Hey, Scripting Guy! How Can I Configure the Hide From Exchange Address Lists Property for All the Contacts in a Domain?

Hey, Scripting Guy! How Can I Configure the Hide From Exchange Address Lists Property for All the Contacts in a Domain?

  • Comments 2
  • Likes

Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I configure the Hide From Exchange Address Lists property for all the contacts in a domain?

-- MM

SpacerHey, Scripting Guy! AnswerScript Center

Hey, MM. You know what the say: you can run, but you can’t hide (especially from Microsoft Exchange!). But what they forgot to add is that you can hide, as long as you’ve set the value of the MSExchHideFromAddressLists attribute to True.

But you already knew that, didn’t you? What you really wanted to know was how you can configure this attribute for each and every contact in your domain, wasn’t it? Well, that’s easy; you just use a script like this one:

On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT ADsPath FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectClass='contact'"  
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strContactPath = objRecordSet.Fields("ADsPath").Value
    Set objContact = GetObject(strContactPath)
    objContact.MSExchHideFromAddressLists = TRUE
    objContact.SetInfo
    objRecordSet.MoveNext
Loop

If you look closely at the code (and we always hope that you do look closely at the code and don’t just take our word for it), you’ll see that this is an example of an Active Directory search script. As usual, we won’t take the time to explain each and every line of code here; if you need some background information on searching Active Directory, we recommend you take a look at our two-part series, Dude, Where’s My Printer? For now we’ll merely note that this is the query we use to retrieve a list of all the contacts in the domain:

objCommand.CommandText = _
    "SELECT ADsPath FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectClass='contact'"

Yes, very simple: all we do is request all the items in Active Directory where the objectClass attribute is equal to contact.

Of course, then the question becomes this: once we have a collection of all the contacts what the heck do we do with it?

Well, as you probably know, Active Directory search scripts are read-only: although we can use queries to retrieve data from Active Directory we can’t write any sort of Update query that can go out and modify that data. Instead, what we need to do is individually bind to each contact and change the value of the MSExchHideFromAddressLists attribute.

Don’t worry; it’s not as hard as it sounds. (We’ve already done the hard part, retrieving a list of all the contacts in the domain.) To begin with, we set up a Do Until loop that will walk us through our recordset, contact-by-contact (the EOF, of course, is short for end of file, meaning this loop will keep running until we run out of records):

Do Until objRecordSet.EOF

For each contact we grab the value of the ADsPath attribute and then use the GetObject method to bind to the contact account in Active Directory. That’s what we do here:

strContactPath = objRecordSet.Fields("ADsPath").Value
Set objContact = GetObject(strContactPath)

The ADsPath attribute, of course, looks something like this:

LDAP://cn=Ken Myer, ou=Finance, dc=fabrikam, dc=com

That’s why you don’t see us reference the LDAP provider when we call GetObject: we don’t need to reference the provider because it’s included in the ADsPath.

After binding to the contact account we set the MSExchHideFromAddressLists attribute to True, then call the SetInfo method to write the updated information to Active Directory:

objContact.MSExchHideFromAddressLists = TRUE
objContact.SetInfo

Don’t leave out the SetInfo method: if you do, the changes you make will not be saved to the contact account in Active Directory. And don’t leave out this line of code, either:

objRecordSet.MoveNext

This is the cue for the script to move from one record in the collection to the next. If you leave this out, your script will continue working with the first record in the collection from now until the end of time. (Which, in some ways, would be kind of cool, but not exactly what you had in mind.)

And that’s it: your contacts will now be hidden from the Exchange address lists. Now if only we could hide from email that easily ….

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Is there a way to fix this script so it works on Exchange 2007?  I have been using a derivative of this script successfully with Exchange 2003 but this bit of code doesn't successfully hide the user from the GAL, it only turns on the attribute:

    objContact.MSExchHideFromAddressLists = TRUE

    objContact.SetInfo

    I think there must be some other attribute or method that needs to be called for Exchange 2007 to hide the user from the GAL.  Can you help?

  • Hello.  I echo Amerist's statement above...this script must be annotated to state that it only works for Exchange 2003.  Exchange 2007/2010 no longer use RUS to update the AD attribute that REALLY hides the user from the GAL, which is "showinaddressbook".  It would be very helpful to have a script updated that sets both attributes - the first one to "True" and the second one to clear any existing entries (or use a different cmdlet that takes care of both that Exchange 2007/2010 understands).  Thanks!