Forum Discussion
Identity synchronization to Office 365 - two smpt proxy address
What can go wrong ? It's only being used to create their identities i.e. usernames online on office 365 and then their mailbox is going to be synchronized, the on premises server will be decommissioned/
I think you are not understanding my question or i phrased it wrong.
I know i can configure alternative id (and that is what i plan to do) use mail attribute as alternative ID so i don't have to edit user log in id for office 365.
However, i would like to know how i could do this so that the users get both aliases created automatically.
Here's a better example:
Imagine a user with a name Jenny Dear
User log on name is
dearj
UPN: example1.com
so we have mailto:dearj@example1.com as her windows log in username- not that they use it.
However, her email is
mailto:Jenny@EXAMPLE1.COM
So the AD attribute has this:
mail: mailto:Jenny@example1.com
proxyaddress:
SMTP: mailto:Jenny@example1.com
smtp: jenny@example2.org
I want to use the mail attribute as an alternative log on id, so that when 400 users get synchronized, all their username for office 365 will be their mail attribute i.e. Jenny@example1.com
Perfect scenario is, they also get an alias mailto:Jenny@example2.org created in the process so i don't have to go and update all of them manually.
After their identities are created + passwords synchronized, the mailbox move is done, the exchange server will be killed. We won't be keeping it around for long, hopefully a week or two.
Ferzaer2 Yes, I actually got it š
1. You can't remove any Exchange as long as AAD Connect is in place. If you want to remove Exchange, you "have to" switch to cloud-only accounts. It's not supported to change Exchange attributes in AD/ADSIEDIT.
2. You can configure the mail-attribute in Azure AD Connect as the logon name (UPN in Azure) which is explained in my link. A user can only have one logon name (UPN) and I believe you mean by alias another email address, right? If yes, use email address policies on-premises, then Exchange will add all your required aliases to the mailbox and these addresses will be synchronized to Exchange Online with AAD Connect and you can receive emails on those aliases as well.
We are getting somewhere. I really appreciate your input. Here is a bit more clarification.
1. We are not going to keep ADconnect around, we plan on moving all mailboxes/users to the cloud and killing exchange(after we uninstall adconnect). We don't need password synchronization, etc. We are going to keep AD on premises for file sharing etc, and users will continue to use their current log ins as if nothing changed. Only email access will be changed and they will have two passwords moving forward.
2. Our on premises exchange email policy has a rule where whenever we create
mailto:usera@example1.com, they also have an alias created mailto:usera@example2.org (yes, different domains) which is why in AD attribute the proxy address has two smtp (different domains for same user linked to one mailbox).
However,
I would like to create in office 365 a user log in based on the mail attribute which will result in
Primary email address and username: mailto:jenny@example1.comAlias: jenny@example2.orgIs there a way to do this iautomatically or with powershell based on the proxy address since they already have SMTP: mailto:jenny@example1.com (with capital so that it's the primary domain/address) and the second one smtp: mailto:jenny@example2.org as the second one or alias.
Or for example, i synch them and their identities are created as:
mailto:jenny@example1.com, can i use powershell to create an alias for them automatically for each user so they become
mailto:jenny@example2.org, basically taking whatever is after @ i.e. example1.com and replacing that with example2.org and thus creating an alias automatically ?
I feel like i will have to do this manually, but still looking for ways.
Ferzaer2 sure thing, you're welcome!
1) got it, thanks
2) "I would like to create in office 365 a user log in based on the mail attribute which will result in
Primary email address and username: jenny@example1.comAlias: jenny@example2.org"Let me try to explain it: UPN + primary smtp address: jenny@example1.com --> Default user login name (UPN) in Azure if you don't configure alternate login id in Azure AD Connect.Alias: jenny@example2.org --> what do you mean by alias? Additional proxy address? mail? mailnickname? If you want this as the UPN/login name in Azure, you can use whatever attribute you want as your logon name in Azure AD Connect.If you mean the "alias" in the Microsoft 365 admin center: you can choose a user login name (UPN) from any existing smtp addresses (alias). Is this the feature you are trying to use (see attached screenshot)?If yes: this can be achieved by email address polices or, of course, you can add the alias afterwards in Azure via PowerShell for all your users in bulk.Don't know what happened to my last reply (it just went missing) but yes, I am referring to the alias in microsoft 365.
Some users receive email at example2.org domain and i would like whatever email they receive at mailto:jenny@example2.org gets redirected to mailto:jenny@example1.com - and this seems the way to go about it.
Now, I'm attaching photos so you use what their upn looks like now with the user log on name, it's
mailto:dearj@example1.com@example1.com , if i use this as my default identity for add connect then their microsoft office 365 account primary address will be mailto:dearj@example1.com@example1.com
However, their email is mailto:jenny@example1.com@example1.com and we want this to be created as their microsoft office 365 primary address.
See the attached photos.
It seems the only way is to use alternate log in for azure ad connect and choose mail attribute which corresponds to mailto:jenny@example1.com
Just wondering what can go wrong and why not go this way ? It seems the best /fastest way to achieve this.
There are no two duplicate mail attributes and i guess we can add the alias manually or automatically with powershell.
āāā
