Hide Users From Global Address List (GAL)

by Robert Allen

In this guide, you will learn how to hide users, groups, and shared mailboxes from the Office 365 Global Address List (GAL).

You can hide any object with a mailbox from the Global Address List (GAL) including User and Shared Mailboxes, Groups (Microsoft 365, Distribution Lists, and Mail-Enabled), Resources, and Contacts. Mailboxes that are hidden cannot be located by any services that depend on the GAL.

Table of contents:

Hide Users or Shared Mailbox from GAL in Hybrid Environment

If you have an on-premises Active Directory domain controller that syncs with Azure then follow these steps to hide a users from the GAL.

Step 1. In your on-prem Active Directory Domain Controller, open Active Directory Users and Computers.

Step 2. Locate the user you want to hide from the Global Address List and double-click on the user.

Step 3. Click on the Attribute Editor tab.

Step 4. Locate the attribute msExchHideFromAddressLists and edit it. Set it to True.

Step 5. Perform a sync to push the changes to the cloud.

Bulk Hide Users from GAL in Hybrid Environment

In this example, I’ll use the AD Pro Toolkit to hide multiple users from the GAL. You can also run reports and see which accounts are hidden and which are not.

Step 1. Create a CSV file with two columns

Create a CSV file with two columns

  • sAMAccountName = The account logon name you want to update
  • msExchHideFromAddressLists = Set to True or False (True to hide from gal)

Tip: You can use the included User Export Tool to export a list of accounts that you want to hide from the GAL.

In this example, I’ll change the msExchHideFromAddressLists attribute to “True” for 41 user accounts.

Step 2. Run AD Pro Toolkit

Open the AD Pro Toolkit and click on Bulk Modify Users.

Select your CSV file and click run.

You can check the msExchHideFromAddressLists attribute by running any of the user reports.

Download AD Pro Toolkit and try it for free.

Hide Users or Shared Mailbox from GAL in Cloud Only Environment

Step 1. Log into the Exchange Admin Center

Click on mailboxes, to see a list of user and shared mailboxes.

Step 2. Click on the mailbox you would like to hide.

The mailbox settings page will be displayed. At the top, click on hide mailbox.

A Hide from the address list screen will open. Toggle from Off to On. Then click Save at the bottom of the screen.

It can take up to 24 hours for an existing mailbox to be hidden from the Global Address List.

Hide Contact from the GAL using Exchange Admin Center

Step 1. Log into the Exchange Admin Center.

From the left menu click on recipients and then contacts. You will see your tenant contact list.

Step 2. Locate the contact you want to hide from the address list and click on it. You will see Hide from global address list at the bottom.

Click on manage hide from GAL.

The Manage hide from global address list (GAL) screen will display. Toggle the Hide from Global Address List setting to On and click Save at the bottom of the screen.

It can take up to 24 hours before an existing contact is hidden in the GAL.

Hide Resources from the GAL using Exchange Admin Center

Step 1. Log into the Exchange Admin Center.

From the left menu click on recipients and then resources. You will see a list of your resources.

Step 2. Locate and click on the Resource you want to hide.  The settings page will open. Click on the box “Hide this from the global address list” and then click the save button.

It can take up to 24 hours before an existing resource is hidden from the GAL.

Hide Group from the GAL using Exchange Admin Center

Step 1. Log into the Exchange Admin Center.

From the left menu click on recipients and then groups. You will see a list of your groups. You can hide any group, Microsoft 365, Distribution List, Dynamic Distribution List, or Mail-enabled Security.

Step 2. Click on the group

Click on the tab Microsoft 365, Distribution list, Dynamic distribution list, or Mail-enabled security where your group is located.  In this case, I’m choosing a Microsoft 365 Group so I’m going to click on the Microsoft 365 tab.  Click on the group you want to hide.  The group information box will open. 

Click on the Settings tab. Under General Settings, click on the box to the left of the Hide this group form the global address list. Click Save at the bottom.

It can take up to 24 hours before an existing group is hidden from the GAL.

Hide Users from GAL using PowerShell (Hybrid)

You need to have the Active Directory PowerShell module installed to run these commands.

In this example, we change the Active Directory user “123 User”.

Set-ADUser -identity 123user -Replace @{msExchHideFromAddressLists=$true}

To check the setting of the msExchHideFromAddressLists attribute, use the cmdlet Get-ADUser
In this example, I check the status of user “ABC User”

Get-ADUser -Identity “ABC User” -Properties msExchHideFromAddressLists

Hide Users from GAL using PowerShell (Cloud Only)

First, connect to Exchange Online.

See the article Connect to exchange online for detailed steps.

To hide a user, resource, or shared mailbox from the Global Address List, use the Set-Mailbox cmdlet.

In this example, I am hiding the user “ABC User” from the GAL.

Set-Mailbox -Identity "ABC User" -HiddenFromAddressListsEnabled $true

To unhide the user mailbox from the GAL, use the Set-Mailbox cmdlet.

