Difference between `proxyAdresses` and `mail` attributes in Active Directory

Question

In Windows Active Directory (in connection with Exchange 2010), I am unsure about the semantic difference between mail: and proxyAddresses: attributes. As far as I can tell, mail: is one-valued whereas proxyAddresses: is multivalued and (apart from the possibility to include non-SMTP addresses) allows one value starting with SMTP as main address and several values starting with smtp as secondary addresses.

I think I recall that in former versions of Windows and/or Exchange the main proxyAddresses was always kept in sync with the mail attribute. But I now noticed that these are no longer automatically kept in sync (depending on how one edits the data). So it may happen that I have a user with

mail: AAA@example.com
proxyAddresses: SMTP:BBB@example.com
proxyAddresses: smtp:CCC@example.com

So any mail that user sends will use <BBB@example.com> as sender address; incoming mail addressed to either <BBB@example.com> or <CCC@example.com> will end up at that users mailbox; but where does <AAA@example.com> come into play?

So the questions I have are

• Is there any specific purpose where the mail attribute is used?
• Does it ever make sense to have different mail: and proxyAddresses:SMTP entries as above?
• If the answer to the preceding question is "no": What am I doing wrong that causes mail: and proxyAddresses:SMTP to be no longer kept in sync?

Answer 1

As you said, the proxy address attribute can contain multiple values whereas the mail address contains only a single value. This can be useful when configuring multiple addresses for a single account. See the below config:

proxyAddresses: SMTP:aaa@example.com

proxyAddresses: smtp:bbb@example.com

proxyAddresses: smtp:ccc@example.com

In this instance, the first attribute "SMTP:aaa@example.com", being uppercase, defines the user's primary email address. And will also be the default address for Outlook and Outlook online.

There are 3 attributes that need to be configured to ensure Accounts are synced properly between your on-premise domain controller and AzureAD/Exchange Online. These are mail, mailNick and proxyAddress.

An example of a working configuration would be as follows:

mail: aaa@example.com

mailNick: John Smith

proxyAddress: SMTP:aaa@example.com

proxyAddress: smtp:bbb@example.com

proxyAddress: smtp:ccc@example.com

Answer 2

From what I know the mail: attribute is more a contact attribute as it can exist without Exchange against a user.

The proxyAddressss are the ones used to deliver mail primarily used by exchange.

Answer 3

The 'targetAddress' attribute is used to deliver mail to the mailbox. With Exchange Online, this is where the mailbox@Tenant.OnMicrosoft.com SMTP will be located.

I have fond accounts in my AD with the proxyAddress missing, yet still working OK.

This link has how the proxyAddresses attribute is populated in Azure AD and scenarios on how it is completed: https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/proxyaddresses-attribute-populate#more-information

But despite what it says here, none of your user Accounts in AD have an '@Tenant.OnMicrosoft.com. SMTP address listed, only the mailbox@OurDomain.com SMTP is listed. Much of what I find on how these attributes are used and completed is contradicted with what I actually see and with other doc, even within Microsoft's own site. Perhaps it depends on the situation (Hybrid, on-premise, online only, etc) and they leave that out?

Answer 4

Give a look at this Url:

https://techcommunity.microsoft.com/t5/exchange-team-blog/fun-with-changing-e-mail-addresses/ba-p/609781

Fun with changing E-Mail Addresses – You Had Me At EHLO…