Today we are announcing the availability of Cumulative Updates (CUs) for Exchange Server 2016 and Exchange Server 2019. These CUs include fixes for customer reported issues along with all previously ...
Updated Apr 21, 2022
Version 9.0
Blog Post
Hey Cynrik
Since this is a new AD forrest/domain, there was never a Exchange server installed before.
Did you perform schema update prior? Try to check for version : https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/find-current-schema-version
and perform update with the https://docs.microsoft.com/en-us/exchange/plan-and-deploy/prepare-ad-and-domains?view=exchserver-2019#step-1-extend-the-active-directory-schema
Why are the attributes not synced and is there a way to manually sync the attributes "proxyAddresses" and "mail" from AAD to AD (writeback)?
You probably (that's big if on me, but they way you describe looks like it) got a situation, where you created AAD tenant and later added AD Connect and tried to sync users from local AD. If you merged the users per UPN, the object is linked without a way to undo it and it's status is set to "Synced from on-premises". ( You can check account sync status from new user portal > users > modify filter and add 'sync status' ).
The option to modify 'proxy address' on object from Exchange is then 'greyed out' and you get info that you should change it from local AD - this is normal and per design, because you manage object on the source and not on the destination of sync. "On-premises recipients can't be modified directly in Azure AD or Exchange Online. "
Can you check if this attribute sync works in this case:
Create user in local AD with desired UPN (the one sync'ed/configured in AAD ).
Check if proxyaddress is in-place. It should have at-least 1 SMTP record ( upper-case as in main mail, lower-case for alias).
Perform sync from computer running AD Connect and wait ~5 minutes :
Start-ADSyncSyncCycle -PolicyType Delta
On admin portal https://admin.microsoft.com/Adminportal/Home?source=applauncher#/users add collumn filter 'sync status' and check newly added object has status "Synced from on-premises".
Click on user and on "Account" tab press "Manage username and email". You should see a sign:
This user is synchronized with your local <u+200e>Active Directory<u+200e>. Some details can be edited only through your local <u+200e>Active Directory<u+200e>.
Now go back to local AD, open up powershell and try to add smtp alias:ails can be ed
nbsp; back to
Set-ADUser Name.Surname -add @{ProxyAddresses="smtp:name.surname.alias@domain.com"}dited only thrnbsp;User Name
and once again perform ADSync. Wait ~5 minutes for changes. You should see in a portal that new alias was added for user.Directo
^ This is the only way that I know, where you use Hybrid and modify objects centrallyl that
The AzureAD user writeback (with managing it from Azure) to LocalAD was removed way back in a past, because it stopped Azure from further development. They had to maintain schema updates for localAD also, creating more issues in case someone didn't update local schema. (some people don't update AAD Connect for months and years so that's why)
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-preview#user-writeback
Regards,
Hubert