msExchHideFromAddressLists Azure AD Synchronisation

All replies

• 

  

  1

  Sign in to vote

  Hi,

  we have Office 365 subscription with on-premises AD Synchronisation.
  I can't manage the attribute msExchHideFromAddressLists  from Office Admin Panel.

  

  Ok. I have created this attribute via LDF file:

  dn: CN=ms-Exch-Hide-From-Address-Lists,c
  changetype: ntdsSchemaAdd
  adminDescription: ms-Exch-Hide-From-Address-Lists
  adminDisplayName: ms-Exch-Hide-From-Address-Lists
  attributeID: 1.2.840.113556.1.4.7000.102.73
  attributeSyntax: 2.5.5.8
  isMemberOfPartialAttributeSet: FALSE
  isSingleValued: TRUE
  lDAPDisplayName: msExchHideFromAddressLists
  name: ms-Exch-Hide-From-Address-Lists
  oMSyntax: 1
  objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=domain,DC=com
  objectClass: attributeSchema
  schemaIdGuid:: lgscopOw0hGqBgDAT47t2A==
  searchFlags: 0
  
  dn:
  changetype: modify
  add: schemaUpdateNow
  schemaUpdateNow: 1
  -

  It is appeared in the Attributes of User. I set it a TRUE and ran synchronization. But this user still present in the address book, and his property still "unchecked".

  

  

  How can i manage "hiding" from On-Premises server? we don't have any on-premises Exchange.
  

  If you are synching with AADConnect, you will need to have at least one on-prem exch server for mgmt.

  https://technet.microsoft.com/en-us/library/dn931280(v=exchg.150).aspx

  See:

  Scenario two

  ---

  Issue: My organization has been running in a hybrid configuration for about a year now and have finally moved my last mailbox to the cloud. I plan to keep Active Directory Federation Services (AD FS) for user authentication of my Exchange Online mailboxes. (This scenario would apply to any customer that is planning on keeping directory synchronization).

  ---

  Exchange 2007 reaches end of life on April 11th. What’s your plan to move?

  Thursday, March 23, 2017 3:44 PM
• 

  

  0

  Sign in to vote

  very uncomfortable......
  i thought, if i can manage SMTP aliases via attribute synchronization, then the same solution must work for msExchHideFromAddressLists too
  I will have to change this attribute through deletion and new synchronization. Then user will have only 5-10 mins outage

  Thursday, March 23, 2017 3:56 PM
• 

  

  0

  Sign in to vote

  @Anahaym, have you deploy on-premise Exchange server before?
  
  If so, the On-premises source of authority only can be changed in On-premise, and we need use On-premise Exchange tool to modify its attribute. Meanwhile, it's highly recommend because it's not support to modify attribute by ADSI Edit dircectly.
  
  More details, refer to: Office 365 and Dirsync: Why should you have at least one Exchange Server on-premises.
  
  On-premises source of authority:
  For items authored in AD and synchronized via Directory Synchronization tool, must be edited using on-premises Active Directory tools, corresponding cloud objects attributes that are synchronized from on-premises are read-only when accessed through cloud management tools.
  

  ---

  Best Regards,
  

  Allen Wang

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Proposed as answer by Thiago Beier Monday, June 3, 2019 4:12 PM
  • Unproposed as answer by Anahaym Wednesday, October 9, 2019 7:51 AM

  Friday, March 24, 2017 7:47 AM
• 

  

  0

  Sign in to vote

  have you deploy on-premise Exchange server before?

  no, i haven't

  must be edited using on-premises Active Directory tools

  i edit the attribute "proxyAddresses" in the ADUC. And then it synchronizes to O365.
  I thought, if i create the same attribute as msExchHideFromAddressLists, then i can change it and synchronize.
  

  Friday, March 24, 2017 9:46 AM
• 

  

  0

  Sign in to vote

  Yes, we need run prepare schema and domain with Exchange installation file (do not install Exchange, just prepare schema and domain).
  
  Then those Exchange attributes (include msExchHideFromAddressLists) will be added and can be modified in ADUC, and sync it to Office 365.

  ---

  Best Regards,
  

  Allen Wang

  ---

  Please remember to mark the replies as answers if they help.
  If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

  • Edited by Allen_WangJF Wednesday, March 29, 2017 3:36 AM

  Wednesday, March 29, 2017 3:35 AM
• 

  

  0

  Sign in to vote

  I have done it. But it still doesn't work.
  I have found the rule, which include a attribute filter. It have to be synced, but it doesn't:

  

  Wednesday, March 29, 2017 12:09 PM
• 

  

  0

  Sign in to vote

  Once you updated the AD Schema on-prem, you need to update the AADConnect Schema

  https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-installation-wizard

  Refresh directory schema

  This option is used if you have changed the schema in one of your on-premises AD DS forests. For example, you might have installed Exchange or upgraded to a Windows Server 2012 schema with device objects. In this case, you need to instruct Azure AD Connect to read the schema again from AD DS and update its cache. This action also regenerates the Sync Rules. If you add the Exchange schema, as an example, the Sync Rules for Exchange are added to the configuration.+

  When you select this option, all the directories in your configuration are listed. You can keep the default setting and refresh all forests or unselect some of them.

  ---

  Exchange 2007 reaches end of life on April 11th. What’s your plan to move?

  • Proposed as answer by Thiago Beier Monday, June 3, 2019 4:13 PM
  • Unproposed as answer by Anahaym Wednesday, October 9, 2019 7:51 AM

  Wednesday, March 29, 2017 12:23 PM
• 

  

  0

  Sign in to vote

  i have done the refresh, and found this log. It wasn't change. Why?

