Hide User from Address Lists (AD Connect)

John Gruber
Nov 2, 2018 · 3 min read

When using Office 365 and AD Connect you may not be able to mark a mailbox Hide from address lists using the Office 365 portal if you are syncing users from your on-premise Active Directory.

When a user is being synchronized from your on-premise Active Directory and you attempt to hide the user from the address book using the Microsoft Office 365 portal you’ll receive the following error:

The operation on mailbox failed because it’s out of the current users’s write scope. The action ‘Set-Mailbox’, ‘HiddenFromAddressListsEnabled’, can’t be performed on the object because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

This error will always happen because Office 365 knows that user is being synced from your Active Directory so if you make any changes to the user in Office 365 the change will be overwritten the next time Active Directory syncs.

How to Hide a Mailbox from the Address Lists using the Office 365 Portal

If you create a user or shared mailbox using the Office 365 portal the user isn’t synchronized from your Active Directory follow the following steps:

  1. Log in to the Exchange Admin Center using your Office 365 global admin credentials.
  2. Navigate to recipients > mailboxes (or shared if it’s a shared mailbox)

3. Find and double-click the user you want to hide.

4. Check the Hide from address lists check box. Click Save.

If you receive The operation on mailbox failed because it’s out of the current user’s write scope error follow the steps below to make the change in Active Directory.

The address books are downloaded to the Outlook client once every 24 hours so the user will still be visible in the address book for 1 day.

How to Hide a User from the Address Lists using Active Directory (AD Connect)

  1. Open Active Directory Users & Computers.
  2. Enable Advanced Features by clicking View > Advanced Features.
    When Advanced Features is turned on you’ll see a checkbox as the image below

3. Find and open the properties for the user you want to hide. Click the Attribute Editor tab.

4. Find and double-click the msExchHideFromAddressLists attribute to change its value.

5. Set the value to True and save your changes.

The change will be visible in the Office 365 portal after the next AD Connect job runs which may take up to an hour. The address books are downloaded to the Outlook client once every 24 hours so the user will still be visible in the address book for 1 day.

If you can’t find the attribute you may have a filter enabled. Click the Filter button and verify you’re showing all properties.

GitBit

John Gruber

Written by

Productivity and technology to make the world a better place. Because we all need a little help and motivation sometimes.

GitBit

GitBit

Insight and ideas about Microsoft 365, Office 365, Windows, and Enterprise Mobility + Security

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade