Hiding Users from AD Synced 365 GAL

I came across an issue today where I needed to hide some old users email accounts that had been converted to shared mailboxes. However with our office 365 we don’t have full 2 way synchronization enabled. As a result when you go to the 365 portal and attempt to hide the user you get a big error message instead of a pat on the back for a job well done.

Instead what you need to do is:

  • Go to a domain controller and fire up Active Directory Users and Computers
  • Browse to the user in questions
  • Right-Click on the user and select Properties
  • Navigate to the Attribute Editor tab
  • Locate the msExchHideFromAddressLists item and click Edit
  • Set to False and click OK and then OK again to close and save the user changes

After this you will just need to wait for you AzureAD sync to occur and the changes to process.

Group Policy Issue – Windows 10 April 2018

There appears to be a weird issue where in the April 2018 release of Windows 10 group policy fails to refresh the user part of the group policy. Instead you get the message below

This is caused by the netlogon service not running (and being set to manual?!). To resolve the issue you need to do the following:

  • Press Win + R on the keyboard to open the run window
  • Type in services.msc and click run
  • Scroll down and look for Netlogon, if the status is not Running, then that’s why you’re getting this issue
  • Double-Click on Netlogon and change the Startup Type to Automatic and click the Start button
  • Once the service is running, click the OK button
  • Now try running gpupdate again

If you have a large number of computers running Windows 10 and want to fix them all you can make this change using group policy. To do so carry out the following in an appropriate Policy object

  • Start Group Policy Management on a Domain controller
  • Select the appropriate group policy
  • Select Computer Configuration > Preferences > Windows Settings > Services
  • Add a new service and use the following settings
    • Startup: Automatic
    • Service Name: Netlogon (you can pick from the list)
    • Service Action: Start Service
  • You can also set the service to restart on failure by going to the Recovery tab
  • Click  OK

All going well this should resolve the group policy issue. If this helped you please let me know!