1

I've got a problem with AD Connect working in one of our customers systems. We first configured O365 and Exchange Online, then connected AD with AAD with AD Connect. when we did that, the local AD changed the primary SMTP for users, and we can't change it from O365 (it says, it has been configured by local AD service).

Basically, the email address should be like john.smith@domain.com and username should be jsmith, but the system changed primary SMTP to jsmith@domain.com (which should be an alias).

According to what I've been able to determine with customers IT team, the attributes in AD look ok (although I'm not 100% sure about that). The biggest problem is that I don't have an access to local AD at my customers environment, so I'm sort of working blind here.

What should I look for? How to fix it?

Dave M
  • 4,494
  • 21
  • 30
  • 30
kjubus
  • 145
  • 1
  • 9
  • Yeah, the problem is almost certainly that the attributes in AD are *NOT* correct. Kinda hard to diagnose blind, but my guess would be that either the mail attribute is set to the improper value, or whoever's doing their local AD has multiple primary addresses defined because they think it goes by order, rather than capitalization of the `SMTP` part of the proxyaddress attribute. – HopelessN00b Jan 11 '18 at 17:04

2 Answers2

0

Before you synchronize your AD DS to your Azure AD tenant, you need to clean up your AD DS.

Important

If you don't perform AD DS cleanup before you synchronize, it can lead to a significant negative impact on the deployment process. It might take days, or even weeks, to go through the cycle of directory synchronization, identifying errors, and re-synchronization.

In your AD DS, complete the following clean-up tasks for each user account that will be assigned a Microsoft 365 license:

Ensure a valid and unique email address in the proxyAddresses attribute.

Remove any duplicate values in the proxyAddresses attribute.

If possible, ensure a valid and unique value for the userPrincipalName attribute in the user's user object. For the best synchronization experience, ensure that the AD DS UPN matches the Azure AD UPN. If a user does not have a value for the userPrincipalName attribute, then the user object must contain a valid and unique value for the sAMAccountName attribute. Remove any duplicate values in the userPrincipalName attribute.

For optimal use of the global address list (GAL), ensure the information in the following attributes of the AD DS user account is correct:

givenName surname displayName Job Title Department Office Office Phone Mobile Phone Fax Number Street Address City State or Province Zip or Postal Code Country or Region

Source: https://docs.microsoft.com/en-us/microsoft-365/enterprise/prepare-for-directory-synchronization?view=o365-worldwide

Kip
  • 1
0

I ran into the issue after we migrated our in-house Exchange server to Office 365.

The AD Connect tool is working as designed. The Primary email attribute in the local Active Directory changed, so AD Connect pushed the change to Office 365. To make the correct email address primary, you will need to access the Attribute Editor tab in Active Directory Users and Computers. If you don’t see that tab for your user objects, click on the “View” menu at the top of Active Directory Users and Computers (ADUC) and then click on “Advanced”.*

Then,

  • Open the properties of the user object you need to change in ADUC.

  • Click on the Attributes tab.

  • Find the proxyAddresses value and click edit.

  • TYPE IN THE ADDRESS WITH A CAPITAL SMTP (this is what makes it primary)

For example

SMTP: jerry.seinfeld@yaddayadda.com

  • Click Add
  • OK twice

The change will take effect at next AD Connect Sync (auto or manual).

*note: The Attributes tab won't appear using the Remote Server Administration Tools. You'll need to login to the Domain Controller and use ADUC from there. Alternatively, you can use ADSI Edit remote tools to change the primary email address for a user.

See below for ADSI Edit steps.

Click Start, click Run, type ADSIEdit.msc, and then click OK.

Right-click ADSI Edit, select Connect to, and then click OK to load the domain partition.

In the navigation pane, locate the user object that you want to modify, right-click it, and then click Properties.

In the Attributes list, click the proxyAddresses attribute, and then click Edit.

In the Value to add field, enter the appropriate SMTP address, and then click Add.

Note The primary SMTP address value for the user object should be prepended by an uppercase "SMTP:" designator for it to be formatted correctly for the proxyAddresses attribute.

For example:

"SMTP:username@contoso.com" is an acceptable value.
"username@contoso.com" and "smtp:username@contoso.com" are not acceptable values.

Click OK two times, and then exit ADSI Edit.

The ADSI Edit instructions taken from the TechNet article https://blogs.technet.microsoft.com/hot/2012/06/25/how-to-use-smtp-matching-to-match-on-premises-user-accounts-to-office-365-user-accounts-for-directory-synchronization/

Art.Vandelay05
  • 1,354
  • 3
  • 13
  • 26