locked
Sync Onprem & O365 GAL RRS feed

  • Question

  • Hi, We are hybrid onprm/o365. I have several hundred contacts that I don't want to show up in the GAL and I ran this command and it worked to hide them:

    Get-mailcontact -organizationalunit "My Contacts OU" | Set-mailcontact -hiddenfromaddresslistsenabled $true

    However, this can only be seen onprem. O365 mailboxes still see the entries in the GAL. We use DirSync and it's been a couple of days. Any suggestions?


    • Edited by ÁNLEIFR Friday, December 16, 2016 10:38 PM
    Friday, December 16, 2016 10:37 PM

Answers

  • Ok, this has been solved. Under Synchronization Service the connector did not have this OU checked to sync. I had assumed all the OU's were being synchronized but some including this one were unchecked. Once checking this OU to sync I ran a manually sync and now this attribute is coming across.
    • Marked as answer by ÁNLEIFR Wednesday, January 4, 2017 10:16 PM
    Wednesday, January 4, 2017 10:16 PM

All replies

  • Newer versions of AAD Connect/DirSync enforce different sync rules, namely for any Exchange related attributes to sync to O365 (including msexchhidefromaddresslists), the object must have a valid mailnickname/alias value. So check for that. If it still doesn't show, check what the object properties look like in the metaverse, here's an example article that details how: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-service-manager-ui-connectors/#follow-an-object-and-its-data-through-the-system
    Saturday, December 17, 2016 7:50 AM
  • Hi,

    How about force a Directory Synchronization for testing, then check the sync status as Vasil mentioned?

    To force sync, try to:
    1. Launch a Windows Powershell console on the server and then navigate to “C:\Program Files\Windows Azure Active Directory Sync” folder and run the “DirSyncConfigshell.psc1” script.
    2. Then run "Start-OnlineCoexistenceSync".

    Otherwise, try to deactivate Dirsync, remove the mail contact in cloud, and re-activate Dirsync to double confirm. 


    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 19, 2016 6:12 AM
  • Hi,

    How about force a Directory Synchronization for testing, then check the sync status as Vasil mentioned?

    To force sync, try to:
    1. Launch a Windows Powershell console on the server and then navigate to “C:\Program Files\Windows Azure Active Directory Sync” folder and run the “DirSyncConfigshell.psc1” script.
    2. Then run "Start-OnlineCoexistenceSync".

    Otherwise, try to deactivate Dirsync, remove the mail contact in cloud, and re-activate Dirsync to double confirm. 


    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    hi thanks, I have ran  Start-ADSyncSyncCycle -PolicyType Initial several times, is this not a manaully sync?
    Monday, December 19, 2016 5:08 PM
  • Hi,

    It's used to initiate a Full Sync with AAD Connect when run "Start-ADSyncSyncCycle -PolicyType Initial".

    Please try to stop AD sync, then remove contact in Office 365, then enable sync for testing.


    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, December 21, 2016 2:43 AM
  • I added the attribute to be included as outlined below but still to no avail...


    Add msExchHideFromAddressLists


    • Edited by ÁNLEIFR Wednesday, December 21, 2016 3:43 PM
    Wednesday, December 21, 2016 3:41 PM
  • Thanks. Well, it doesn't look like there is a way to bulk delete them from the O365 side, there are 428 of them.

    How about this, is there an O365 powershell command that I can run to hide them from that side since they are already hidden onprem? Then they would be hidden on both sides, our DirSync works for everything else...

    Wednesday, December 21, 2016 4:08 PM
  • Hi, I can't delete or set the hide from address checkbox on these contacts from O365, it throws an error that says it has to be done onprem. Any ideas how I can get these contacts hidden on O365??
    Thursday, December 22, 2016 4:14 PM
  • Hi,

    Sorry for delay.

    Since this object is synced from On-premise AD, we can only modify its attribute in On-premise AD.

    Would you please try to remove a test contact in Office 365 after stop AAD Connect, then check the result?


    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Allen_WangJF Wednesday, January 4, 2017 2:14 AM
    Tuesday, December 27, 2016 10:08 AM
  • Ok, this has been solved. Under Synchronization Service the connector did not have this OU checked to sync. I had assumed all the OU's were being synchronized but some including this one were unchecked. Once checking this OU to sync I ran a manually sync and now this attribute is coming across.
    • Marked as answer by ÁNLEIFR Wednesday, January 4, 2017 10:16 PM
    Wednesday, January 4, 2017 10:16 PM
  • All right, thanks for your sharing.

    Have a nice day.

    Best Regards,

    Allen Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 5, 2017 9:09 AM