Exchange Server

How to Remove Mail Users from the Global Address List

Avatar photo
Post author:Written By 49 Comments

The default Global Address List in an Exchange 2007 or Exchange 2010 organization includes all mail-enabled objects.  It does this using the following recipient filter:

((Alias -ne $null) -and (((((((((((ObjectClass -eq 'user') -or (ObjectClass -eq 'contact
'))) -or (ObjectClass -eq 'msExchSystemMailbox'))) -or (ObjectClass -eq 'msExchDynamicDi
stributionList'))) -or (ObjectClass -eq 'group'))) -or (ObjectClass -eq 'publicFolder'))
))

You can see that the following object classes are included:

  • User
  • Contact
  • System Mailbox
  • Dynamic Distribution Group
  • Group
  • Public Folder

In some environments it may be desirable to exclude Mail Users.  Mail Users are similar to Contacts in that they do not have a mailbox in the local Exchange organization, however unlike Contacts they do have a user account in Active Directory.

In other words, Mail Users are mail-enabled user objects that use an external email service.

Mail Users are displayed in the same area of the Exchange Management Console as regular Contacts, which may lead you to think that excluding them from the Global Address List is as simple as removing this part of the recipient filter:

-or ObjectClass -eq ‘Contact’

However that is not correct, and will not remove Mail Users from the Global Address List.  To understand how to actually do this take a closer look at the attributes of a Mailbox User and a Mail User.

[PS] C:\>get-mailbox "John Smith" | fl objectclass, recipienttype

ObjectClass   : {top, person, organizationalPerson, user}
RecipientType : UserMailbox

[PS] C:\>get-mailuser "Peter Banes" | fl objectclass, recipienttype

ObjectClass   : {top, person, organizationalPerson, user}
RecipientType : MailUser

Notice that both are the same ObjectClass of ‘user’, which would still be included in the recipient filter if you were to simply remove the ‘Contact’ object class.

Instead, to remove Mail Users from the Global Address List you should exclude them by Recipient Type. You can do this by including the following condition in your recipient filter:

RecipientType -ne ‘MailUser’

For example:

Set-GlobalAddressList "Default Global Address List" -RecipientFilter {(Alias -ne $null -and RecipientType -ne 'MailUser' -and (ObjectClass -eq 'user' -or ObjectClass -eq 'Contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass -eq 'publicFolder'))}

If you’re making this change to the default Global Address List see my previous post with the solution to the error that occurs when modifying the default Global Address List.

Tags: , , ,

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Mario M. 17 Oct 2018 Reply

    Note: Exchange 2013: MailUser is now MailContact

  2. Jerry 10 Oct 2018 Reply

    Hi Paul,

    Can we do the settings like this below?

    We don’t want regular employees see the “Title” in Global Address Book, but managers can see it. Is that possible? Our Exchange Server is 2007 SP1.

    Thank you.

    Jerry

  3. Manhel 25 Oct 2017 Reply

    Dear All,

    How can I remove a wrong email address from the whole contacts address book as an admin?

    Somebody entered that email by mistake and everybody is replying to that email.

    Thanks for your help.

  4. Just 29 Aug 2017 Reply

    hi,

    I changed my zimbra mail server name. After successfully changed it, still I found old servername in gal.

    How can I clear that.

  5. TT 3 Nov 2016 Reply

    My problem is similar in that we have addresses that aren’t showing up, namely any secondary smtp addresses or aliases…any thoughts on that?

  6. Scott Nace 16 Oct 2016 Reply

    Sorry! I was logged in with my account and I did not have any address books setup for my domain since I am the Administrator. Not thinking clearly. Once I attached outlook to one of the hosted domain with all the policies in place, they only saw there own GAL. Again sorry for the post. I am new to the muti tenant environment and getting better at it everyday that passes.

  7. Scott Nace 13 Oct 2016 Reply

    Paul,

    In exchange 2016 I am hosting multiple domain and want to disable or delete the Default GAL. What is the best way to accomplish this?

  8. Anil Udayabhanu 25 Mar 2016 Reply

    Hi Paul,

    How do we hide two different companies’ GAL hosted on the same exchange server 2013 ?

    so that company A dont see company B employees address list

    Thanks
    Anil

  9. Nugroho Anindyanto 14 Dec 2015 Reply

    Hi Paul,

    I have Exchange Server 2013 and Zimbra Server (Hybrid), all the user stored in Active Directory.

    I would like to send an email to the user who does not have exchange mailbox but has zimbra mailbox, when I do a search active directory user who has a mailbox zimbra not appear in the GAL.

    How to display the active directory user who does not have Exchange mailboxes in the GAL?

  10. Larisa 24 Jul 2015 Reply

    Hi Paul,
    here is the situation:
    1. we have external clients and they cannot view the default GAL
    2. external clients should see only other external clients and the staff from the department they work for and their distribution lists
    3. i filtered external clients by custom attribute 1 and assign ABP
    4. filtered department staff by custom attribute 2 and add them to external users GAL
    5. external clients GAL looks good

    the issue is:
    external clients custom address list are visible in default GAL. i do not want to create a separate ABP and apply to everyone in the company except external clients – i actually want to have minimal changes to default GAL.

