How to Remove Mail Users from the Global Address List

The default Global Address List in an Exchange 2007 or Exchange 2010 organization includes all mail-enabled objects.  It does this using the following recipient filter:

((Alias -ne $null) -and (((((((((((ObjectClass -eq 'user') -or (ObjectClass -eq 'contact
'))) -or (ObjectClass -eq 'msExchSystemMailbox'))) -or (ObjectClass -eq 'msExchDynamicDi
stributionList'))) -or (ObjectClass -eq 'group'))) -or (ObjectClass -eq 'publicFolder'))
))

You can see that the following object classes are included:

  • User
  • Contact
  • System Mailbox
  • Dynamic Distribution Group
  • Group
  • Public Folder

In some environments it may be desirable to exclude Mail Users.  Mail Users are similar to Contacts in that they do not have a mailbox in the local Exchange organization, however unlike Contacts they do have a user account in Active Directory.

In other words, Mail Users are mail-enabled user objects that use an external email service.

Mail Users are displayed in the same area of the Exchange Management Console as regular Contacts, which may lead you to think that excluding them from the Global Address List is as simple as removing this part of the recipient filter:

-or ObjectClass -eq ‘Contact’

However that is not correct, and will not remove Mail Users from the Global Address List.  To understand how to actually do this take a closer look at the attributes of a Mailbox User and a Mail User.

[PS] C:\>get-mailbox "John Smith" | fl objectclass, recipienttype

ObjectClass   : {top, person, organizationalPerson, user}
RecipientType : UserMailbox

[PS] C:\>get-mailuser "Peter Banes" | fl objectclass, recipienttype

ObjectClass   : {top, person, organizationalPerson, user}
RecipientType : MailUser

Notice that both are the same ObjectClass of ‘user’, which would still be included in the recipient filter if you were to simply remove the ‘Contact’ object class.

Instead, to remove Mail Users from the Global Address List you should exclude them by Recipient Type. You can do this by including the following condition in your recipient filter:

RecipientType -ne ‘MailUser’

For example:

Set-GlobalAddressList "Default Global Address List" -RecipientFilter {(Alias -ne $null -and RecipientType -ne 'MailUser' -and (ObjectClass -eq 'user' -or ObjectClass -eq 'Contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass -eq 'publicFolder'))}

If you’re making this change to the default Global Address List see my previous post with the solution to the error that occurs when modifying the default Global Address List.

About Paul Cunningham

Paul is a Microsoft Exchange Server MVP and publisher of Exchange Server Pro. He also holds several Microsoft certifications including for Exchange Server 2007, 2010 and 2013. Find Paul on Twitter, LinkedIn or Google+, or get in touch for consulting/support engagements.

Comments

  1. How exactly did you “remove” this person from the Global Address List? Knowing that will determine where to go next.

    • I excluded the MailUser recipient type from the GAL query, ie the “RecipientType -ne ‘MailUser” bit you see above.

      This removes all Mail User recipient types from the GAL in question.

      • I have done exactly what is described above using the command below. But the Mailuser still appear in the Default GAL. All i want to hide the mail user from the Default Global Address List but show the in another Address list. I am trying this on Exchange 2010 SP1.

        Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘MailUser’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘Contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

        There is another post that suggested modifying GAL purportedSearch attribute. I have not yet tried this. I am not sure if this is safe?

        Have anyone manage to archive what i am trying to do? Any help will be greatly appreciated.
        Thanks

  2. Isn’t there a GUI to work with or only command line? Use to be so easy to “hide” someone from the GAL and now you have to go to a command line and type in all that gibberish and hope you don’t wipe out everyone.

    • Hi Mary, you can still hide a single Mailbox User from the GAL using the GUI. You just go into Exchange Management Console, open the properties for that Mailbox User, and you’ll find the checkbox in there.

      This article is about hiding *all* objects of the type “Mail User” (different to Mailbox User) from the GAL. In the article I describe what a “Mail User” is.

    • Hey guys, another trick (even easier) would be to go to the Exchange Management Console and filter your users to the desired list. Next, select all the users and right click on the selection. Go to the Hide From Exchange Address Lists check box and select it until it’s blank. Once you do this it will prompt you to the amount of changes and then you just click OK and you’re good to go.

      • That seems easier, until you create more mail users. Then you have to remember to hide them each time as well.

        By modifying the underlying query for the GAL, you filter them out for good, even if new ones are created later. More effective.

  3. Hi Paul,
    Asking you a favor, am a java guy, came across a need to provision a user in exchange with calendar only feature. That is the user uses external mail (mailuser) but needs calendar. My search around cmdlets to enable such a user did not turn up much, taking a chance here. Thank you.
    V

  4. You can also bulk edit.
    Just select all your contacts, choose properties, and check ‘hide from addresslist”

  5. Hi Paul,

    If I run this ps1 cmdlet to remove ‘mailuser’ from the GAL, will this also remove it from the ‘All users’ list and a new custom Address List i’ve created for Mail Users??

