%3CLINGO-SUB%20id%3D%22lingo-sub-844075%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844075%22%20slang%3D%22en-US%22%3EWhat%20if%20I%20ignore%20the%20UnableToWriteToAadException%3F%20Will%20EXO%20retry%20syncing%20to%20AAD%20at%20a%20later%20moment%20on%20its%20own%20or%20do%20I%20absolutely%20have%20to%20re-run%20the%20cmdlet%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-844104%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844104%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F90610%22%20target%3D%22_blank%22%3E%40Victor%3C%2FA%3E-%20you%20will%20need%20to%20retry%20the%20operation%3B%20once%20this%20change%20goes%20into%20the%20effect%2C%20the%20properties%20in%20question%20will%20not%20be%20written%20to%20Exchange%20Online%20if%20the%20write%20to%20AAD%20fails.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-844185%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844185%22%20slang%3D%22en-US%22%3E%3CP%3EOof%20-%20I%20feel%20bad%20for%20Dave%20in%20building%2030%20if%20the%20WSYP%20program%20is%20still%20in%20place.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fuktechnet%2F2012%2F04%2F27%2Ffriday-fun-microsoft-wsyp-we-share-your-pain-project%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fuktechnet%2F2012%2F04%2F27%2Ffriday-fun-microsoft-wsyp-we-share-your-pain-project%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-844962%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844962%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20does%20this%20apply%20in%20a%20scenario%20such%20as%20Undo-SoftDeletedMailbox%2C%20where%20the%20cmdlet's%20success%20does%20not%20really%20tell%20the%20whole%20story%20about%20the%20background%20replication%3F%20Would%20those%20operations%20take%20a%20lot%20longer%2C%20or%20would%20they%20have%20the%20same%20failure%20modes%20they%20do%20today%20(e.g.%20potential%20collisions)%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-845966%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-845966%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20in%20total%20this%20sounds%20very%20good%20-%20I%20only%20have%20one%20concern%3A%20what%20is%20the%20performance%20impact%20of%20this%20change%3F%20Updating%20Azure%20AD%20through%20Graph%20API%20is%20very%20slow%20compared%20to%20the%20old%20native%20exchange%20online%20cmdlets.%20Have%20you%20measured%20a%20mass%20update%20for%20let%E2%80%99s%20say%2010.000%20users%20with%20your%20old%20and%20your%20new%20script%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20also%20assume%20changes%20are%20only%20made%20to%20Cmdlets%20with%20the%20set%2Cnew%20or%20update%20verb%3F%20Get%20commands%20still%20grab%20everything%20from%20the%20underlying%20AD%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ewould%20be%20nice%20if%20you%20could%20do%20a%20comparison%20and%20share%20your%20results%20%3Bp%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eregards%3C%2FP%3E%3CP%3Echristian%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-848362%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-848362%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20team%2C%3C%2FP%3E%3CP%3EAny%20plans%20to%20improve%20the%20forward%20sync%20mechanism%20or%20way%20to%20do%20it%20from%20the%20customer%20end%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-849498%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-849498%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20can%20we%20know%20if%20the%20%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20font-family%3A%20'SegoeUI'%2C'Lato'%2C'Helvetica%20Neue'%2CHelvetica%2CArial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3Eimprovement%20is%20deployed%20to%20our%20tenant%3C%2FSPAN%3E%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-856507%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-856507%22%20slang%3D%22en-US%22%3EDoes%20this%20improve%20the%20speed%20of%20AAD%20Connect%3F%20Currently%20we%20sync%20AD%20changes%20hourly%2C%20which%20can%20be%20problematic.