Update “Hide User From GAL” with a batch script.

Here is a neat way to hide a user from Global Address List without having to go into Exchange. I just figured this one out the other day. I comes in handing when terminating employees.

:Hide user from GAL
:start
echo off
cls
set /p tempusername=What username would you like to hide?
dsquery.exe user OU=Employees,DC=ABCCompany,DC=com -o dn -scope subtree -samid %tempUsername% -d SSC | findstr /r "CN="
if %errorlevel%==1 goto UserNoExist
@echo --------------------------------------------------------------------------------
@echo Hiding %tempusername%?
@echo Is this correct?
pause
cls
for /f "tokens=*" %%h in ('ldifde -f %temp%\hideExch.ldf -d "ou=Employees,dc=ABCCompany,dc=com" -p subtree -r "(&(objectCategory=person)(objectClass=User)(sAMAccountName=%tempusername%))" -l "DN" -v ^| find "entry"') do set ldifdeDNNAME=%%h
echo dn: %ldifdeDNNAME:~17%>%TEMP%\hideExch.ldf
echo changetype: modify>>%TEMP%\hideExch.ldf
echo replace: msExchHideFromAddressLists>>%TEMP%\hideExch.ldf
echo msExchHideFromAddressLists: TRUE>>%TEMP%\hideExch.ldf
echo ->>%TEMP%\hideExch.ldf
echo delete: showInAddressBook>>%TEMP%\hideExch.ldf
echo ->>%TEMP%\hideExch.ldf
ldifde -i -f %TEMP%\hideExch.ldf
del %TEMP%\hideExch.ldf
exit
:UserNoExist
cls
echo The user you have specified does not exist in AD.
pause
goto start

There you go. Feel free to modify as needed so it fits your environment.