In some cases, you’ll see an error when you try to hide a user from the address list.
If you use Exchange Admin Center you’ll see something like this:
If you try to hide from address list with PowerShell you’ll see something similar to this:
Write-ErrorMessage : |System.InvalidOperationException | The operation on mailbox "Lene Hau" failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'HiddenFromAddressListsEnabled', can't be performed on the object 'Lene Hau' because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.
The cause of this error message is that you need to manage certain attributes in your on-premises AD in a hybrid Office 365 environment.
How to Fix Hide From Address List Failed Errors
To solve this you must edit the corresponding on-premises Active Directory attribute of the synchronized user.
However, the easiest way to avoid problems with hide from address list (and similar errors) is by running Easy365Manager.
Easy365Manager consolidates AD and Office 365 management, so you never have to think about attribute authority.
All settings are managed directly from AD user properties – even complex settings like calendar delegation:
Easy365Manager is a snap-in to AD Users & Computers and can run on any system that runs AD Users & Computers.
With Easy365Manager you can move a lot of tasks from senior admins to first-level support.
Additionally, you can remove your on-premises Exchange Server.
Download the 30-day trial here.
Edit AD Directly to Fix Hide From Address List
Without Easy365Manager you need to edit the raw AD attributes of the user.
Enable Advanced Features in AD Users & Computers:
Then open user properties, select the Attribute Editor tab, and click Filter to ensure you show all attributes, including empty ones:
Then locate the msExchHideFromAddressLists attribute and set it to true:
You must wait for Azure AD Connect to synchronize the change to Azure AD. This may take up to 30 minutes.
To speed up replication, use a remote PowerShell session to Azure AD Connect to trigger a delta replication (with Easy365Manager, you can do this directly from user properties).
After replicating to Azure AD, the change must replicate to Exchange Online. This is beyond user control and can take a couple of minutes.
Once the replication completes you’ll see the changed configuration in Exchange Admin Center and EXO PowerShell.