Hiding Contacts from Global Address List using Exchange Powershell

Ever want to hide a contact or a selected number of contacts from the Global Address List so that users can’t see them when they open Outlook Address Book? In Exchange 2007 you can do this by using the powershell. See below:

# Setting up log file
Add-Content C:\log\hidelegacycontacts.log “::Starting to hide legacy contacts “;

# Setting up error variable
$hidecontactserr = “”;

get-mailcontact *-legacy | set-mailcontact -hiddenfromaddresslistsenabled $true -ErrorAction SilentlyContinue -ErrorVariable +hidecontactserr;

# Writing final log into text file
Add-Content C:\log\hidelegcontacts.log $hidecontactserr;


# Setting up log file
Add-Content C:\log\hidelegacycontacts.log “::Starting to hide legacy contacts “;
The Add-Content cmdlet creates a new file called hidelegacycontacts.log in c:\log directory and then insert the line “::Starting to hide legacy contacts” into it.

# Setting up error variable
$hidecontactserr = “”;
This sets up the variable so the script can use to store errors into it. In this case, because of the “”, it sets up a variable hidecontactserr as a string.

get-mailcontact *-legacy | set-mailcontact -hiddenfromaddresslistsenabled $true -ErrorAction SilentlyContinue -ErrorVariable +hidecontactserr;
The get-mailcontact cmdlet searches Exchange for contacts, in this case *-legacy, means any contacts that ends with -legacy will be processed. It then pipes the results to set-mailcontact cmdlet which allows you to set certain properties on the contact, in this case it is set to -hiddenfromaddresslistenabled. As the name suggests, -hiddenfromaddresslistenabled, if assigned to the value $true will enable  the feature. The -ErrorAction SilentlyContinue will keep the command continue running even if there’s an error occurred (for example, a contact could not be found). The -ErrorVariable +hidecontactserr; tell the powershell to add the error into the hidecontactserr variable.

# Writing final log into text file
Add-Content C:\Admin\hidelegcontacts.log $hidecontactserr;

This last line is simple, it simply adds everything from the $hidecontactserr variable into the log file. This way if you process several thousands of contacts and a few hundreds errored out, you can go back into the log and look at it again.

BONUS: Instead of searching for the entire Exchange Organization, if you know all your contacts are in a certain OU, you can use the -OrganizationalUnit along with the get-mailcontact. Example below:

get-mailcontact -OrganizationalUnit  “put.yourdomainhere.com/OU/OU/TargetOU” | set-mailcontact -hiddenfromaddresslistsenabled $true -ErrorAction SilentlyContinue -ErrorVariable +hidecontactserr;


You can also use DN Name:
get-mailcontact -OrganizationalUnit  “DC=Put,DC=yourdomainhere,DC=COM,OU=OU1,OU=OU2,OU=TargetOU” | set-mailcontact -hiddenfromaddresslistsenabled $true -ErrorAction SilentlyContinue -ErrorVariable +hidecontactserr;


One comment

  1. Thank you, your bonus command was exactly what I was looking for. As a newbie at PS I couldn’t create the log file as it kept on asking for “Value for the following parameter: value [0]; ” So instead I just went for the bonus command and it worked. I only had mail contacts and no mail boxes for students, and I wanted to hide them in GAL. This worked great.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: