Managing Global Address List (GAL) Visibility with PowerShell

Published: April 5, 2023 | Last Modified: May 13, 2025

Tags: active-directory exchange powershell gal system-administration office-365 exchange-online user-management directory-services

Categories: Windows PowerShell Active Directory Exchange

From ActiveDirectory

Contacts

Retrieves a sorted list of contacts in the Active Directory by filtering objects with the “contact” objectClass.
Iterates through each contact, obtaining their DistinguishedName and the ‘msExchHideFromAddressLists’ property value.
Outputs a message indicating whether the ‘msExchHideFromAddressLists’ attribute is present for each contact and whether the contact is hidden from address lists.

Import-Module ActiveDirectory

$contacts = Get-ADObject -Filter {objectClass -eq "contact"} | sort

foreach ($contact in $contacts) {
    $contactDN = $contact.DistinguishedName
    $hideFromAddressLists = (Get-ADObject -Identity $contactDN -Properties msExchHideFromAddressLists).msExchHideFromAddressLists
    if ([string]::IsNullOrEmpty($hideFromAddressLists)) {
        Write-Host "Contact $($contact.name) does not have the 'msExchHideFromAddressLists' attribute"
    } else {
        Write-Host "Contact $($contact.name) is hidden from address lists: $($hideFromAddressLists)"
    }
}

Retrieves the distinguished name of the “external users” distribution list in Active Directory.
Obtains a sorted list of contacts that belong to the “external users” distribution list.
Iterates through each contact and sets the ‘msExchHideFromAddressLists’ attribute to ‘True’, effectively hiding them from address lists.

Import-Module ActiveDirectory

# Get the distinguished name of the "external users" distribution list
$externalUsersDL = (Get-ADGroup -Filter {name -eq "external users"}).DistinguishedName
 
# Get all contacts that belong to the "external users" distribution list
$contacts = Get-ADObject -Filter {objectClass -eq "contact" -and memberOf -eq $externalUsersDL} | sort
 
foreach ($contact in $contacts) {
    $contactDN = $contact.DistinguishedName
    $hideFromAddressLists = (Get-ADObject -Identity $contactDN -Properties Set-ADObject -Identity $contactDN -Replace @{msExchHideFromAddressLists=$true}
}

Users

Retrieves a list of users from the “DisabledUsers” organizational unit (OU) in Active Directory, including their ‘msExchHideFromAddressLists’ property.
Iterates through each user in the list and checks the value of their ‘msExchHideFromAddressLists’ property.
Outputs a message for each user, indicating whether they have the ‘msExchHideFromAddressLists’ attribute set and, if so, whether they are hidden from address lists.

Import-Module ActiveDirectory

$disabledUsersOU = "OU=DisabledUsers,OU=,DC=,DC="
$users = Get-ADUser -SearchBase $disabledUsersOU -Filter * -Properties msExchHideFromAddressLists

foreach ($user in $users) {
    $userDN = $user.DistinguishedName
    $hideFromAddressLists = $user.msExchHideFromAddressLists
    if ([string]::IsNullOrEmpty($hideFromAddressLists)) {
        Write-Host "User $($user.name) does not have the 'msExchHideFromAddressLists' attribute"
    } else {
        Write-Host "User $($user.name) is hidden from address lists: $($hideFromAddressLists)"
    }
}

Retrieves and sorts users from the “DisabledUsers” OU in Active Directory, including their ‘msExchHideFromAddressLists’ property.
Iterates through each user, evaluating the value of their ‘msExchHideFromAddressLists’ property.
Sets or updates the ‘msExchHideFromAddressLists’ attribute to ‘True’ for users who don’t have it set or have it set to ‘False’, and outputs corresponding messages; for users with the attribute already set to ‘True’, the script outputs an informative message.

Import-Module ActiveDirectory
 
$disabledUsersOU = "OU=DisabledUsers,OU= Sites,DC=,DC="
$users = Get-ADUser -SearchBase $disabledUsersOU -Filter * -Properties msExchHideFromAddressLists | sort
 
foreach ($user in $users) {
    $userDN = $user.DistinguishedName
    $hideFromAddressLists = $user.msExchHideFromAddressLists
    if ([string]::IsNullOrEmpty($hideFromAddressLists)) {
        Set-ADUser -Identity $userDN -Add @{msExchHideFromAddressLists=$true}
        Write-Host "User $($user.name) did not have the 'msExchHideFromAddressLists' attribute and it has been set to 'True'"
    } elseif (!$hideFromAddressLists) {
        Set-ADUser -Identity $userDN -Replace @{msExchHideFromAddressLists=$true}
        Write-Host "User $($user.name) had the 'msExchHideFromAddressLists' attribute set to 'False' and it has been set to 'True'"
    } else {
        Write-Host "User $($user.name) already has the 'msExchHideFromAddressLists' attribute set to 'True'"
    }
}

From ExchangeOnlineManagement

Contacts

Retrieves members of the “External Users” distribution group using the Get-DistributionGroupMember cmdlet.
Iterates through each member, retrieves their Name and HiddenFromAddressListsEnabled properties using the Get-MailContact cmdlet, and outputs this information.
Updates the HiddenFromAddressListsEnabled property of each member to ‘True’ using the Set-MailContact cmdlet.

Install-Module -Name ExchangeOnlineManagement # if not installed already
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline
 
$ExternalUsers = Get-DistributionGroupMember -Identity "External Users"
foreach ($user in $ExternalUsers) {
    $mailContact = Get-MailContact -Identity $user.Name | Select-Object Name, HiddenFromAddressListsEnabled
    Write-Host "Name: $($mailContact.Name), HiddenFromAddressListsEnabled: $($mailContact.HiddenFromAddressListsEnabled)"
    
    # Set HiddenFromAddressListsEnabled to True
    Set-MailContact -Identity $user.Name -HiddenFromAddressListsEnabled $true
}