Office 365 – moving mail aliases in the synchronized environment [EN]

If you have used an on-premises Exchange server before, then moving aliases is a trivial task. But, if you are synchronizing your AD information into Azure AD (e.g. with Azure AD Connect service), so you could assign Office 365 licenses and services to your users, then things become a little bit trickier. As mail aliases and main addresses are the attributes of your internal AD users and the information is only synced in one direction (from your on-premises AD to Azure AD). So, you can’t add or change aliases in the Exchange Online administration center for the existing mailboxes. This change has to be applied in your AD environment and then synced to Azure AD. This can be achieved by opening the AD user properties window and going into Attribute Editor tab (if it is not there, you have to first enable View > Advanced Features in your Active Directory Users and Computers snap-in). In that tab you have to find the ProxyAddresses entry, mark it and press the Edit button. Then you can add or remove aliases. Alias is added in the form of smtp:address@domain.tld. User’s main address starts with a capitalized SMTP part. When you add an alias address in here, it won’t automatically appear in Exchange Online. You have to wait for the synchronization with Azure AD to occur. When using Azure AD Connect automatic synchronization occurs every 30 minutes. You can also do a manual sync with this PowerShell command:

Import-Module ADSync
Start-ADSyncSyncCycle -PolicyType Delta

But there is one subtle thing to know when you are moving aliases from one user to another. In case of on-premises Exchange server everything is simple. First you remove the alias in the first user’s settings. And only then you add it to the second user’s settings (you can also do this in the same Attribute Editor). Because AD won’t allow existence of two same smtp addresses. But this is not enough in the synchronized environment case. If you remove alias for the first user and set it for the second, then during the synchronization the will be a conflict, because first user would still have the alias on the Azure AD side. In such case the main tenant administrator gets an email warning about a conflict. Usually, after a few more synchronizations everything settles and aliases information syncs normally. But you can avoid this error by doing changes in this order: remove the alias for the first user, run the sync to Azure AD, add the alias for the second user, run the the sync again.

Leave a Reply

Your email address will not be published. Required fields are marked *