  

  Wednesday, March 29, 2017 12:51 PM
• 

  

  0

  Sign in to vote

  Hi.

  You can hide contact from power shell Office 365

  Hide, Un-hide, Mailboxes and Block Office365 Users

  ---

  MCITP, MCSE. Regards, Oleg

  • Proposed as answer by Thiago Beier Monday, June 3, 2019 4:13 PM
  • Unproposed as answer by Anahaym Wednesday, October 9, 2019 7:51 AM

  Thursday, April 27, 2017 4:45 PM
• 

  

  0

  Sign in to vote

  Hi.

  You can hide contact from power shell Office 365

  Hide, Un-hide, Mailboxes and Block Office365 Users

  ---

  MCITP, MCSE. Regards, Oleg

  No, i can't:

  PS C:\> Set-Mailbox -Identity user@domain.com -HiddenFromAddressListsEnabled $true
  The operation on mailbox "user" failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'HiddenFromAddressListsEnabled', can't be performed on the object 'user ' because the object is being synchronized from your on-premises organization.
  This action should be performed on the object in your on-premises organization.
      + CategoryInfo          : InvalidOperation: (user :ADObjectId) [Set-Mailbox], InvalidOperationException
      + FullyQualifiedErrorId : [Server=VI1PR06MB1854,RequestId=35b1e756-7fa1-4e38-9d9d-0ed30ed6f752,TimeStamp=27.04.2017 18:27:11] [FailureCategory=Cmdlet-InvalidOperationException] 88648A2A,Microsoft.Exchange.Management.RecipientTasks.SetMailbox
      + PSComputerName        : outlook.office365.com
  

  
  

  Thursday, April 27, 2017 6:29 PM
• 

  

  5

  Sign in to vote

  Hi,

  i have found that explanation:

  Issue:

  Unable to disable (oe enable) hide from address lists for an end user in Exchange online.

   

  Cause:

  MailNickName was not populated in AD

  https://social.msdn.microsoft.com/Forums/SqlServer/en-US/081d3259-57b1-44ab-a8d0-5334b83d2938/azure-ad-connect-doesnt-sync-msexchhidefromaddresslists?forum=WindowsAzureAD

  • Proposed as answer by achaddad Friday, August 3, 2018 6:51 PM
  • Unproposed as answer by achaddad Friday, August 3, 2018 6:57 PM
  • Marked as answer by Anahaym Wednesday, October 9, 2019 8:00 AM

  Monday, July 31, 2017 8:40 AM
• 

  

  0

  Sign in to vote

  Hi Marco,

  yes, we don't have an attribute MailNickName in local AD. Should i add it manually?
  

  • Proposed as answer by achaddad Friday, August 3, 2018 6:51 PM
  • Unproposed as answer by achaddad Friday, August 3, 2018 6:51 PM

  Monday, July 31, 2017 1:32 PM
• 

  

  0

  Sign in to vote

  Hi guys, did that solved this issue for you?

  I'm getting the same
  1. user exists in AD , sync properly but he has not license on office365;

  2. assigned the license to the user on office365
  set msExchHideFromAddressLists  to false in ADDS

  run the delta sync Start-ADSyncSyncCycle -PolicyType Delta

  set msExchHideFromAddressLists  to TRUE in ADDS

  run the delta sync Start-ADSyncSyncCycle -PolicyType Delta
  nothing changed :(

  thanks in advance for any tip on that,

  ---

  Thiago Beier Se foi útil marca como resposta! Don´t forget to mark as answer!

  Friday, February 16, 2018 2:06 AM
• 

  

  0

  Sign in to vote

  hello

  I have the same issue, user exists in AD but no license on office 365, I changed the attribut msExchHideFromAddressLists to AD to true but the user is still on addressbook....

  if you have an idea, it will be great.

  thanks

  Wednesday, March 7, 2018 9:10 AM
• 

  

  1

  Sign in to vote

  Have you set the attribute proxyAddresses SMTP:theiremail@address.here

  proxyAddresses & mailNickname were not set on a particular account I needed to hide.

  it was the final thing I had to do to get it to work.

  Wednesday, March 7, 2018 4:31 PM
• 

  

  1

  Sign in to vote

  there is the only one way without on-premises Exchange:

  - disable sync for that account (it removes an account from O365, but an account will remain in recycle bin with default O365 settings)
  - recovery deleted account from recycle bin
  - check or uncheck "hide from address book"
  - enable sync for that account with matching

  • Marked as answer by Anahaym Thursday, March 8, 2018 10:49 AM

  Thursday, March 8, 2018 10:49 AM
• 

  

  0

  Sign in to vote

  Great! I did not have the mailNickname attribute populated, as soon as I added it after running a delta sync it worked. Many thanks

  Friday, April 27, 2018 2:26 PM
• 

  

  0

  Sign in to vote

  This worked, thanks!!!!

  Wednesday, June 13, 2018 5:38 PM
• 

  

  0

  Sign in to vote

  Thank you Marco.

  It worked for me.

  Friday, August 3, 2018 6:52 PM
• 

  

  0

  Sign in to vote

  This thread is gold!
  
  Thanks Marco!

  Friday, August 10, 2018 8:38 PM
• 

  

  0

  Sign in to vote

  This worked for me but I had to set the hidefromaddresslists attribute to false, sync, then set it to true and sync again. 

  I then had to set the value in the 365 portal as well

  Thank you!!!!

  Friday, January 18, 2019 12:27 PM
• 

  

  0

  Sign in to vote

  This is by far the easiest solution!!

  Works like a charm :-)

  Thursday, June 6, 2019 9:25 AM