Finding Users with a Hidden Exchange/Office365 Mailbox can be important for on premise Exchange and Exchange online management.  In this article we’re looking at finding this attribute in Active Directory.  This implies either a completely on-premise Exchange implementation or a hybrid implementation where at least one Exchange Server is on premise.

Hiding mailboxes from the Global Address List (GAL) is essential when creating accounts that you don’t want your general population to see when looking up addresses in Outlook.  This might be an account set up to receive emails from a specific external source, for example.  This also can be an important part of deprovisioning users.  You might disable them, move them to a special OU, and hide their email address from being displayed in the GAL.

Being able to report on these users is crucial for management of Active Directory and Exchange.

Find Users with a Hidden Exchange/Office365 Mailbox Using PowerShell

When you run the following scripts on a machine with RSAT installed, they will fetch users who have a hidden exchange/Office365 mailbox for a particular domain.

Method #1

import-module activedirectory
Get-ADUser -LDAPFilter "(&(objectCategory=user)(homeMDB=*)(msExchHideFromAddressLists=TRUE))"


This first method uses an LDAP query.

Method #2:

import-module activedirectory
get-aduser -filter {msExchHideFromAddressLists -eq $true -and homeMDB -like "*"}

You might also want to use a service account (“-Credentials” on your PowerShell commands) to keep things more secure. There are several other methods that don’t require RSAT (and the “activedirectory” module).  These are helpful techniques to start.

Web Active Directory’s PeopleAudit

Web Active Directory’s PeopleAudit allows you to run a report like this on demand. Also, you can delegate it safely to others in your organization to run via their web browser. Users can filter and sort the results on the fly and with a single button press print the results or export to your clipboard, PDF, Excel, or CSV.

Safely and securely specify the service account to use to perform the reporting tasks. Customize the report results and filters without scripting or coding.

Schedule these reports for delivery to you or others in your organization via configurable emails.

Web Active Directory’s PeopleUpdate can ensure that newly deprovisioned users have their email addresses hidden in the GAL.