I’m a fan of order and logic but sometimes I hang my head and wonder what is going through developer’s minds when they do some lame stuff. Today’s rant is at the MS Azure Directory Sync and when you’re UPN and email address in your AD just do not match what MS O365 thinks it should be.
Scenario: You have your shiny AD all nice and clean, you may have or you may not have had on-premise Exchange. You decide to use O365 hosted Exchange. It should be painless. You use AD sync rather than federated services for ease. The users appear in O365 portal. You grant them a license. They get a new mailbox or you migrate your onpremise to cloud and then you get that the users primary email address is now [email protected]
Yeah, that’s right, MS just took your primary domain and stuffed theirs in to it. Why? Who knows. If you try and fix it in ECP or anywhere else in the O365 portal you get told “I can’t write to your AD!” or similar. If you try and use PowerShell you will be told a long winded version of “Do it to your local A/D, I only sync the one way”.
The Fix: There’s always a fix… Open either ADSI Edit or turn on Advanced in AD Users and Computers. Find the user and edit the attributes. Find the “mail” attribute. Make sure the value is: [email protected] Now find proxyAddresses. Add a new value called “SMTP:[email protected]”. Make sure you have SMTP in capitals and no spaces.
That’s it, say OK and then either wait up to three hours for AD sync or run the coexistance sync in PowerShell.
Tada, fixed primary SMTP 🙂