I’ve recently been working on getting shared mailboxes in Office 365 to be hidden from the Global Address List (GAL) in the OWA and Outlook. I had a lot of trouble once I got the address hidden when I tried to access the shared mailbox (I’ll show the error later). After looking online, I couldn’t really find a comprehensive guide, hints writing this post. This post will cover the GUI, PowerShell and the problem that I encountered.
**Reminder, this only works for accounts in Office 365, the process is different for Active Directory synchronized accounts. Since I’m working with shared mailboxes, the accounts are NOT in my active directory.
In order to “hide” shared mailboxes from this list, you either need to use PowerShell or access from the GUI. If you’re just doing one or two mailboxes, the GUI works well, but for larger scales, PowerShell would be recommended.
From your administrator account on Office 365, select ‘Admin’ and ‘Exchange’ from the drop down menu.
After going into the Exchange Administration Center, verify that ‘recipients’ is selected and select ‘Shared’. This will bring you to all of your shared mailboxes.
Double click your Shared Mailbox that appears in the list or select the pencil icon to edit the properties. You will see that ‘Hide from address list’ is unselected. Since you want the account hidden from the address list, you need to select the check box. This makes your address hidden the from GAL.
To hide the account from the GAL using PowerShell is quite a bit more simple.
You need to connect to your Exchange Center via PowerShell by using the following:
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Once connected into the Exchange Center, run the following PowerShell command to edit the one account.
Set-Mailbox -Identity firstname.lastname@example.org -HiddenFromAddressListsEnabled $true
This will make the desired mailbox hidden, you can verify it from the GUI if you desire.
Since the Shared Mailbox is now hidden from the GAL, it’s going to cause some problems if you remotely access the mailbox. We have shared mailboxes enabled for Calendars and some for Inboxes for different functions. Therefore, many different people access different aspects of the shared mailboxes.
So, what’s the problem? Well, when you try to open the mailbox it gives you an error that either (1) you don’t have permissions, or (2) the mailbox doesn’t exist. Since I do a lot in the OWA, I’m going to show all error messages in that.
To replicate the error in the OWA (again the error message might change in Outlook), go to your inbox by selecting Outlook. Then select the drop down menu by your name, and select ‘Open another mailbox…’
This will present you with a window to enter the email address for the shared mailbox.
Enter in the email address of the shared mailbox and you will see something similar to this (obviously you will have an address in the white box):
It will NOT let you open the mailbox because according to your GAL, it doesn’t exist (but still receives mail).
In order to work around this issue, there are two options (1) unhide the mailbox and deal with it being in the GAL or (2) add the contact into your personal contacts.
If you REALLY don’t care about the address being in the GAL, then leave it. But, if you don’t want it in your GAL, it’s going to be quite a bit of work, that cannot be scripted or done remotely.
Since option 2 is the option I want to proceed with, I’m going to move forward with explaining it. If you need to reverse the “Hide from address list” shown above, just uncheck the box in the GUI, or run the following if you’re working in PowerShell.
Set-Mailbox -Identity email@example.com -HiddenFromAddressListsEnabled $false
So, option 2.
You still need to unhide the address in either the admin center, or using the above command. If you verify in the GUI, you will see the check box unchecked. Or verify in PowerShell by running the following command.
Get-Mailbox -Identity firstname.lastname@example.org | Format-List Hid*
This will display either True or False. If True, that means that it IS hidden from the GAL.
Once you have the HiddenFromAddressListsEnabled set to False, you can proceed forward by opening the mailbox outlined above that gave the error. This will perform the lookup in the GAL and open the shared mailbox for you.
But, since you don’t want the address in your GAL, you need to add a local contact with the shared mailbox address into your contacts before hiding the mailbox again. Once you have created the contact in YOUR contacts, you can hide the shared mailbox again (outlined above).
Once you have hidden the mailbox, attempt to open the mailbox as outlined before. It should work.
The biggest issue I have with this, is since we have multiple people accessing the mailboxes with various permissions, I cannot add the contact remotely to the contact list, nor can I expect everyone of them to add it locally themselves. If there is a way to add contacts to users contact lists remotely, I would love to know how to do it.
Like I said before, I couldn’t find any of this information in a centralized location, so I decided to consolidate it all together to hopefully help someone down the road.