    Ideally, I want the mail users to appear only once in the Address Book – that should not be in the Default global address list and the All Users list, but in my newly created custom list.

    thanks

    • It is Set-GlobalAddressList “Default Global Address List” so its only modifying the recipient scope of the “Default Global Address List” GAL object. The rest won’t be changed.

  6. I used this technique to hide about 2000 email-enabled security groups from the GAL so that users weren’t confused by the proliferation of groups that we use to control access to mailboxes, etc. This worked great and we were very excited. However, now, even though the owners of these groups can find their groups in other address lists that I’ve created, they cannot edit and save the membership changes – it says “Changes to the public group membership cannot be saved”. I assume this is because these groups are no longer in the scope of what these people are allowed to edit, but I cannot figure out how to fix this.

  7. Hi Paul,
    I need to hide a mail contact from the GAL. How this would be ?

  8. I have some mailboxes for some select users that serve as UM or Voicemail only accounts. These same users also have a Quest Collaboration Services object that shows up in the GAL. I want the UM only maiil boxes to not show up it all, but if I use the Hide from GAL options, the lookup feature will not work for the UM only accounts. Is there any other way to hide these from the GAL so users quit emailing them?

    We add – VM to the first name to try and distinguish them from the normal accounts. Are Display names are Lastname, Firstname.

  9. iMedia Designs says:

    That’s great Paul thanks.

  10. ExchAdmin says:

    Thanks for this, I have applied this to default GAL. I’m wondering how long it takes to take effect? Are there certain services that can be restarted to expedite? I still have “MailContacts” showing in the GAL.

    IE If I run this shell cmd it will still show in the GAL

    New-MailContact -Name “Joe Doe” -ExternalEmailAddress JohnDoe@Contoso.com -OrganizationalUnit “External Contacts”

    • ExchAdmin says:

      I have 2 Mailbox Servers and 2 CAS all running Exch 2010 SP2. I have tried restarting a CAS server and then connecting clients to that CAS, still shows all Mail Contacts.

      • Perhaps you’ve made a syntax error in your recipient filter. I assume you’re looking at the GAL via OWA and not via Outlook to eliminate the OAB from the equation too.

        • ExchAdmin says:

          We don’t have any OABs, I did check OWA and the same result occurs. Once reading your article again, I found that when I mail enable a AD account (which adds an external email address to an existing AD account) it does not show up in the GAL. When I use the shell CMD in my orginal post above to create a new mail enabled contact (no AD account, just a simple contact with an external email address) it does appear in the GAL.

          Should your instructions omit mail enabled contacts from the GAL as well or is there different syntax needed to accomplish what i’m trying to do?

          PS. I copied and pasted in your shell cmd. I also tried running it again leaving out the “-or ObjectClass -eq ‘Contact’”. And again

          I don’t fully understand all of the shell CMD, specifically the -ne $null and multiple brackets. So I tried running this cmd as well:

          Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘contact’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

        • “Contact” isn’t a valid RecipientType. But “MailContact” is.

          Those -ne and -eq bits are conditional operators. You can learn more about those here:

          http://technet.microsoft.com/en-us/library/hh847759.aspx

  11. Hello Paul,

    Great article, thank you. My company would like to remove external contacts from showing up in the GAL. I have removed the ObjectClass ‘contact’ from showing up in the recipient filter, yet our Outlook 2010 clients continue to show the contacts in the default GAL, even after a reboot and a couple days of waiting. Can you see anything wrong with the filter below? We have an Exchange 2007 and Exchange 2013 server. The filter looks the same on both. When looking at the Exchange 2013 server and displaying the preview of the GAL in the management console, no external contacts are listed. We don’t use cached exchange mode on any clients.

    Thank you!

    ((Alias -ne $null) -and (((ObjectClass -eq ‘user’) -or (ObjectClass -eq ‘msExchSystemMailbox’) -or (ObjectClass -eq ‘msExchDynamicDistributionList’) -or (ObjectClass -eq ‘group’) -or (ObjectClass -eq ‘publicFolder’))))

  12. Hi Paul,

    When I ran the command you had listed below on a custom Global Access List that I am setting up it gives me the error. Set-GlobalAddressList: Property RecipientType used in the filter has unsupported operator NotEqual.
    Is there something I am missing in the command. We are running Exchange Server 2007 SP1

    Thanks,

    Mike

    Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘MailUser’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘Contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

    • What is the exact command you’re running?

      • Set-GlobalAddressList “Custom Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘MailUser’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘Contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

        The only difference is the name for the Global Address List.

Leave a Comment

*

We are an Authorized DigiCert™ SSL Partner.