    Please let me know if there is other way to configure it and how to remove custome address list from default GAL.

  11. Aker 7 Feb 2015 Reply

    I run a script to disable a user from GAL and also I did manually from Exchange management list and hide through AD waited 2 days people still see the disabled user in outlook . Can you suggest me something ?
    Environment

    exchange 2007
    outlook 2007
    ad 2003 and 2012

    1. Avatar photo
      Paul Cunningham

      The Real Person!

      Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

             7 Feb 2015 Reply

      Not sure what you mean by “Hide through AD”. Hiding a recipient from the GAL is done using Exchange management tools.

      Otherwise, it depends if you mean users can still see them in Outlook or OWA. If it’s OWA, then the recipient hasn’t been hidden correctly. If its Outlook, it might just be the Offline Address Book.

      https://www.practical365.com/optimizing-oab-schedules-exchange-server-2010/

      Or if you mean in Outlook they can see the recipient’s name in their autocomplete cache, eg when they start typing it, that is the Outlook nickname cache and you’d need to clear that from clients to stop that.

  12. fz 9 Oct 2014 Reply

    Hi Paul

    We want to do a similar filter but want to filter out Contacts with a string found in “Title” .

    Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘Contact’ -and (RecipientType -eq ‘UserMailbox’ -and (Title -notlike “string”)) -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

    These filters are not my strong side 🙂 Could you help me with my syntax.
    Should the RecipientType be MailContact as you pointed out earlier ?

  13. Ziv 20 Sep 2014 Reply

    Hi Paul,

    I’ve added CustomAttribute15 to filter by in order to hide from the GAL. My Filter looks like this: ((Alias -ne $null) -and (((((((((((((ObjectClass -eq ‘user’) -and (CustomAttribute15 -ne ‘hidden’))) -or (ObjectClass -eq ‘contact’))) -or (ObjectClass -eq ‘msExchSystemMailbox’))) -or (ObjectClass -eq ‘msExchDynamicDistributionList’))) -or (ObjectClass -eq ‘group’))) -or (ObjectClass -eq ‘publicFolder’))))

    When I test it in OWA I can hide/show the contact by setting the attribute, but when I test the same from Outlook 2010 in on-line mode it seems to show it. Ideas?

      1. Ziv 20 Sep 2014 Reply

        You were absolutely correct. I ran update-globaladdresslist and the account in question disappeared. Thanks for such a quick reply. You rock!

  14. Mike 25 Jun 2014 Reply

    Hi Paul,

    When I ran the command you had listed below on a custom Global Access List that I am setting up it gives me the error. Set-GlobalAddressList: Property RecipientType used in the filter has unsupported operator NotEqual.
    Is there something I am missing in the command. We are running Exchange Server 2007 SP1

    Thanks,

    Mike

    Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘MailUser’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘Contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

      1. Mike 26 Jun 2014 Reply

        Set-GlobalAddressList “Custom Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘MailUser’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘Contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

        The only difference is the name for the Global Address List.

  15. Mike P 17 Jun 2014 Reply

    Hello Paul,

    Great article, thank you. My company would like to remove external contacts from showing up in the GAL. I have removed the ObjectClass ‘contact’ from showing up in the recipient filter, yet our Outlook 2010 clients continue to show the contacts in the default GAL, even after a reboot and a couple days of waiting. Can you see anything wrong with the filter below? We have an Exchange 2007 and Exchange 2013 server. The filter looks the same on both. When looking at the Exchange 2013 server and displaying the preview of the GAL in the management console, no external contacts are listed. We don’t use cached exchange mode on any clients.

    Thank you!

    ((Alias -ne $null) -and (((ObjectClass -eq ‘user’) -or (ObjectClass -eq ‘msExchSystemMailbox’) -or (ObjectClass -eq ‘msExchDynamicDistributionList’) -or (ObjectClass -eq ‘group’) -or (ObjectClass -eq ‘publicFolder’))))

  16. ExchAdmin 12 Mar 2014 Reply

    Thanks for this, I have applied this to default GAL. I’m wondering how long it takes to take effect? Are there certain services that can be restarted to expedite? I still have “MailContacts” showing in the GAL.

    IE If I run this shell cmd it will still show in the GAL

    New-MailContact -Name “Joe Doe” -ExternalEmailAddress JohnDoe@Contoso.com -OrganizationalUnit “External Contacts”

    1. ExchAdmin 12 Mar 2014 Reply

      I have 2 Mailbox Servers and 2 CAS all running Exch 2010 SP2. I have tried restarting a CAS server and then connecting clients to that CAS, still shows all Mail Contacts.

        1. ExchAdmin 12 Mar 2014 Reply

          We don’t have any OABs, I did check OWA and the same result occurs. Once reading your article again, I found that when I mail enable a AD account (which adds an external email address to an existing AD account) it does not show up in the GAL. When I use the shell CMD in my orginal post above to create a new mail enabled contact (no AD account, just a simple contact with an external email address) it does appear in the GAL.

