AD Connect - ProxyAddress deleted

%3CLINGO-SUB%20id%3D%22lingo-sub-914887%22%20slang%3D%22en-US%22%3EAD%20Connect%20-%20ProxyAddress%20deleted%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-914887%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EWe%20setup%20our%20users%20in%20AD.%20Set%20their%20email%20and%20upn%20to%20match%20-%20john.doe%40company.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20also%20set%20the%20proxy%20Address%20attribute%20to%20SMTP%3Ajohn.doe%40company.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20creates%20the%20user.%20syncs%20to%20Azure%20and%20all%20looks%20good.%20Primary%20email%20is%20correct.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20after%20a%20few%20days%2C%20it%20looks%20like%20something%20in%20the%20sync%20triggers%20which%20wipes%20the%20SMTP%20attribute%20in%20proxyaddress%20and%20their%20primary%20email%20address%20changes%20to%20john.doe%40company.onmicrosoft.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20sure%20why%20this%20is%20happening.%20We%20can%20correct%20it%20with%20proxyAddress%20attribute%20and%20it%20fixes%20it.%20I'm%20just%20not%20sure%20why%20it's%20happening%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-914887%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-915991%22%20slang%3D%22en-US%22%3ERe%3A%20AD%20Connect%20-%20ProxyAddress%20deleted%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-915991%22%20slang%3D%22en-US%22%3E%3CP%3EAnd%20what's%20the%20value%20of%20the%20on-premises%20proxyAddresses%20attribute%20when%20that%20happens%3F%20Looks%20to%20me%20like%20you%20have%20some%20sort%20of%20external%20system%20dumping%20data%20in%20AD%20and%20overwriting%20it%2C%20probably%20an%20HR%20system%20or%20some%20IAM%20solution%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-962046%22%20slang%3D%22en-US%22%3ERe%3A%20AD%20Connect%20-%20ProxyAddress%20deleted%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-962046%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F110461%22%20target%3D%22_blank%22%3E%40David%20Gorman%3C%2FA%3E%26nbsp%3Bif%20you%20are%20syncing%20to%20Azure%20AD%20using%20AD%20connect%2C%20it%20is%20not%20supported%20to%20manually%20edit%20Exchange%20related%20AD%20attributes.%20Exchange%20using%20a%20number%20of%20attributes%2C%20not%20just%20proxyaddresses%2C%20and%20none%20of%20these%20will%20be%20set%20correctly%20if%20you%20are%20doing%20i%20like%20that.%20Manually%20setting%20the%20proxy%20address%20is%20also%20prone%20to%20error%20especially%20if%20adding%20aliases.%3C%2FP%3E%3CP%3EThat%20said%2C%20what%20you%20are%20doing%20should%20work%2C%20and%20many%20people%20do%20it%20this%20way.%20There%20is%20long%20running%20debate%2C%20but%20you%20should%20know%20this%20is%20not%20a%20supported%20configuration%20by%20Microsoft.%3C%2FP%3E%3CP%3EYou%20should%20set%20up%20at%20least%20one%20Exchange%20server%20on%20prem%20in%20order%20to%20create%20remote%20mailboxes%20correctly.%3C%2FP%3E%3CP%3EFor%20Office%20365%20plans%20you%20get%20a%20free%20Exchange%20Server%20Hybrid%20Key%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fhybridkey%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Faka.ms%2Fhybridkey%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

Hi all,


We setup our users in AD. Set their email and upn to match - john.doe@company.com

 

We also set the proxy Address attribute to SMTP:john.doe@company.com

 

This creates the user. syncs to Azure and all looks good. Primary email is correct.

 

However after a few days, it looks like something in the sync triggers which wipes the SMTP attribute in proxyaddress and their primary email address changes to john.doe@company.onmicrosoft.com

 

I'm not sure why this is happening. We can correct it with proxyAddress attribute and it fixes it. I'm just not sure why it's happening?

2 Replies
Highlighted

And what's the value of the on-premises proxyAddresses attribute when that happens? Looks to me like you have some sort of external system dumping data in AD and overwriting it, probably an HR system or some IAM solution?

Highlighted

@David Gorman if you are syncing to Azure AD using AD connect, it is not supported to manually edit Exchange related AD attributes. Exchange using a number of attributes, not just proxyaddresses, and none of these will be set correctly if you are doing i like that. Manually setting the proxy address is also prone to error especially if adding aliases.

That said, what you are doing should work, and many people do it this way. There is long running debate, but you should know this is not a supported configuration by Microsoft.

You should set up at least one Exchange server on prem in order to create remote mailboxes correctly.

For Office 365 plans you get a free Exchange Server Hybrid Key: http://aka.ms/hybridkey