Forum Discussion
Custom Domain for O365 Groups in a Federated Hybrid Environment
Hi everyone, so I think I know what the issue is, though I don't know how to solve it, or if it is even solvable.
Looking at this page (https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-feature-preview) I've found this paragraph "This group will be represented as a distribution group in on-premises AD DS. Your on-premises Exchange server must be on Exchange 2013 cumulative update 8 (released in March 2015) or Exchange 2016 to recognize this new group type."
Our single Exchange Server 2013 server is CU13, so this shouldn't not be an issue. I will update to CU14 in the coming days though just to be sure.
I believe Exchange onPrem is not recognizing the recipient (the Office 365 Group with groupname@custom.domain). When I run "get-recipient groupname@custom.domain" I don't get a hit, even though the group is written back to ADDS as a distribution group. But I've noticed that the written back distribution group does not appear in the Exchange Admin Center (ECP) under Recipients > Groups.
That's why I believe the Exchange Server is returning mails from external senders.
The question is, should O365 Groups that are written back to ADDS also appear in the ECP, and should get-recipient find the groups primary SMTP address?
Any input?
*EDIT1*: get-distributiongroup doesn't return the written back group as well.
MicrosoftWritten back objects have "RemoteGroupMailbox" as the RecipientTypeDetails hence they won't show up in ECP and Get-DistributionGroup cmdlets. You can verify the written back objects using ldp and also these objects should get reolved in GAL (if you are on the right Exchange version).
- Unfortunately not, though I haven't tried recently.
We are having the exact same issue. Has anyone found a fix for this?
- Not that I'm aware. I also think it won't be fixed as we're expected to route MX records directly at O365.
Did anyone ever figure this out? We are having the same issue. Using Exchange 2013 CU 16, AAD Connect overwriting msExchRequireAuthToSendTo and sets it to TRUE.
*EDIT1*
After further testing the culprit seems to be AAD Connect, which overwrites (with every delta sync) msExchRequireAuthToSendTo and sets it to TRUE and also resets targetAddress and sets it to identical with PrimarySMTPAddress.
After that my groups are not reachable by custom.domain. Also alias SMTP addresses are reachable, as long as the target address is groupname@tenant.onmicrosoft.com.
Additionally when manually setting a new Primary SMTP Address through powershell, a new @tenant.onmicrosoft.com address is not created. I'm unsure how AAD Connect is supposed to handle these changes, since mails only seem to go through with a proper targetAddress attribute that is not custom.domain.
Hi Ankit,
I'm unsure how to verify this with ldp.exe.
Best I've found are the following attributes, though none mention RemoteGroupMailbox.
- groupType: 0x8 = ( UNIVERSAL_GROUP );
- should this say RemoteGroupMailbox?
Also unclear to me are the following attributes, could you clarify if these are correct for writtenback groups?
- msExchRequireAuthToSendTo: TRUE;
- this is basically the error my exchange server is returning when sending to an O365 groups custom domain address
- Setting attribute manually to FALSE gets my external message pass the onPrem Exchange (finally)
- targetAddress: SMTP:groupname@custom.domain
- this is also different than for user mailboxes, since migrated UserMailboxes have upn@tenant.mail.onmicrosoft.com as target addresses
- groupname@tenant.mail.onmicrosoft.com as target addresss does not work - I get an O365 bounce (only with authreq set to FALSE above) 550 RESOLVER.ADR.RecipientNotFound.
- groupname@tenant.onmicrosoft.com as target address WORKS - finally
I've done a lot testing with those 2 attributes and I can 100% confirm that by manually changing them, I was able to use my custom domain for writtenback O365 groups.
So the question is, why is the O365 Hybrid Wizard and/or AAD Connect not doing this on its own?
Also confusing, though unsure if related: When running the O365 Hybrid Configuration Wizard I get the option to configure groups.custom.domain in addition to custom.domain as well. Do I check that box or leave it alone?
Since my initial goal is to get custom.domain to work with O365 Groups in a hybrid scenario (with MX pointing onPrem) I'm still unsure what to do with all that groups.domain.com configurations.
*EDIT1*
After further testing the culprit seems to be AAD Connect, which overwrites (with every delta sync) msExchRequireAuthToSendTo and sets it to TRUE and also resets targetAddress and sets it to identical with PrimarySMTPAddress.
After that my groups are not reachable by custom.domain. Also alias SMTP addresses are reachable, as long as the target address is groupname@tenant.onmicrosoft.com.
Additionally when manually setting a new Primary SMTP Address through powershell, a new @tenant.onmicrosoft.com address is not created. I'm unsure how AAD Connect is supposed to handle these changes, since mails only seem to go through with a proper targetAddress attribute that is not custom.domain.
- groupType: 0x8 = ( UNIVERSAL_GROUP );
