How to Remove Mail Users from the Global Address List

The default Global Address List in an Exchange 2007 or Exchange 2010 organization includes all mail-enabled objects.  It does this using the following recipient filter:

((Alias -ne $null) -and (((((((((((ObjectClass -eq 'user') -or (ObjectClass -eq 'contact
'))) -or (ObjectClass -eq 'msExchSystemMailbox'))) -or (ObjectClass -eq 'msExchDynamicDi
stributionList'))) -or (ObjectClass -eq 'group'))) -or (ObjectClass -eq 'publicFolder'))
))

You can see that the following object classes are included:

  • User
  • Contact
  • System Mailbox
  • Dynamic Distribution Group
  • Group
  • Public Folder

In some environments it may be desirable to exclude Mail Users.  Mail Users are similar to Contacts in that they do not have a mailbox in the local Exchange organization, however unlike Contacts they do have a user account in Active Directory.

In other words, Mail Users are mail-enabled user objects that use an external email service.

Mail Users are displayed in the same area of the Exchange Management Console as regular Contacts, which may lead you to think that excluding them from the Global Address List is as simple as removing this part of the recipient filter:

-or ObjectClass -eq ‘Contact’

However that is not correct, and will not remove Mail Users from the Global Address List.  To understand how to actually do this take a closer look at the attributes of a Mailbox User and a Mail User.

[PS] C:\>get-mailbox "John Smith" | fl objectclass, recipienttype

ObjectClass   : {top, person, organizationalPerson, user}
RecipientType : UserMailbox

[PS] C:\>get-mailuser "Peter Banes" | fl objectclass, recipienttype

ObjectClass   : {top, person, organizationalPerson, user}
RecipientType : MailUser

Notice that both are the same ObjectClass of ‘user’, which would still be included in the recipient filter if you were to simply remove the ‘Contact’ object class.

Instead, to remove Mail Users from the Global Address List you should exclude them by Recipient Type. You can do this by including the following condition in your recipient filter:

RecipientType -ne ‘MailUser’

For example:

Set-GlobalAddressList "Default Global Address List" -RecipientFilter {(Alias -ne $null -and RecipientType -ne 'MailUser' -and (ObjectClass -eq 'user' -or ObjectClass -eq 'Contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass -eq 'publicFolder'))}

If you’re making this change to the default Global Address List see my previous post with the solution to the error that occurs when modifying the default Global Address List.

Comments

  1. Scott says

    How exactly did you “remove” this person from the Global Address List? Knowing that will determine where to go next.

    • says

      I excluded the MailUser recipient type from the GAL query, ie the “RecipientType -ne ‘MailUser” bit you see above.

      This removes all Mail User recipient types from the GAL in question.

      • says

        I have done exactly what is described above using the command below. But the Mailuser still appear in the Default GAL. All i want to hide the mail user from the Default Global Address List but show the in another Address list. I am trying this on Exchange 2010 SP1.

        Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘MailUser’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘Contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

        There is another post that suggested modifying GAL purportedSearch attribute. I have not yet tried this. I am not sure if this is safe?

        Have anyone manage to archive what i am trying to do? Any help will be greatly appreciated.
        Thanks

  2. Mary says

    Isn’t there a GUI to work with or only command line? Use to be so easy to “hide” someone from the GAL and now you have to go to a command line and type in all that gibberish and hope you don’t wipe out everyone.

    • says

      Hi Mary, you can still hide a single Mailbox User from the GAL using the GUI. You just go into Exchange Management Console, open the properties for that Mailbox User, and you’ll find the checkbox in there.

      This article is about hiding *all* objects of the type “Mail User” (different to Mailbox User) from the GAL. In the article I describe what a “Mail User” is.

    • Seth says

      Hey guys, another trick (even easier) would be to go to the Exchange Management Console and filter your users to the desired list. Next, select all the users and right click on the selection. Go to the Hide From Exchange Address Lists check box and select it until it’s blank. Once you do this it will prompt you to the amount of changes and then you just click OK and you’re good to go.

      • says

        That seems easier, until you create more mail users. Then you have to remember to hide them each time as well.

        By modifying the underlying query for the GAL, you filter them out for good, even if new ones are created later. More effective.

