Forum Discussion
Identity synchronization to Office 365 - two smpt proxy address
We are getting somewhere. I really appreciate your input. Here is a bit more clarification.
1. We are not going to keep ADconnect around, we plan on moving all mailboxes/users to the cloud and killing exchange(after we uninstall adconnect). We don't need password synchronization, etc. We are going to keep AD on premises for file sharing etc, and users will continue to use their current log ins as if nothing changed. Only email access will be changed and they will have two passwords moving forward.
2. Our on premises exchange email policy has a rule where whenever we create
mailto:usera@example1.com, they also have an alias created mailto:usera@example2.org (yes, different domains) which is why in AD attribute the proxy address has two smtp (different domains for same user linked to one mailbox).
However,
I would like to create in office 365 a user log in based on the mail attribute which will result in
Is there a way to do this iautomatically or with powershell based on the proxy address since they already have SMTP: mailto:jenny@example1.com (with capital so that it's the primary domain/address) and the second one smtp: mailto:jenny@example2.org as the second one or alias.
Or for example, i synch them and their identities are created as:
mailto:jenny@example1.com, can i use powershell to create an alias for them automatically for each user so they become
mailto:jenny@example2.org, basically taking whatever is after @ i.e. example1.com and replacing that with example2.org and thus creating an alias automatically ?
I feel like i will have to do this manually, but still looking for ways.
Ferzaer2 sure thing, you're welcome!
1) got it, thanks
2) "I would like to create in office 365 a user log in based on the mail attribute which will result in
Don't know what happened to my last reply (it just went missing) but yes, I am referring to the alias in microsoft 365.
Some users receive email at example2.org domain and i would like whatever email they receive at mailto:jenny@example2.org gets redirected to mailto:jenny@example1.com - and this seems the way to go about it.
Now, I'm attaching photos so you use what their upn looks like now with the user log on name, it's
mailto:dearj@example1.com@example1.com , if i use this as my default identity for add connect then their microsoft office 365 account primary address will be mailto:dearj@example1.com@example1.com
However, their email is mailto:jenny@example1.com@example1.com and we want this to be created as their microsoft office 365 primary address.
See the attached photos.
It seems the only way is to use alternate log in for azure ad connect and choose mail attribute which corresponds to mailto:jenny@example1.com
Just wondering what can go wrong and why not go this way ? It seems the best /fastest way to achieve this.
There are no two duplicate mail attributes and i guess we can add the alias manually or automatically with powershell.
Ferzaer2 yes, a mailbox can have many different alias proxy addresses and the automatically get "redirected" to their primary address. Actually it's not a technical redirect, they just get into the mailbox itself. And yes, alternate login id is the best way how to achieve this.
Please refer to the following articles regarding UPN ne primary smtp address:
https://invorx.com/upn-should-match-your-primary-smtp-address-in-office-365/"... Yes, Microsoft did release a feature last year called “Alternate Login ID” that allows you to use an attribute other than UPN for your Office 365 login, but that feature comes with a list of limitations that you should be aware of."
It's the easiest way if you prepare your identities on-prem (e. g. email address policy to add all required alias and sync it to Azure), migrate your data, decommission your on-prem infrastructure. If you disable the dirsync afterwards in Azure, you can also change your objects there. Alternate login id (mail) is the way to go, but best practices is to change the UPN on-prem to your primary smtp address value.
I'm confused by this part Alternate login id (mail) is the way to go, but best practices is to change the UPN on-prem to your primary smtp address value.
Do you mean to change the user log on name from dearj to mailto:jenny@example1.comon prem before doing identity synchronization? Please see the photo i attached.
The UPN part i.e. what comes after @ is already example1.com and it matches my primary smtp address value.
However, I'm mainly concerned with the part before @
Hey, i think images help. Yes, I was referring to that alias in microsoft 365 center.
I have both example1.com and example2.org added to my tenant.
However, when i synchronize users to create their identities i would like their primary address to be
mailto:jenny@example1.com , and then either later/ or in the same step add the alias
mailto:jenny@example2.org- because a lot of people send them emails at the second email.
So if someone sends them an email at mailto:jenny@example2.org i want that email to be forwarded to mailto:jenny@example1.com - from what i read this is the way to go.
Now, I'm attaching some photos so that you see that the users log on name or username for domain computers is "dearj" and when i synchronize and if i use the default identity , their primary address on office 365 will be
mailto:jennyd@example1.com@example1.com
However, i want to avoid this as it will cause confusion when their email is mailto:jenny@example1.com
Rather than updating user log on name on the on premises AD for all of them manually before synchronization i can use the mail attribute from AD attributes as the alternate identity for add connect and this should create in microsoft 365 their username/id based on the mail attribute. Right ?
See attached images
I am not sure what could go wrong since we won't be keeping the hybrid for very long ? Every mail attribute is unique if there are two Jenny, then the second one gets a mail attribute mailto:Jenny2@example1.com
Thanks again for being involved and helping me.