          Should your instructions omit mail enabled contacts from the GAL as well or is there different syntax needed to accomplish what i’m trying to do?

          PS. I copied and pasted in your shell cmd. I also tried running it again leaving out the “-or ObjectClass -eq ‘Contact’”. And again

          I don’t fully understand all of the shell CMD, specifically the -ne $null and multiple brackets. So I tried running this cmd as well:

          Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘contact’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

  17. iMedia Designs 11 Feb 2014 Reply

    That’s great Paul thanks.

  18. Jeff 17 Oct 2013 Reply

    I have some mailboxes for some select users that serve as UM or Voicemail only accounts. These same users also have a Quest Collaboration Services object that shows up in the GAL. I want the UM only maiil boxes to not show up it all, but if I use the Hide from GAL options, the lookup feature will not work for the UM only accounts. Is there any other way to hide these from the GAL so users quit emailing them?

    We add – VM to the first name to try and distinguish them from the normal accounts. Are Display names are Lastname, Firstname.

  19. Fabi 15 Nov 2012 Reply

    Hi Paul,
    I need to hide a mail contact from the GAL. How this would be ?

  20. Jane Dumke 13 Sep 2012 Reply

    I used this technique to hide about 2000 email-enabled security groups from the GAL so that users weren’t confused by the proliferation of groups that we use to control access to mailboxes, etc. This worked great and we were very excited. However, now, even though the owners of these groups can find their groups in other address lists that I’ve created, they cannot edit and save the membership changes – it says “Changes to the public group membership cannot be saved”. I assume this is because these groups are no longer in the scope of what these people are allowed to edit, but I cannot figure out how to fix this.

  21. Jay 21 Sep 2011 Reply

    Hi Paul,

    If I run this ps1 cmdlet to remove ‘mailuser’ from the GAL, will this also remove it from the ‘All users’ list and a new custom Address List i’ve created for Mail Users??

    Ideally, I want the mail users to appear only once in the Address Book – that should not be in the Default global address list and the All Users list, but in my newly created custom list.

    thanks

  22. Triss 15 Sep 2011 Reply

    You can also bulk edit.
    Just select all your contacts, choose properties, and check ‘hide from addresslist”

  23. venu alla 14 Sep 2011 Reply

    Hi Paul,
    Asking you a favor, am a java guy, came across a need to provision a user in exchange with calendar only feature. That is the user uses external mail (mailuser) but needs calendar. My search around cmdlets to enable such a user did not turn up much, taking a chance here. Thank you.
    V

  24. Mary 18 Sep 2010 Reply

    Isn’t there a GUI to work with or only command line? Use to be so easy to “hide” someone from the GAL and now you have to go to a command line and type in all that gibberish and hope you don’t wipe out everyone.

    1. Avatar photo
      Paul Cunningham

      The Real Person!

      Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.

             18 Sep 2010 Reply

      Hi Mary, you can still hide a single Mailbox User from the GAL using the GUI. You just go into Exchange Management Console, open the properties for that Mailbox User, and you’ll find the checkbox in there.

      This article is about hiding *all* objects of the type “Mail User” (different to Mailbox User) from the GAL. In the article I describe what a “Mail User” is.

    2. Seth 30 Nov 2012 Reply

      Hey guys, another trick (even easier) would be to go to the Exchange Management Console and filter your users to the desired list. Next, select all the users and right click on the selection. Go to the Hide From Exchange Address Lists check box and select it until it’s blank. Once you do this it will prompt you to the amount of changes and then you just click OK and you’re good to go.

        1. Salman 10 Dec 2012 Reply

          Hi Paul,

          I have Exchange server 2010 and user have outlook 2007. everything was working fine all of sudden my user complaint me that they cant send email e.g David.L@saradxbz.com when they send email on this email id they got this error Delivery has failed to these recipients or groups:

          David Lankester
          The e-mail address you entered couldn’t be found. Please check the recipient’s e-mail address and try to resend the message. If the problem continues, please contact your helpdesk.

          but when they send email from web outlook then there is no problem .

          what i did i asked all user to delete this email from auto complete and type is manually once they did and for a day it work but now again they have same problem, whenever they send email to specific email id which mention above they got error msg.

          Note: unfortunately that id is our GM 🙁

          Please advice

  25. Scott 5 Aug 2010 Reply

    How exactly did you “remove” this person from the Global Address List? Knowing that will determine where to go next.

      1. Abbey 1 Feb 2011 Reply

        I have done exactly what is described above using the command below. But the Mailuser still appear in the Default GAL. All i want to hide the mail user from the Default Global Address List but show the in another Address list. I am trying this on Exchange 2010 SP1.

        Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘MailUser’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘Contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

        There is another post that suggested modifying GAL purportedSearch attribute. I have not yet tried this. I am not sure if this is safe?

        Have anyone manage to archive what i am trying to do? Any help will be greatly appreciated.
        Thanks

Leave a Reply