Hide User from Address Lists (AD Connect) When user is synced from ad to azure ad.

When using Office 365 and AD Connect you may not be able to mark a mailbox Hide from address lists using the Office 365 portal if you are syncing users from your on-premise Active Directory.

When a user is being synchronized from your on-premise Active Directory and you attempt to hide the user from the address book using the Microsoft Office 365 portal you’ll receive the following error:

The operation on mailbox failed because it’s out of the current users’s write scope. The action ‘Set-Mailbox’, ‘HiddenFromAddressListsEnabled’, can’t be performed on the object because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

This error will always happen because Office 365 knows that user is being synced from your Active Directory so if you make any changes to the user in Office 365 the change will be overwritten the next time Active Directory syncs.

How to Hide a Mailbox from the Address Lists using the Office 365 Portal

If you create a user or shared mailbox using the Office 365 portal the user isn’t synchronized from your Active Directory follow the following steps:

1. Log in to the Exchange Admin Center using your Office 365 global admin credentials.
2. Navigate to recipients > mailboxes (or shared if it’s a shared mailbox)

3. Find and double-click the user you want to hide.

4. Check the Hide from address lists checkbox. Click Save.

If you receive The operation on mailbox failed because it’s out of the current user’s write scope error follow the steps below to make the change in Active Directory.

The address books are downloaded to the Outlook client once every 24 hours so the user will still be visible in the address book for 1 day.

How to Hide a User from the Address Lists using Active Directory (AD Connect)

1. Open Active Directory Users & Computers.
2. Enable Advanced Features by clicking View > Advanced Features.
   When Advanced Features is turned on you’ll see a checkbox as the image below

3. Find and open the properties for the user you want to hide. Click the Attribute Editor tab.

4. Find and double-click the msExchHideFromAddressLists attribute to change its value.

5. Set the value to True and save your changes.

6. Next, you’ll need to set the mailNickname field. It should be set to the first part of the primary email address. For example, my email is john.gruber@gitbit.org so the mailNickname should be set to john.gruber.

The change will be visible in the Office 365 portal after the next AD Connect job runs which may take up to an hour. The address books are downloaded to the Outlook client once every 24 hours so the user will still be visible in the address book for 1 day.

If you can’t find the attribute you may have a filter enabled. Click the Filter button and verify you’re showing all properties.

Find on > Hide User from Address Lists (AD Connect) | by John Gruber | GitBit | Medium