0

I have some user account without email address in my active directory I , for example admins users, service users and so on.

I found them in the Global address list of Exchange 2013, how can I remove them? I want to leave only users with email address.

This is my current settings checked with Get-GlobalAddressList command (I think this is the default):

RecipientFilter              : ((Alias -ne $null) -and (((((((((((ObjectClass -eq 'user') -or (ObjectClass -eq 'contact'))) -or (ObjectClass -eq 'msExchSystemMailbox'))) -or (ObjectClass -eq 'msExchDynamicDistributionList'))) -or (ObjectClass -eq 'group'))) -or (ObjectClass -eq'publicFolder'))))
LdapRecipientFilter          : (&(mailNickname=*)(|(objectClass=user)(objectClass=contact)(objectClass=msExchSystemMailbox)(objectClass=msExchDynamicDistributionList)(objectClass=group)(objectClass=publicFolder)))
LastUpdatedRecipientFilter   : ((Alias -ne $null) -and (((((((((((ObjectClass -eq 'user') -or (ObjectClass -eq  'contact'))) -or (ObjectClass -eq 'msExchSystemMailbox'))) -or (ObjectClass -eq  'msExchDynamicDistributionList'))) -or (ObjectClass -eq 'group'))) -or (ObjectClass -eq 'publicFolder'))))
Tobia
  • 1,272
  • 9
  • 41
  • 81

3 Answers3

1

Seems that there is an attribute to set in AD user settings instead of edit the global query:

enter image description here

Tobia
  • 1,272
  • 9
  • 41
  • 81
1

Normally an user without Exchange attributes should not come up in the GAL (it also wouldn´t make sense to show them here). So there are multiple options:

1.) If the user is a exchange user you can simply hide it from the GAL. There is an option in every AD object which you can set via the Exchange GUI (more infos here). Via that way you can exclude the users you do not wish to come up in the GAL.

enter image description here

2.) I have seen that some admins copy AD objects and then perform some "hacks" in order to remove the propperies they do not need. Thats not a good option if the user is Exchange mail enabled as for example the following propperties showInAddressBook, msExchHideFromAddressLists, msExchHomeServerName, msExchUserAccountControl might not be removed, which therefore might cause such issues you experience as the system still discover them as valid Exchange users. So if those accounts are copies by hand, make sure that the accounts do not have Exchange attributes.

3.) Per out of the box the GAL filter is (taken from Exchange 2016):

(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass -eq 'publicFolder'))

That means only users which have an Exchange mailbox are added to the GAL. However in your environment it might mean the default GAL was adjusted or you are using an additional created GAL with a different setup. You should check the filter here and make sure that it is correct and is excluding the users which aren´t supposed to be in the GAL.

enter image description here

BastianW
  • 2,868
  • 4
  • 20
  • 34
  • This is not applicable because these users don't have an email address therefore this page of ECP is not available – Tobia Nov 24 '17 at 10:40
  • Per default only MailEnabled users will show up/come up in the GAL. So if the user isn´t supposed to be an Exchange mailbox user, did the user has some AD properties which are Exchange related as mentioned in nr2? Additional you should check the GAL filter as per default only Exchange user are part from the GAL. However on your side it might have been changed for some reasons or you are using a 2nd GAL which we do not know. – BastianW Nov 24 '17 at 11:20
  • I think the problem is that these users were made copying an exinting user with email, than they get all exchange attributes but without a real mailbox... – Tobia Nov 25 '17 at 08:32
  • Yes if that is done the account still has some exchange attributes and will therefore added to the gal. But it should be very easy to fix as you can use aduc to delete the wrong attributes very quickly. – BastianW Nov 25 '17 at 10:58
1

had the same issue, this fixed it

Get-GlobalAddressList "Default Global Address List" | Update-GlobalAddressList
RalfFriedl
  • 3,108
  • 4
  • 13
  • 17
Andy
  • 11
  • 1