Inconsistence in Management of synced Objects in Exchange Online

Hi All,

Until now, I did believe, that some properties from synchronized Objects from On-Prem to Entra ID like Emailaddresses and HideFromAddressLists can only be changed on the Source in Active Directory.

I discovered that you could change the HideFromAddressLists property for synced MailUsers in Exchange Online EAC and EXO Powershell.

User Mailbox

If you look at a syncronized User Mailbox in Exchange Admin Center the “Hide from global address list (GAL)” is greyed out and can not be changed.

Get the Mailbox in Exchange Online

Get-Mailbox -Identity a.bohren@icewolf.ch | fl Name, DisplayName, PrimarySMTPAddress, HiddenFromAddressListsEnabled

Try to set the HiddenFromAddressListsEnabled in Exchange Online for a synced User with Mailbox

Set-Mailbox -Identity a.bohren@icewolf.ch -HiddenFromAddressListsEnabled $true

Mail User

I discovered that you could change the HideFromAddressLists property for synced MailUsers in Exchange Online EAC and EXO Powershell

On-Prem Mail User in Exchange Management Shell

Get-Mailuser -Identity k.klammer | fl Name, DisplayName, GroupType, PrimarySMTPAddress, HiddenFromAddressListsEnabled

In Microsoft 365 Admin Center you can see that the Mail User is syncronized

Mail User in Exchange Online

Get-Mailuser -Identity k.klammer | fl Name, DisplayName, GroupType, PrimarySMTPAddress, HiddenFromAddressListsEnabled

In Exchange Online Admin Center “Hide from global address list (GAL)” is NOT greyed out and you can change the toggle.

It shows success when saving

As you can see, tha value of “HiddenFromAddressListsEnabled” has clearly changed

Get-Mailuser -Identity k.klammer | fl Name, DisplayName, GroupType, PrimarySMTPAddress, HiddenFromAddressListsEnabled

Let’s try to change HiddenFromAddressListsEnabled with PowerShell - that works

Set-Mailuser -Identity k.klammer -HiddenFromAddressListsEnabled $false
Get-Mailuser -Identity k.klammer | fl Name, DisplayName, GroupType, PrimarySMTPAddress, HiddenFromAddressListsEnabled

🤔 Huh? I don’t see why this should be an exception to any other Synced Object. My assumption is, that this is a bug. What is your opinion?

Mail Contact

On-Prem Mail User in Exchange Management Shell

Get-MailContact -Identity AndresBohrenBluewin | fl DisplayName, Alias, UserPrincipalName,PrimarySMTPAddress, WindowsEmailAddress, ExternalEmailAddress, HiddenFromAddressListsEnabled

Contact Object in Microsoft 365 Admin Center - synced from On-Prem

Mail Contact in Exchange Online

Get-MailContact -Identity AndresBohrenBluewin | fl DisplayName, Alias, UserPrincipalName,PrimarySMTPAddress, WindowsEmailAddress, ExternalEmailAddress, HiddenFromAddressListsEnabled

In Exchange Online Admin Center “Hide from global address list (GAL)” is NOT greyed out and you can change the toggle.

It shows success when saving

Nothing changed here - so this seems to be kind of a GUI Bug

Get-MailContact -Identity AndresBohrenBluewin | fl DisplayName, Alias, UserPrincipalName,PrimarySMTPAddress, WindowsEmailAddress, ExternalEmailAddress, HiddenFromAddressListsEnabled

If you try to change it with PowerShell in Exchange Online a

Set-MailContact -Identity AndresBohrenBluewin -HiddenFromAddressListsEnabled $true
Get-MailContact -Identity AndresBohrenBluewin | fl DisplayName, Alias, UserPrincipalName,PrimarySMTPAddress, WindowsEmailAddress, ExternalEmailAddress, HiddenFromAddressListsEnabled

Distribution Group

On-Prem Distribution Group in Exchange Management Shell

Get-DistributionGroup -Identity DemoDistA | fl Name, DisplayName, GroupType, PrimarySMTPAddress, HiddenFromAddressListsEnabled

Distribution Group in Exchange Online

Get-DistributionGroup -Identity DemoDistA | fl Name, DisplayName, GroupType, PrimarySMTPAddress, HiddenFromAddressListsEnabled

In Exchange Admin Center “Hide from global address list” is greyed out

As expected, you can’t set HiddenFromAddressListsEnabled for a syncronized Distribution List in Exchange Online PowerShell

Set-DistributionGroup -Identity DemoDistA -HiddenFromAddressListsEnabled $true

Summary

What do you think? Is it a Bug that you can change HiddenFromAddressListsEnabled for syncronized Mail Users? Or are there any good reasons why this is possible?

Regards
Andres Bohren