0 votes

We are on 3.3.8507.

We are using Adaxes to prepare users for deletion. Adaxes change the Exchange attribute to "msExchHideFromAddressLists=true".

When we check our Exchange 2010 server the gui reveals that the Hide From Exchange Address List has a check, so we expect the user to disappear from the GAL.

But they don't, even 3 days after the fact. So we go back to the Exchange GUI remove the check, apply, add the check back and apply and they disappear.

The Adaxes method does not seem to truly hide them.

Ideas?

by (280 points)

1 Answer

0 votes
by (215k points)

Hello,

The issue is that setting the msExchHideFromAddressLists property to True is not enough for Exchange 2010. You also have to clear the showInAddressBook property.

Thus, to hide a user's mailbox from the GAL, you have to modify your Hide the mailbox from the global address list (GAL) action:

  1. Double-click the Hide the mailbox from the global address list (GAL) action of your Custom Command.
  2. Click Add.
  3. Open the Property to modify drop-down list and check the Show all properties option.
  4. Select Show-In-Address-Book.
  5. Switch the radio-button to Remove property.
  6. Click OK. You should receive the following action:

In our next release we are going to have a more comprehensive support for Exchange features, including hiding mailboxes from the GAL.

0

Thank-you for your help.

I had examined the Built-In custom command "Deprovision" which came with the software and thought that was enough.

thanks again

0

How do we reverse this when re-provisioning a user? I can clear the property for the GAL, but i don't see an option for show-in-addressbook = true etc

0

Hello,

The thing is that the Show-In-Address-Book property is a multivalued property that is used by Exchange 2010 and higher to indicate the address books in which the user will appear. It is maintained by Exchange that is responsible for filling this property with GUIDs of address books based on address book policies.

I suggest that you wait for our next version that is to be released by the end of this month, in which there will be an option to hide an Exchange recipient from Exchange address lists. The new version will provide improved support for management of Exchange features, and hiding/unhiding from Exchange address lists will be done by means of native Exchange functionality. This means that all properties will be handled correctly.

As an option, if you have already deprovisioned some users and removed the Show-In-Address-Book property from their accounts, then, after re-provisioning a user, you need to run the following PowerShell command in the Exchange Management Shell:

Set-Mailbox -ApplyMandatoryProperties -Identity ReprovisionedUserName
where ReprovisionedUserName is the username of the user whose account you are re-provisioning.

0

The below worked for me in our custom re-provision rule...I don't know if it's 100% the proper way to do it, but it did however work properly with no errors.

$domain = $Context.GetObjectDomain("%distinguishedName%")
$rootDse = $Context.BindToObject("Adaxes://$domain/rootDSE")
$dc = $rootDse.Get("dnsHostName")
{}
if(!(Get-PSSnapin |
Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.E2010"})) {
ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
}
Set-Mailbox -ApplyMandatoryProperties -Identity %username%

0

Hello,

You can, of course, load the PowerShell Exchange snap-in to perform Exchange functions in PowerShell, but sometimes that doesn't work. A better way of doing this would be to create a remote PowerShell session to the computer where your Exchange Server is installed. Here's the modified script that uses PowerShell remoting:

$exchangeServer = "ExchangeServer.domain.com" # TODO: Modify me

$session = New-PSSession -connectionURI "http://$exchangeServer/powershell" -ConfigurationName Microsoft.Exchange
Import-PSSession -session $session

Set-Mailbox -ApplyMandatoryProperties -Identity "%distinguishedName%"

Remove-PSSession -Session $session

In the script, $exchangeServer specifies the Fully Qualified Domain Name (FQDN) of the computer where your Exchange Server is installed.

0

In Adaxes 2013.1 we have reworked the Exchange management API in Adaxes. Now, you can hide an Exchange mailbox from Exchange address lists with the help of the Modify Exchange Properties action.

For more details, see Example 1 in the Automate Exchange Mailbox Configuration Tutorial.

0

Is there an option to add the user back to Exchange Address Books when re-provisioned in the latest version of Adaxes or do we still have to execute the PowerShell in Exchange? Or does the Hide from Exchange address lists add the user back to the default address book when it is set to false?

0

Hello,

No, you don't need to execute the above PowerShell code any more. Starting from Adaxes 2013.1, enabling the Hide from Exchange address lists option in Exchange Properties removes a user from address books, and disabling the option adds the user back to the default address books.

Related questions

0 votes
1 answer

We have configured Adaxes to make accounts that have been Deprovisioned be disabled and hidden from GAL but they are still showing up in GAL. In Adaxes the account ... the sync is not completely working. Any suggestions on configurations will help. Thank you

asked Apr 2, 2021 by rujimg (40 points)
0 votes
1 answer

We have a Deprovision Rule in where we want to set "hide from address lists" in exchange, if it is not already set. but this does not work? what can i do, to first check if this is already set?

asked Oct 21, 2020 by m_st (200 points)
0 votes
1 answer

I am trying to have a scheduled job that will hide groups that are empty and I can not seem to figure out how to do it.

asked Aug 20, 2021 by hgletifer (1.3k points)
0 votes
1 answer

I am trying to send a $context.logmessage from a condition script in a Scheduled Task but I get nothing in the log. Is this not possible? Morten A. Steien

asked Jul 20, 2020 by Morten A. Steien (150 points)
0 votes
1 answer

Hello, We have users who never log to AD on a workstation but only use Outlook OWA. The Exchange value Last Logon is not an AD attribute. How can we disabled these users after a certain amount of time of inactivites ? Thank you :) TB

asked Jan 25 by tentaal (1.1k points)
2,779 questions
2,512 answers
6,576 comments
26,866 users