Blog Post

Exchange Team Blog
3 MIN READ

Change in naming convention of user’s Name parameter

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Apr 13, 2022

Update (4/12/23): This feature was enabled in our worldwide and 21Vianet clouds in November 2022. All tenants in these clouds will see the changes. Rollout to our GCCH and DoD clouds has been paused until further notice. Please follow this space for any other updates.

We want to inform you about a change that we are working on. This change will be rolled out in a phased manner. The following is a more updated and detailed explanation of changes being implemented.

The Name parameter associated with a recipient within a tenant in Exchange Online should be unique. However, while we sync objects from Azure Active Directory to Exchange Online, the way Name parameter (system metadata) is being computed in the backend currently led to some system conflicts impacting reliability. We realized that the current method is not the best way to compute this parameter. Hence, we want to move away from the status quo to a more robust way of generating the Name parameter which is through ExternalDirectoryObjectId (EDOID) that ensures uniqueness in the system. All the long-term reliability enhancements in the backend would be done in line with this change.

EDOID value is unique. We’ll use this GUID as Name instead of synchronizing the Name from on-premises (when in Hybrid environment) or using the alias (if Name is not specified) to compute the Name parameter in Exchange Online. With this change the DistinguishedName (DN) value will also get impacted. To better understand how this will impact objects in a tenant where directory synchronization is enabled, consider the following example:

With this new change, when creating a new Office 365 (remote) mailbox from on-premises Exchange Admin Center, the Name field will no longer synchronize to Exchange Online.

Before changes are implemented:
DisplayName: Jeff Smith
Name: Jeff Smith
Alias: jsmith
DistinguishedName: CN= Jeff Smith,OU=(tenant).onmicrosoft.com, OU=Microsoft Exchange Hosted Organizations, DC=NAMP283A001, DC=PROD,DC=OUTLOOK, DC=COM
ExternalDirectoryObjectId: 12313c53-fff7-46d4-8b83-71fb317d1853

After changes are implemented:

DisplayName: Jeff Smith
Name: 12313c53-fff7-46d4-8b83-71fb317d1853
Alias: jsmith
DistinguishedName: CN= 12313c53-fff7-46d4-8b83-71fb317d1853, OU=(tenant).onmicrosoft.com, OU=Microsoft Exchange Hosted Organizations, DC=NAMP283A001, DC=PROD, DC=OUTLOOK, DC=COM 

In this example, both the Name and DistinguishedName are updated with the EDOID value.

Note: This would also mean that any subsequent CN value change in Exchange on-premises will not be reflected in the object’s Name property in Exchange Online.

Will this change not allow modification of the Name property?
As a temporary workaround, customers can still use Exchange PowerShell cmdlets (New-MailUser, New-Mailbox, Set-User, Set-MailUser, Set-Mailbox with -Name parameter) to update* the Name property in Exchange Online. Since the cmdlets ensure uniqueness, it would allow the operation to succeed only when the passed Name is unique in the tenant.
*Updates to Name parameter using the above-mentioned cmdlets will only work for users created in Exchange Online. These cmdlets won’t work for users who are part of a hybrid environment.

How will the change impact new and existing users?
The updated naming logic would take effect during creation of new recipient objects (mailbox, user, group, contact) when the change is coming from AAD. However, if the recipient object is mastered in Exchange Online or is directly created there, then the Name which is given during creation will be honored. Since Id/Identity in Exchange Online is a field derived from DistiguishedName it will also reflect EDOID values going forward. If you want to uniquely identify a recipient, you can still use the value of Identity for all practical purposes. However, if visual representation of something similar to Name is preferred, it is advised to take dependency on alias/DisplayName instead. Lastly, existing users won’t get impacted in any way; they will continue to reflect the same Name as was before the change was implemented.

Please note that since we will start using EDOID as Name in Exchange Online, we shall stop allowing changes in CN to reflect in Name property in Exchange Online for all users (both new and existing). 

We recommend that Administrators evaluate any scripts or other automation that may rely on the Name property and update them accordingly. Additionally, we also encourage Administrators to take dependency on DisplayName if GUID in Name parameter does not serve the purpose.