%20Then%20Mail%20changes%20from%20O365%20have%20to%20sync%20back%20to%20AD%2C%20which%20can%20be%20very%20problematic.%20Dave%20has%20alot%20to%20answer%20for!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-862658%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-862658%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F336137%22%20target%3D%22_blank%22%3E%40jamsnz%3C%2FA%3E%26nbsp%3BYou%20can%20change%20the%20scheduler%20to%20even%205%20minutes%20if%20you%20need%20to.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESet-ADSyncScheduler%20-CustomizedSyncCycleInterval%20d.HH%3Amm%3Ass%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-867415%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-867415%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387901%22%20target%3D%22_blank%22%3E%40Opti-IT%3C%2FA%3E%20You%20cannot%20change%20the%20Sync%20cycle%20interval%20less%20than%2030%20minutes.%20When%20you%20run%20Get-ADSyncScheduler%2C%20the%20AllowedSyncCycleInterval%20is%20set%20to%2030%20minutes.%20Any%20values%20set%20to%20a%20cycle%20lower%20than%2030%20minutes%20will%20default%20to%2030.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-867420%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-867420%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3207%22%20target%3D%22_blank%22%3E%40Josh%20Villagomez%3C%2FA%3E%26nbsp%3BOh%2C%20thanks%20for%20that%2C%20you%20are%20right%2C%20of%20course.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871505%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871505%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EReceiving%20following%20error%3A%3CBR%20%2F%3E%3C%2FSPAN%3EWe%20have%20different%20accounts%20for%20local%20AD%2Cazure%20AD%20and%20Exchange...%20could%20the%20issue%20lie%20there%3F%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3Eerror%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CTABLE%20cellspacing%3D%220%22%20cellpadding%3D%220%22%3E%3CTBODY%3E%3CTR%3E%3CTD%3E%3CDIV%20class%3D%22hw100%20msgboxDiv%22%3E%3CDIV%20class%3D%22paddv%22%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3E%3CSPAN%20class%3D%22dspBlock%20breakWord%20Error%22%3EAn%20Azure%20Active%20Directory%20call%20was%20made%20to%20keep%20object%20in%20sync%20between%20Azure%20Active%20Directory%20and%20Exchange%20Online.%20However%2C%20it%20failed.%20The%20issue%20may%20be%20transient%20and%20please%20retry%20a%20couple%20of%20minutes%20later.%20If%20issue%20persists%2C%20please%20see%20exception%20members%20for%20more%20information%3C%2FSPAN%3E%2B%20CategoryInfo%20%3A%20NotSpecified%3A%20(%3A)%20%5BEnable-UMMailbox%5D%2C%20UnableToWriteToAadException%3CBR%20%2F%3E%2B%20FullyQualifiedErrorId%20%3A%20%5BServer%3DDB6PR8503MB0117%2CRequestId%3Dd79f7b8f-b887-46e2-ad19-878f4cdc02ce%2CTimeStamp%3D9%2F24%2F20%3CBR%20%2F%3E9%206%3A24%3A02%20AM%5D%20%5BFailureCategory%3DCmdlet-UnableToWriteToAadException%5D%20111CFF3D%2CMicrosoft.Exchange.Management.Tasks.U%3CBR%20%2F%3EEnableUMMailbox%3CBR%20%2F%3E%2B%20PSComputerName%20%3A%20outlook.office365.com%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-878317%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878317%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F414052%22%20target%3D%22_blank%22%3E%40jenmertens1605%3C%2FA%3E%20for%26nbsp%3B%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23f8f8f8%3B%20color%3A%20%23333333%3B%20font-family%3A%20'SegoeUI'%2C'Lato'%2C'Helvetica%20Neue'%2CHelvetica%2CArial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-break%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EEnable-UMMailbox%3C%2FSPAN%3E%20with%26nbsp%3B%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23f8f8f8%3B%20color%3A%20%23333333%3B%20font-family%3A%20'SegoeUI'%2C'Lato'%2C'Helvetica%20Neue'%2CHelvetica%2CArial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-break%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3ERequestId%3Dd79f7b8f-b887-46e2-ad19-878f4cdc02ce%3C%2FSPAN%3E%2C%20looks%20the%20Source%20of%20Authority%20of%20the%20organization%20and%20the%20user%20is%20at%20on-prem.