Hi everyone, I have two domains example1.com and example2.org.Our users email is mailto:abc@example1.com , however, they all have an alias mailto:abc@example2.or When synchronizing users to office 365, i would like to use their email address(mail attribute) as their identity so that their log in (username) for office 365 is mailto:abc@example1.com. I don't want to use their user logon name from AD because its' different. proxy address attribute for each user is as follows:SMTP: mailto:abc@example1.comsmpt:abc@example2.org If i do synchronization of identities to office 365 using the mail attribute as the identity source, will this create a user log in in office 365 with mailto:abc@example1.com as their username and an alias of mailto:abc@example2.org ? If not, how can i go about it , so that their username becomes their email address(mailto:abc@example1.com) and their alias becomes abc@example2.org

Ferzaer2 you can configure another attribute in AAD Connect as your logon name, it's called alternate logon id. But from a best practice perspective, the UPN should match your primary smtp address. I can highly recommend to change the UPN and go with the default attributes whenever possible. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-login-id

Dominik Hoefling What can go wrong ? It's only being used to create their identities i.e. usernames online on office 365 and then their mailbox is going to be synchronized, the on premises server will be decommissioned/ I think you are not understanding my question or i phrased it wrong.I know i can configure alternative id (and that is what i plan to do) use mail attribute as alternative ID so i don't have to edit user log in id for office 365. However, i would like to know how i could do this so that the users get both aliases created automatically. Here's a better example:Imagine a user with a name Jenny DearUser log on name isdearjUPN: example1.comso we have mailto:dearj@example1.com as her windows log in username- not that they use it.However, her email ismailto:Jenny@EXAMPLE1.COMSo the AD attribute has this:mail: mailto:Jenny@example1.comproxyaddress:SMTP: mailto:Jenny@example1.comsmtp: jenny@example2.org I want to use the mail attribute as an alternative log on id, so that when 400 users get synchronized, all their username for office 365 will be their mail attribute i.e. Jenny@example1.comPerfect scenario is, they also get an alias mailto:Jenny@example2.org created in the process so i don't have to go and update all of them manually.After their identities are created + passwords synchronized, the mailbox move is done, the exchange server will be killed. We won't be keeping it around for long, hopefully a week or two.

Ferzaer2 Yes, I actually got it 🙂 1. You can't remove any Exchange as long as AAD Connect is in place. If you want to remove Exchange, you "have to" switch to cloud-only accounts. It's not supported to change Exchange attributes in AD/ADSIEDIT. 2. You can configure the mail-attribute in Azure AD Connect as the logon name (UPN in Azure) which is explained in my link. A user can only have one logon name (UPN) and I believe you mean by alias another email address, right? If yes, use email address policies on-premises, then Exchange will add all your required aliases to the mailbox and these addresses will be synchronized to Exchange Online with AAD Connect and you can receive emails on those aliases as well.

Dominik Hoefling We are getting somewhere. I really appreciate your input. Here is a bit more clarification. 1. We are not going to keep ADconnect around, we plan on moving all mailboxes/users to the cloud and killing exchange(after we uninstall adconnect). We don't need password synchronization, etc. We are going to keep AD on premises for file sharing etc, and users will continue to use their current log ins as if nothing changed. Only email access will be changed and they will have two passwords moving forward. 2. Our on premises exchange email policy has a rule where whenever we createmailto:usera@example1.com, they also have an alias created mailto:usera@example2.org (yes, different domains) which is why in AD attribute the proxy address has two smtp (different domains for same user linked to one mailbox). However,I would like to create in office 365 a user log in based on the mail attribute which will result in Primary email address and username: mailto:jenny@example1.comAlias: jenny@example2.org Is there a way to do this iautomatically or with powershell based on the proxy address since they already have SMTP: mailto:jenny@example1.com (with capital so that it's the primary domain/address) and the second one smtp: mailto:jenny@example2.org as the second one or alias. Or for example, i synch them and their identities are created as:mailto:jenny@example1.com, can i use powershell to create an alias for them automatically for each user so they becomemailto:jenny@example2.org, basically taking whatever is after @ i.e. example1.com and replacing that with example2.org and thus creating an alias automatically ? I feel like i will have to do this manually, but still looking for ways.

Ferzaer2 sure thing, you're welcome! 1) got it, thanks 2) "I would like to create in office 365 a user log in based on the mail attribute which will result in Primary email address and username: jenny@example1.com Alias: jenny@example2.org" Let me try to explain it: UPN + primary smtp address: jenny@example1.com --> Default user login name (UPN) in Azure if you don't configure alternate login id in Azure AD Connect. Alias: jenny@example2.org --> what do you mean by alias? Additional proxy address? mail? mailnickname? If you want this as the UPN/login name in Azure, you can use whatever attribute you want as your logon name in Azure AD Connect. If you mean the "alias" in the Microsoft 365 admin center: you can choose a user login name (UPN) from any existing smtp addresses (alias). Is this the feature you are trying to use (see attached screenshot)? If yes: this can be achieved by email address polices or, of course, you can add the alias afterwards in Azure via PowerShell for all your users in bulk.

Identity synchronization to Office 365 - two smpt proxy address

19 Replies

Dominik Hoefling
MVP
Jul 10, 2020
Ferzaer2 you can configure another attribute in AAD Connect as your logon name, it's called alternate logon id. But from a best practice perspective, the UPN should match your primary smtp address. I can highly recommend to change the UPN and go with the default attributes whenever possible. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-login-id
- Ferzaer2
  Brass Contributor
  Jul 10, 2020
  Dominik Hoefling
  What can go wrong ? It's only being used to create their identities i.e. usernames online on office 365 and then their mailbox is going to be synchronized, the on premises server will be decommissioned/
  
  I think you are not understanding my question or i phrased it wrong.
  I know i can configure alternative id (and that is what i plan to do) use mail attribute as alternative ID so i don't have to edit user log in id for office 365.
  
  However, i would like to know how i could do this so that the users get both aliases created automatically.
  
  Here's a better example:
  Imagine a user with a name Jenny Dear
  User log on name is
  dearj
  UPN: example1.com
  so we have mailto:dearj@example1.com as her windows log in username- not that they use it.
  However, her email is
  mailto:Jenny@EXAMPLE1.COM
  So the AD attribute has this:
  mail: mailto:Jenny@example1.com
  proxyaddress:
  SMTP: mailto:Jenny@example1.com
  smtp: jenny@example2.org
  
  I want to use the mail attribute as an alternative log on id, so that when 400 users get synchronized, all their username for office 365 will be their mail attribute i.e. Jenny@example1.com
  Perfect scenario is, they also get an alias mailto:Jenny@example2.org created in the process so i don't have to go and update all of them manually.
  After their identities are created + passwords synchronized, the mailbox move is done, the exchange server will be killed. We won't be keeping it around for long, hopefully a week or two.
  - Dominik Hoefling
    MVP
    Jul 10, 2020
    Ferzaer2 Yes, I actually got it 🙂
    
    1. You can't remove any Exchange as long as AAD Connect is in place. If you want to remove Exchange, you "have to" switch to cloud-only accounts. It's not supported to change Exchange attributes in AD/ADSIEDIT.
    
    2. You can configure the mail-attribute in Azure AD Connect as the logon name (UPN in Azure) which is explained in my link. A user can only have one logon name (UPN) and I believe you mean by alias another email address, right? If yes, use email address policies on-premises, then Exchange will add all your required aliases to the mailbox and these addresses will be synchronized to Exchange Online with AAD Connect and you can receive emails on those aliases as well.

Forum Discussion

Identity synchronization to Office 365 - two smpt proxy address

19 Replies

Resources