  3. venu alla says

    Hi Paul,
    Asking you a favor, am a java guy, came across a need to provision a user in exchange with calendar only feature. That is the user uses external mail (mailuser) but needs calendar. My search around cmdlets to enable such a user did not turn up much, taking a chance here. Thank you.
    V

  4. Jay says

    Hi Paul,

    If I run this ps1 cmdlet to remove ‘mailuser’ from the GAL, will this also remove it from the ‘All users’ list and a new custom Address List i’ve created for Mail Users??

    Ideally, I want the mail users to appear only once in the Address Book – that should not be in the Default global address list and the All Users list, but in my newly created custom list.

    thanks

  5. Jane Dumke says

    I used this technique to hide about 2000 email-enabled security groups from the GAL so that users weren’t confused by the proliferation of groups that we use to control access to mailboxes, etc. This worked great and we were very excited. However, now, even though the owners of these groups can find their groups in other address lists that I’ve created, they cannot edit and save the membership changes – it says “Changes to the public group membership cannot be saved”. I assume this is because these groups are no longer in the scope of what these people are allowed to edit, but I cannot figure out how to fix this.

  6. says

    I have some mailboxes for some select users that serve as UM or Voicemail only accounts. These same users also have a Quest Collaboration Services object that shows up in the GAL. I want the UM only maiil boxes to not show up it all, but if I use the Hide from GAL options, the lookup feature will not work for the UM only accounts. Is there any other way to hide these from the GAL so users quit emailing them?

    We add – VM to the first name to try and distinguish them from the normal accounts. Are Display names are Lastname, Firstname.

  7. ExchAdmin says

    Thanks for this, I have applied this to default GAL. I’m wondering how long it takes to take effect? Are there certain services that can be restarted to expedite? I still have “MailContacts” showing in the GAL.

    IE If I run this shell cmd it will still show in the GAL

    New-MailContact -Name “Joe Doe” -ExternalEmailAddress JohnDoe@Contoso.com -OrganizationalUnit “External Contacts”

    • ExchAdmin says

      I have 2 Mailbox Servers and 2 CAS all running Exch 2010 SP2. I have tried restarting a CAS server and then connecting clients to that CAS, still shows all Mail Contacts.

        • ExchAdmin says

          We don’t have any OABs, I did check OWA and the same result occurs. Once reading your article again, I found that when I mail enable a AD account (which adds an external email address to an existing AD account) it does not show up in the GAL. When I use the shell CMD in my orginal post above to create a new mail enabled contact (no AD account, just a simple contact with an external email address) it does appear in the GAL.

          Should your instructions omit mail enabled contacts from the GAL as well or is there different syntax needed to accomplish what i’m trying to do?

          PS. I copied and pasted in your shell cmd. I also tried running it again leaving out the “-or ObjectClass -eq ‘Contact’”. And again

          I don’t fully understand all of the shell CMD, specifically the -ne $null and multiple brackets. So I tried running this cmd as well:

          Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘contact’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

  8. Mike P says

    Hello Paul,

    Great article, thank you. My company would like to remove external contacts from showing up in the GAL. I have removed the ObjectClass ‘contact’ from showing up in the recipient filter, yet our Outlook 2010 clients continue to show the contacts in the default GAL, even after a reboot and a couple days of waiting. Can you see anything wrong with the filter below? We have an Exchange 2007 and Exchange 2013 server. The filter looks the same on both. When looking at the Exchange 2013 server and displaying the preview of the GAL in the management console, no external contacts are listed. We don’t use cached exchange mode on any clients.

    Thank you!

    ((Alias -ne $null) -and (((ObjectClass -eq ‘user’) -or (ObjectClass -eq ‘msExchSystemMailbox’) -or (ObjectClass -eq ‘msExchDynamicDistributionList’) -or (ObjectClass -eq ‘group’) -or (ObjectClass -eq ‘publicFolder’))))

  9. Mike says

    Hi Paul,

    When I ran the command you had listed below on a custom Global Access List that I am setting up it gives me the error. Set-GlobalAddressList: Property RecipientType used in the filter has unsupported operator NotEqual.
    Is there something I am missing in the command. We are running Exchange Server 2007 SP1

    Thanks,

    Mike

    Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘MailUser’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘Contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

      • Mike says

        Set-GlobalAddressList “Custom Global Address List” -RecipientFilter {(Alias -ne $null -and RecipientType -ne ‘MailUser’ -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘Contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

        The only difference is the name for the Global Address List.

Leave a Reply

Your email address will not be published. Required fields are marked *