Hidden mailboxes show up in GAL

Ever experience an issue where hidden mailboxes show up in GAL (Global Address List)? In researching this issue, I found others had experienced similar problems. The solution to this issue was simple but I still do not know what caused the issue in the first place. What a lot of administrators do when they receive a request to disable an Active Directory account is to DISABLE the AD account AND HIDE the mailbox from the GAL. The reason for this is in case folks need to retrieve information from the former associate’s mailbox or perhaps they want to keep the email active for a little while in order to give them enough time to notify customers and vendors. 

When an AD account is DISABLED and HIDDEN, the ExchangeUserAccountControl attribute should be automatically set to AccountDisabled. However, I found that for several accounts that the ExchangeUserAccountControl was actually set to NONE. So I compared this to other users who had been hidden and disabled and noticed that the value was indeed AccountDisabled

To resolve the problem, following the steps below:

  1. Log on to each Exchange database server
  2. Run the Exchange Management Shell as Administrator
  3. Run the following PowerShell command:
    Get-Mailbox -ResultSize Unlimited -Filter {HiddenFromAddressListsEnabled -eq $True} | Select SamAccountName, DisplayName, HiddenFromAddressListsEnabled, ExchangeUserAccountControl | Export-CSV C:\HiddenMbxs.csv
  4. Open the CSV file and look for all the users with a value of NONE in the ExchangeUserAccountControl column
    Make a note of all users who you are 100% positive are disabled in AD and hidden in the GAL
  5. Open the Exchange Management Console on the database server
  6. Expand Recipient Configuration
  7. Find the User Mailboxes in question and select Properties
  8. Uncheck the “Hide from Exchange address lists” checkbox and select Apply
  9. Check the “Hide from Exchange address lists” checkbox and select Apply
  10. Wait for the Address Book to generate and distribute. If you do not want to wait, then check out this post to force it.

I don’t know what the blip was that caused this issue to happen in the first place. In my case, there seemed to be a brief period of time where the ExchangeUserAccountControl attribute was not getting set correctly. If anyone has any thoughts on what could have caused this, please share your comments!

George Almeida

Welcome to my little corner of the blogosphere. I'm an Information Technology manager for a Fortune 500 company. I specialize in Windows operating systems, applications, servers, storage, networks and also have a technical background on the IBM iSeries platform. My only purpose for this blog is the hope that it helps someone, someday, somewhere. Any meager proceeds derived from our sponsors will be donated to charity.

You may also like...

Leave a Reply

Be the First to Comment!