Hide MB from Exchange GAL not working

Question

We are on 3.3.8507.

We are using Adaxes to prepare users for deletion. Adaxes change the Exchange attribute to "msExchHideFromAddressLists=true".

When we check our Exchange 2010 server the gui reveals that the Hide From Exchange Address List has a check, so we expect the user to disappear from the GAL.

But they don't, even 3 days after the fact. So we go back to the Exchange GUI remove the check, apply, add the check back and apply and they disappear.

The Adaxes method does not seem to truly hide them.

Ideas?

Answer 1

Hello,

The issue is that setting the msExchHideFromAddressLists property to True is not enough for Exchange 2010. You also have to clear the showInAddressBook property.

Thus, to hide a user's mailbox from the GAL, you have to modify your Hide the mailbox from the global address list (GAL) action:

1. Double-click the Hide the mailbox from the global address list (GAL) action of your Custom Command.
2. Click Add.
3. Open the Property to modify drop-down list and check the Show all properties option.
4. Select Show-In-Address-Book.
   
5. Switch the radio-button to Remove property.
   
6. Click OK. You should receive the following action:
   

In our next release we are going to have a more comprehensive support for Exchange features, including hiding mailboxes from the GAL.

Comments

Thank-you for your help.

I had examined the Built-In custom command "Deprovision" which came with the software and thought that was enough.

thanks again

---

How do we reverse this when re-provisioning a user? I can clear the property for the GAL, but i don't see an option for show-in-addressbook = true etc

---

Hello,

The thing is that the Show-In-Address-Book property is a multivalued property that is used by Exchange 2010 and higher to indicate the address books in which the user will appear. It is maintained by Exchange that is responsible for filling this property with GUIDs of address books based on address book policies.

I suggest that you wait for our next version that is to be released by the end of this month, in which there will be an option to hide an Exchange recipient from Exchange address lists. The new version will provide improved support for management of Exchange features, and hiding/unhiding from Exchange address lists will be done by means of native Exchange functionality. This means that all properties will be handled correctly.

As an option, if you have already deprovisioned some users and removed the Show-In-Address-Book property from their accounts, then, after re-provisioning a user, you need to run the following PowerShell command in the Exchange Management Shell:

Set-Mailbox -ApplyMandatoryProperties -Identity ReprovisionedUserName
where ReprovisionedUserName is the username of the user whose account you are re-provisioning.

---

The below worked for me in our custom re-provision rule...I don't know if it's 100% the proper way to do it, but it did however work properly with no errors.

$domain = $Context.GetObjectDomain("%distinguishedName%")
$rootDse = $Context.BindToObject("Adaxes://$domain/rootDSE")
$dc = $rootDse.Get("dnsHostName")
{}
if(!(Get-PSSnapin |
Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.E2010"})) {
ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
}
Set-Mailbox -ApplyMandatoryProperties -Identity %username%

---

Hello,

You can, of course, load the PowerShell Exchange snap-in to perform Exchange functions in PowerShell, but sometimes that doesn't work. A better way of doing this would be to create a remote PowerShell session to the computer where your Exchange Server is installed. Here's the modified script that uses PowerShell remoting:

$exchangeServer = "ExchangeServer.domain.com" # TODO: Modify me

$session = New-PSSession -connectionURI "http://$exchangeServer/powershell" -ConfigurationName Microsoft.Exchange
Import-PSSession -session $session

Set-Mailbox -ApplyMandatoryProperties -Identity "%distinguishedName%"

Remove-PSSession -Session $session

In the script, $exchangeServer specifies the Fully Qualified Domain Name (FQDN) of the computer where your Exchange Server is installed.

---

In Adaxes 2013.1 we have reworked the Exchange management API in Adaxes. Now, you can hide an Exchange mailbox from Exchange address lists with the help of the Modify Exchange Properties action.

For more details, see Example 1 in the Automate Exchange Mailbox Configuration Tutorial.

---

Is there an option to add the user back to Exchange Address Books when re-provisioned in the latest version of Adaxes or do we still have to execute the PowerShell in Exchange? Or does the Hide from Exchange address lists add the user back to the default address book when it is set to false?

---

Hello,

No, you don't need to execute the above PowerShell code any more. Starting from Adaxes 2013.1, enabling the Hide from Exchange address lists option in Exchange Properties removes a user from address books, and disabling the option adds the user back to the default address books.