Hiding users from GAL

calendar Apr 5, 2023 · 3 min read · msExchHideFromAddressLists ActiveDirectory ExchangeOnlineManagement  ·
Share on: linkedin copy

Overview

From ActiveDirectory

Contacts

  1. Retrieves a sorted list of contacts in the Active Directory by filtering objects with the "contact" objectClass.
  2. Iterates through each contact, obtaining their DistinguishedName and the 'msExchHideFromAddressLists' property value.
  3. Outputs a message indicating whether the 'msExchHideFromAddressLists' attribute is present for each contact and whether the contact is hidden from address lists.
 1Import-Module ActiveDirectory
 2
 3$contacts = Get-ADObject -Filter {objectClass -eq "contact"} | sort
 4
 5foreach ($contact in $contacts) {
 6    $contactDN = $contact.DistinguishedName
 7    $hideFromAddressLists = (Get-ADObject -Identity $contactDN -Properties msExchHideFromAddressLists).msExchHideFromAddressLists
 8    if ([string]::IsNullOrEmpty($hideFromAddressLists)) {
 9        Write-Host "Contact $($contact.name) does not have the 'msExchHideFromAddressLists' attribute"
10    } else {
11        Write-Host "Contact $($contact.name) is hidden from address lists: $($hideFromAddressLists)"
12    }
13}
  1. Retrieves the distinguished name of the "external users" distribution list in Active Directory.
  2. Obtains a sorted list of contacts that belong to the "external users" distribution list.
  3. Iterates through each contact and sets the 'msExchHideFromAddressLists' attribute to 'True', effectively hiding them from address lists.
 1Import-Module ActiveDirectory
 2
 3# Get the distinguished name of the "external users" distribution list
 4$externalUsersDL = (Get-ADGroup -Filter {name -eq "external users"}).DistinguishedName
 5 
 6# Get all contacts that belong to the "external users" distribution list
 7$contacts = Get-ADObject -Filter {objectClass -eq "contact" -and memberOf -eq $externalUsersDL} | sort
 8 
 9foreach ($contact in $contacts) {
10    $contactDN = $contact.DistinguishedName
11    $hideFromAddressLists = (Get-ADObject -Identity $contactDN -Properties Set-ADObject -Identity $contactDN -Replace @{msExchHideFromAddressLists=$true}
12}

Users

  1. Retrieves a list of users from the "DisabledUsers" organizational unit (OU) in Active Directory, including their 'msExchHideFromAddressLists' property.
  2. Iterates through each user in the list and checks the value of their 'msExchHideFromAddressLists' property.
  3. Outputs a message for each user, indicating whether they have the 'msExchHideFromAddressLists' attribute set and, if so, whether they are hidden from address lists.
 1Import-Module ActiveDirectory
 2
 3$disabledUsersOU = "OU=DisabledUsers,OU=,DC=,DC="
 4$users = Get-ADUser -SearchBase $disabledUsersOU -Filter * -Properties msExchHideFromAddressLists
 5
 6foreach ($user in $users) {
 7    $userDN = $user.DistinguishedName
 8    $hideFromAddressLists = $user.msExchHideFromAddressLists
 9    if ([string]::IsNullOrEmpty($hideFromAddressLists)) {
10        Write-Host "User $($user.name) does not have the 'msExchHideFromAddressLists' attribute"
11    } else {
12        Write-Host "User $($user.name) is hidden from address lists: $($hideFromAddressLists)"
13    }
14}
  1. Retrieves and sorts users from the "DisabledUsers" OU in Active Directory, including their 'msExchHideFromAddressLists' property.
  2. Iterates through each user, evaluating the value of their 'msExchHideFromAddressLists' property.
  3. Sets or updates the 'msExchHideFromAddressLists' attribute to 'True' for users who don't have it set or have it set to 'False', and outputs corresponding messages; for users with the attribute already set to 'True', the script outputs an informative message.
 1Import-Module ActiveDirectory
 2 
 3$disabledUsersOU = "OU=DisabledUsers,OU= Sites,DC=,DC="
 4$users = Get-ADUser -SearchBase $disabledUsersOU -Filter * -Properties msExchHideFromAddressLists | sort
 5 
 6foreach ($user in $users) {
 7    $userDN = $user.DistinguishedName
 8    $hideFromAddressLists = $user.msExchHideFromAddressLists
 9    if ([string]::IsNullOrEmpty($hideFromAddressLists)) {
10        Set-ADUser -Identity $userDN -Add @{msExchHideFromAddressLists=$true}
11        Write-Host "User $($user.name) did not have the 'msExchHideFromAddressLists' attribute and it has been set to 'True'"
12    } elseif (!$hideFromAddressLists) {
13        Set-ADUser -Identity $userDN -Replace @{msExchHideFromAddressLists=$true}
14        Write-Host "User $($user.name) had the 'msExchHideFromAddressLists' attribute set to 'False' and it has been set to 'True'"
15    } else {
16        Write-Host "User $($user.name) already has the 'msExchHideFromAddressLists' attribute set to 'True'"
17    }
18}

From ExchangeOnlineManagement

Contacts

  1. Retrieves members of the "External Users" distribution group using the Get-DistributionGroupMember cmdlet.
  2. Iterates through each member, retrieves their Name and HiddenFromAddressListsEnabled properties using the Get-MailContact cmdlet, and outputs this information.
  3. Updates the HiddenFromAddressListsEnabled property of each member to 'True' using the Set-MailContact cmdlet.
 1Install-Module -Name ExchangeOnlineManagement # if not installed already
 2Import-Module ExchangeOnlineManagement
 3Connect-ExchangeOnline
 4 
 5$ExternalUsers = Get-DistributionGroupMember -Identity "External Users"
 6foreach ($user in $ExternalUsers) {
 7    $mailContact = Get-MailContact -Identity $user.Name | Select-Object Name, HiddenFromAddressListsEnabled
 8    Write-Host "Name: $($mailContact.Name), HiddenFromAddressListsEnabled: $($mailContact.HiddenFromAddressListsEnabled)"
 9    
10    # Set HiddenFromAddressListsEnabled to True
11    Set-MailContact -Identity $user.Name -HiddenFromAddressListsEnabled $true
12}