Set-Mailbox -Identity "ABC User" -HiddenFromAddressListsEnabled $false

To see what mailboxes are hidden from GAL, use the following script:

Get-Mailbox -ResultSize unlimited | where {$_.HiddenFromAddressListsEnabled -eq $true} | Select DisplayName

Hide Contact from GAL using PowerShell

First, connect to Exchange Online.

See the article Connect to exchange online for detailed steps.

Use the Set-MailContact cmdlet to hide a contact from the GAL. In this example, we hide the contact “Cherry Pie” from the GAL.

Set-MailContact -Identity "Cherry Pie" -HiddenFromAddressListsEnabled $true

To check the status of the HiddenFromAddressListsEnabled, use cmdlet Get-MailContact

In this example, I check the status of mail contact “Cherry Pie”

Get-MailContact -Identity "Cherry Pie" | FL HiddenFromAddressListsEnabled

To view any Mail Contact hidden from GAL, use the following command:

Get-MailContact -ResultSize unlimited | Where {$_.HiddenFromAddressListsEnabled -eq $true} | Select Name,HiddenFromAddressListsEnabled

Hide Group from GAL using PowerShell

First, connect to Exchange Online.

See the article Connect to exchange online for detailed steps.

Distribution Group

Use the Set-DistributionGroup cmdlet to hide a Distribution list or Mail-Enabled Security group from GAL. In this example, I hide the Distribution List “ADProAll” from the GAL.

Set-DistributionGroup -Identity "ADProAll"-HiddenFromAddressListsEnabled $true

To see the setting of the HiddenFromAddressListsEnabled for a Distribution Group, use the cmdlet Get-DistributionGroup

In this example, I check the status of Distribution Group “ADProAll”

Get-DistributionGroup -Identity "ADProAll" | FL HiddenFromAddressListsEnabled

To view all Distribution Groups hidden from the GAL, use the following script:

Get-DistributionGroup -ResultSize unlimited | Where {$_.HiddenFromAddressListsEnabled -eq $true} | Select Name,HiddenFromAddressListsEnabled

Microsoft 365 Group

To hide a Microsoft 365 Group, use cmdlet Set-UnifiedGroup.

In this example, I hide the Microsoft 365 Group “Accounting Team” from the GAL.

Set-UnifiedGroup -Identity "Accounting Team" -HiddenFromAddressListsEnabled $true

To view the setting of HiddenFromAddressListsEnabled on a Microsoft 365 Group, use the cmdlet Get-UnifiedGroup

In this example, I check the setting of “Accounting Team”

Get-UnifiedGroup -Identity "Accounting Team" | FL HiddenFromAddressListsEnabled

To view all Microsoft 365 Groups hidden from GAL, use the following script:

Get-UnifiedGroup -ResultSize unlimited | Where {$_.HiddenFromAddressListsEnabled -eq $true} | Select Name,HiddenFromAddressListsEnabled

Dynamic Distribution List

To hide a Dynamic Distribution List, use the Set-DynamicDistributionGroup cmdlet.

In this example, I hide the Dynamic Distribution List named “ADProDDL” from the GAL.

Set-DynamicDistributionGroup -Identity ADProDDL -HiddenFromAddressListsEnabled $true

To check the setting of HiddenFromAddressListsEnabled on a Dynamic Distribution List, use the cmdlet Get-DynamicDistributionGroup.

Get-DynamicDistributionGroup -Identity "ADProDDL" | FL HiddenFromAddressListsEnabled

To get a list of all objects hidden from the GAL, use the cmdlet Get-Recipient.

Get-Recipient -ResultSize unlimited -Filter {HiddenFromAddressListsEnabled -eq $true}

9 thoughts on “Hide Users From Global Address List (GAL)”

  1. Ted

    Is there any option to hide an external contact from a GAL, but still have it show up in groups it’s assigned to?

    Reply
    • Avatar photo
      Robert Allen

      Contacts have the msExchHideFromAddressLists attribute. Setting this to TRUE should hide it from the GAl and it would still show up in groups.

      Reply
  2. John

    i’ve made a script that runs on local AD to set the HiddenFromAddressListsEnabled to $true for certain users. I see that the value has been set/changed in de local AD.
    But after running a ADSyncCycle i don’t see the value beeing changed in the online AD, any idea’s?

    Reply
  3. Durai

    Hi Team,

    I have requirement for If i move any disabled users to Active Directory “ExitUsers” OU all the members need to hide from global address book in AD.

    If any one know the option please let us know. I have tried in OU Attribute msExchHideFromAddressLists but its not working.

    Thanks
    Durai

    Reply
  4. Rolando

    Varies depending if you are on-prem/cloud/hybrid

    Reply
  5. AusSupport

    How to separate two domains with GAL

    Reply
  6. Nathan

    Appreciate this! It was really helpful and so perfectly and neatly laid out. I learned something new today 🙂

    Reply
    • Avatar photo
      Robert Allen

      😎

      Reply
  7. Nati

    What specific permission do I have to have to be able to hide a room. The option is disabled for me and I see a message: You do not have permission to edit this information

    Reply

Leave a Comment