Categories
Tech

Using Adsiedit to Add or Remove E-mail Aliases on On-Premises Active Directory – Office 365

If you are synchronising your Office 365 account with your on-premises exchange/Active Directory, you will know that you cannot edit exchange user properties using the Office 365 administrator portal.
If you try, you will come across this error or a similar one:

The operation on mailbox “X” failed because it’s out of the current user’s write scope. The action ‘Set-Mailbox’, ‘EmailAddresses’, can’t be performed on the object ‘X’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

The reason for this is due to the fact that the AD and O365 are synchronised. Office 365 knows this and does not allow you to make any changes on O365 if there is a corresponding attribute that links up with your Active Directory.

In this article, I will show you how to add e-mail aliases using the Active Directory Service Interfaces Editor (adsiedit).

  1. Go to Start > Run and type adsiedit.msc
  2. Now, find the unit where your AD user’s reside
  3. Right click the user you want to edit and click Properties.
  4. Find the variable proxyAddresses – this is the one you want to edit.
    When you add new e-mail aliases, you want to make sure that your primary e-mail address will start with upper-case SMTP. Your aliases, aka, secondary addresses should be lower-case smtp.For example, I want my primary e-mail address to be [email protected]
    In the proxyAddresses attribute, I would put:
    SMTP:[email protected]
    As my alias, I want [email protected]… to do this, I will use lower case smtp:
    smtp:[email protected]

Apply the new settings and wait for your active directory to be synchronised with Office 365 (by default this happens every 3 hours but you can force this on your synchronisation server by following these steps)

4 replies on “Using Adsiedit to Add or Remove E-mail Aliases on On-Premises Active Directory – Office 365”

Good info, thanks!

Can I just say this is ‘effing stupid though? Not your directions, the need to do this at all. MS needs to create a local tool or something so that something as simple as an email alias can be managed from a GUI. I am not thrilled with getting help desk staff into adsiedit!

Hi Bill,
I completely agree. It shouldn’t require fiddling with advanced active directory user properties (adsiedit) to do something so trivial.
Like you said, it also requires training of staff to be able to effectively use these advanced tools.

Fortunately, we are scrapping active directory synchronisation due to several reasons (the above being one of them). It will require slightly more input from the service desk but at least everything on 365 will be manageable in its own right without having to constantly switch between the AD and 365 portal.

We are running into the same issues as we are doing our migration this weekend. Do you have any idea how to REMOVE alias addresses that don’t appear in my onsite structure, but were created during the migration (e.g. @mycompany.onmicrsoft.com)?
Also, you mentioned scrapping AD syncronization. I assume we can scrap our s now that we have doen the migration with ADFS in place…unless you know of a way without going through anothe migration??? Looking for a savior here…any help is appreciated.

Hi John,
Regarding your first question about removing the onmicrosoft.com alias – I have not done this my self but from what I understand, it shouldn’t affect your e-mail delivery… you may want to try this on a test user first though.
You should find the @onmicrosoft.com in adsiedit under the proxyAddresses attribute on your on premise server.

Also, as far as I know, you cannot remove AD synchronisation once you have it on… I know it’s silly but that is just the way it is (for now. I am certain they will make a way to de-couple the two in a few months or so).
If you want to remove the AD sync server, you will have to make a new onmicrosoft.com ID and migrate everyone to the new one.
I am in the process of doing the latter.

Comments are closed.