DS forests. For example, you might have installed Exchange or upgraded to a Windows Server 2012 schema with device objects. In this case, you need to instruct Azure AD Connect to read the schema again from AD DS and update its cache. This action also regenerates the Sync Rules. If you add the Exchange schema, as an example, the Sync Rules for Exchange are added to the configuration.+

    When you select this option, all the directories in your configuration are listed. You can keep the default setting and refresh all forests or unselect some of them.


    Exchange 2007 reaches end of life on April 11th. What’s your plan to move?

    • Proposed as answer by Thiago Beier Monday, June 3, 2019 4:13 PM
    Wednesday, March 29, 2017 12:23 PM
    Moderator
  • i have done the refresh, and found this log. It wasn't change. Why?

    Wednesday, March 29, 2017 12:51 PM
  • Hi.

    You can hide contact from power shell Office 365

    Hide, Un-hide, Mailboxes and Block Office365 Users


    MCITP, MCSE. Regards, Oleg

    • Proposed as answer by Thiago Beier Monday, June 3, 2019 4:13 PM
    Thursday, April 27, 2017 4:45 PM
  • Hi.

    You can hide contact from power shell Office 365

    Hide, Un-hide, Mailboxes and Block Office365 Users


    MCITP, MCSE. Regards, Oleg

    No, i can't:

    PS C:\> Set-Mailbox -Identity user@domain.com -HiddenFromAddressListsEnabled $true
    The operation on mailbox "user" failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'HiddenFromAddressListsEnabled', can't be performed on the object 'user ' because the object is being synchronized from your on-premises organization.
    This action should be performed on the object in your on-premises organization. + CategoryInfo : InvalidOperation: (user :ADObjectId) [Set-Mailbox], InvalidOperationException + FullyQualifiedErrorId : [Server=VI1PR06MB1854,RequestId=35b1e756-7fa1-4e38-9d9d-0ed30ed6f752,TimeStamp=27.04.2017 18:27:11] [FailureCategory=Cmdlet-InvalidOperationException] 88648A2A,Microsoft.Exchange.Management.RecipientTasks.SetMailbox + PSComputerName : outlook.office365.com

    Thursday, April 27, 2017 6:29 PM
  • Hi,

    i have found that explanation:

    Issue:

    Unable to disable (oe enable) hide from address lists for an end user in Exchange online.

     

    Cause:

    MailNickName was not populated in AD

    https://social.msdn.microsoft.com/Forums/SqlServer/en-US/081d3259-57b1-44ab-a8d0-5334b83d2938/azure-ad-connect-doesnt-sync-msexchhidefromaddresslists?forum=WindowsAzureAD

    • Proposed as answer by achaddad Friday, August 3, 2018 6:51 PM
    • Unproposed as answer by achaddad Friday, August 3, 2018 6:57 PM
    Monday, July 31, 2017 8:40 AM
  • Hi Marco,

    yes, we don't have an attribute MailNickName in local AD. Should i add it manually?

    • Proposed as answer by achaddad Friday, August 3, 2018 6:51 PM
    • Unproposed as answer by achaddad Friday, August 3, 2018 6:51 PM
    Monday, July 31, 2017 1:32 PM
  • Hi guys, did that solved this issue for you?

    I'm getting the same
    1. user exists in AD , sync properly but he has not license on office365;

    2. assigned the license to the user on office365
    set msExchHideFromAddressLists  to false in ADDS

    run the delta sync Start-ADSyncSyncCycle -PolicyType Delta

    set msExchHideFromAddressLists  to TRUE in ADDS

    run the delta sync Start-ADSyncSyncCycle -PolicyType Delta
    nothing changed :(

    thanks in advance for any tip on that,


    Thiago Beier Se foi útil marca como resposta! Don´t forget to mark as answer!

    Friday, February 16, 2018 2:06 AM
  • hello

    I have the same issue, user exists in AD but no license on office 365, I changed the attribut msExchHideFromAddressLists to AD to true but the user is still on addressbook....

    if you have an idea, it will be great.

    thanks

    Wednesday, March 7, 2018 9:10 AM
  • Have you set the attribute proxyAddresses SMTP:theiremail@address.here

    proxyAddresses & mailNickname were not set on a particular account I needed to hide.

    it was the final thing I had to do to get it to work.

    Wednesday, March 7, 2018 4:31 PM
  • there is the only one way without on-premises Exchange:

    - disable sync for that account (it removes an account from O365, but an account will remain in recycle bin with default O365 settings)
    - recovery deleted account from recycle bin
    - check or uncheck "hide from address book"
    - enable sync for that account with matching

    • Marked as answer by Anahaym Thursday, March 8, 2018 10:49 AM
    Thursday, March 8, 2018 10:49 AM
  • Great! I did not have the mailNickname attribute populated, as soon as I added it after running a delta sync it worked. Many thanks
    Friday, April 27, 2018 2:26 PM
  • This worked, thanks!!!!
    Wednesday, June 13, 2018 5:38 PM
  • Thank you Marco.

    It worked for me.

    Friday, August 3, 2018 6:52 PM
  • This thread is gold!

    Thanks Marco!
    Friday, August 10, 2018 8:38 PM
  • This worked for me but I had to set the hidefromaddresslists attribute to false, sync, then set it to true and sync again. 

    I then had to set the value in the 365 portal as well

    Thank you!!!!

    Friday, January 18, 2019 12:27 PM
  • This is by far the easiest solution!!

    Works like a charm :-)

    Thursday, June 6, 2019 9:25 AM