Forum Discussion
External connectivity not working for older Azure AD users
Hello and thanks to everyone that contributed to this post.
I managed to find the issue. It was indeed related to previously used Skype for Business. When a SFB user is created, a certain attributes are added. And those stay until they change (for example if user migration are used ((didnt work for us since SFB servers were deleted)) or until they are removed.
What happened was there was a conflict with those attributes. Teams "thought" that we still use SFB due to these previous SFB msRTC attributes. Once removed after a while External connectivity appeared.
Hello ChrisWebbTech , thank you for your reply.
External connectivity is enabled and Coexistence to Islands but we are testing connectivity with external Teams users.
As per @Rob Ellis suggestion we created a new AD user and set the routable logon suffix (not .local like it was before) and external connectivity started to work (a few hours later). We changed the logon suffix for some users but for now only the first account is working, so we are waiting for the External connectivity to appear if thats the case (due propagation).
I have a question - why on-prem domain logon suffix fixed connectivity for the first account?
Other thing - when we set routable suffix to other users they still dont appear in the users list in Teams Admin center. First account showed up with status DirSyncTeamsUser.
Rob Ellis, Looks like that is not the case, we tried one of out company.onmicrosoft.com accounts. External connectivity works on it.
For now I guess we should wait for users with changed suffixes to show up (hopefully). If they dont then it looks like only new on-prem AD accounts show up for some reason.
- That user that is working might be set to Teams Only coexistence. External chat will only work when in Teams Only. It’s possible the policy for that person didn't get full pushed correctly and it’s allowing it but islands mode won’t allow it.
How are you testing? I’m assuming you are trying to chat with someone from these accounts outbound and not testing inbound?It looks like the policy is not fully pushed.
Yesterday we made 2 test accounts in on-prem AD. One with .local suffix which was changed to company.onmicrosoft.com and .com suffix which remained like that after Azure AD sync.
Both accounts can IM external Teams users. Coexistence mode is set to Org-wide which is Islands. Very strange because these are only accounts that can IM external users (theres actually third account that we made for our new user). So it looks like it only works for the new users (these users also show up Teams admin center). Old onprem AD accounts dont work.
Accounts with changed logon name .com still dont work. And we test using external O365 Teams user who also integrated Onprem AD with O365.