Exchange Online Team

Updated Apr 12, 2023
Version 11.0
announcements
directory
hybrid
tips 'n tricks

219 Comments

Show More
  • agreca's avatar
    agreca
    Iron Contributor
    May 02, 2022

    Kevin Marquette I can only like your comment once but I sincerely hope Microsoft considers your suggestion as a viable alternative.

  • Kevin Marquette's avatar
    Kevin Marquette
    Iron Contributor
    Apr 30, 2022

    Why are you not just adding a `EDOID` or an `ID` property? By reusing the Name field in this way, it will be really hard to tell what code has been updated or not. 

    I would much prefer that the Name field become read-only and eventually removed than reuse it for the EDOID. This will give very clear errors when used incorrectly. There are going to be lots of random admin scripts that break because of this. Even if we update everything, there are years of online examples and documentation that will be out of date.

  • Grzegorz Wierzbicki's avatar
    Grzegorz Wierzbicki
    Brass Contributor
    Apr 22, 2022

    Hi

    Will you update Exchange commands to return useful data once Name becomes a non-readable string for end-user ?

    Manager from Get-User, GrantSendOnBehalfTo from Get-Mailbox and many others.

    We have many self-service tools exposed to users to do various reporting in Exchange Online, many of these tools take direct output from the Name attribute (so no other output is available)

  • Petri-X's avatar
    Petri-X
    Bronze Contributor
    Apr 19, 2022

    Will you rename the "Name" field as well? As having field "Name" but containing EDOID sounds not so logical.

    Not sure, but could there be companies which are using Name field as an address policies?

     

    Was this really the only option to fix this? As after this there would be quite confuses mailboxes when old mailboxes have old name format, and then new mailboxes have something else. Or are you planning to rename old mailboxes as well, even those which are duplicates? What about other objects, will this impact to them as well, like MailUser, Contacts etc..?

  • Satyajit321's avatar
    Satyajit321
    Iron Contributor
    Apr 18, 2022

    "We recommend that Administrators evaluate any scripts or other automation that may rely on the Name property and update them accordingly."

    • April 2022 - Don't you think its too short of a notice
    • Does it impact other objects like MailUsers, Distribution Groups, MailContacts , etc.
    • Almost all cmdlets have 'Name' as the default output, and useful for a quick check without much of typing currently

            Get-Recipient "A A"
            Name RecipientType
            ---- -------------
            A A UserMailbox


            get-mailbox "A A"

            Name Alias Database ProhibitSendQuota ExternalDirectoryObjectId
            ---- ----- -------- ----------------- -------------------------
            A A A.A xxxPR01DG189-db020 1.979 GB (2,125,4... xxxxx..

     

    • Many outputs like SendOnBehalf, and Manager fields, doesn't even store full details, relies solely on this
    • Existing data vs. new data having mixed up values will cause lot of disruptions
    • Any options for opt out, for companies having a robust system and doesn't get into this sync error often

     

  • Rob_R's avatar
    Rob_R
    Brass Contributor
    Apr 18, 2022

    MSFrodo  - the DisplayName also won't be synchronized in a hybrid environment?  The article above only indicates that the Name field will not synchronize. Isn't the Displayname a key property for the GAL? Can you please clarify? Thx!

  • MSFrodo's avatar
    MSFrodo
    Former Employee
    Apr 14, 2022

    That script you provided should not conflict with this change. Anyways ADSync will not sync the -DisplayName -Name field from AD. It will use a GUID in Office 365.  

    Exchange Online uses "DisplayName". Azure AD or active directory uses "Name" but this name is not populated on the GAL. I potentially forsee an issue when running scripts for specific object by -Name Attribute rather than UPN. 

  • Ron Houet's avatar
    Ron Houet
    Brass Contributor
    Apr 14, 2022

    We use PowerShell scripts to create Shared and Room mailboxes.
    This command is executed on our Hybrid server, where the name (stripped from unwanted characters) is also used.


    New-RemoteMailbox -Shared -Name $ResourceName -DisplayName $DisplayName -SamAccountName $SamAccountName -UserPrincipalName $UserPrincipalName -PrimarySmtpAddress $PrimarySmtpAddress -RemoteRoutingAddress $RemoteRoutingAddress -Alias $Alias -OnPremisesOrganizationalUnit $ResourcesOU -ErrorAction SilentlyContinue)

     

    Will this be effected? Do we have to change our scripting?
    The name attribute is only used during creation, isn't used anywhere else.