%20So%20Enable-UMMailbox%20should%20be%20run%20against%20on-prem.%20But%20this%20request%20looks%20running%20via%20Remote%20Powershell%20(RPS)%20in%20the%20Cloud%20machine%26nbsp%3B%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23f8f8f8%3B%20color%3A%20%23333333%3B%20font-family%3A%20'SegoeUI'%2C'Lato'%2C'Helvetica%20Neue'%2CHelvetica%2CArial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-break%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3EDB6PR8503MB011%3C%2FSPAN%3E.%20Looks%20to%20me%20the%20error%20is%20by%20design.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20what%20is%20the%20behavior%20before%20dual-write%20enabled%20in%20Sept%3F%20You%20can%20run%20Enable-UMMailbox%20via%20RPS%3F%20If%20so%2C%20please%20open%20a%20support%20ticket%20and%20we%20will%20investigate%20and%20fix%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-879117%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-879117%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F406230%22%20target%3D%22_blank%22%3E%40ChSun%3C%2FA%3E%20Does%20the%20dual-write%20design%20apply%20to%20hybrid%20user%20identities%3F%20This%20blog%20post%20mentions%20%22%3CSPAN%20style%3D%22display%3A%20inline%20!important%3B%20float%3A%20none%3B%20background-color%3A%20%23ffffff%3B%20color%3A%20%23333333%3B%20font-family%3A%20'SegoeUI'%2C'Lato'%2C'Helvetica%20Neue'%2CHelvetica%2CArial%2Csans-serif%3B%20font-size%3A%2016px%3B%20font-style%3A%20normal%3B%20font-variant%3A%20normal%3B%20font-weight%3A%20300%3B%20letter-spacing%3A%20normal%3B%20orphans%3A%202%3B%20text-align%3A%20left%3B%20text-decoration%3A%20none%3B%20text-indent%3A%200px%3B%20text-transform%3A%20none%3B%20-webkit-text-stroke-width%3A%200px%3B%20white-space%3A%20normal%3B%20word-spacing%3A%200px%3B%22%3Ewhen%20you%20make%20user%20object%20changes%20in%20Exchange%20the%20changes%20will%20now%20be%20dual-written%20to%20AAD%20and%20EXO.%22%20However%2C%20it%20does%20not%20say%20if%20the%20changes%20applies%20to%20cloud-only%20user%20objects%20or%20synchronized%20objects%20such%20as%20those%20exported%20by%20Azure%20AD%20Connect%2C%20where%20AD%20is%20the%20SOA.%20Thank%20you.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-837218%22%20slang%3D%22en-US%22%3EExchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-837218%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20part%20of%20continued%20improvements%20to%20the%20Exchange%20Online%20service%20we%20are%20releasing%20an%20improvement%20to%20the%20User%20object%20management%20experience.%3C%2FP%3E%0A%3CP%3EToday%2C%20when%20you%20create%20or%20modify%20user%E2%80%99s%20properties%20via%20Exchange%20Admin%20Center%20(EAC)%2C%20Exchange%20Online%20PowerShell%20or%20other%20API%2C%20the%20change%20replicates%20to%20Azure%20Active%20Directory%20(AAD)%20through%20a%20sync%20mechanism%20which%20can%20take%20some%20time%20to%20complete.%20Simply%20put%2C%20you%20might%20not%20see%20the%20result%20of%20your%20change%20in%20AAD%20for%20a%20while.%3C%2FP%3E%0A%3CP%3EThis%20%E2%80%9Cback-sync%E2%80%9D%20mechanism%20(as%20you%20may%20have%20heard%20it%20referred%20to)%20from%20Exchange%20Online%20to%20AAD%20has%20served%20us%20well%20for%20many%20years%20making%20sure%20the%20data%20in%20both%20directories%20(which%20sometimes%20includes%20an%20on-premises%20directory%20if%20you%20have%20AAD%20Connect%20or%20Exchange%20Hybrid%20enabled)%20remains%20in%20sync.%20This%20sync%20mechanism%20provides%20key%20functionality%20that%20AAD%20and%20Exchange%20Online%20depend%20upon.%3C%2FP%3E%0A%3CP%3EHowever%2C%20this%20back-sync%20mechanism%20can%20sometimes%20become%20slow%20(due%20to%20various%20reasons%20that%20we%20won%E2%80%99t%20go%20into%20here%20(we%20suspect%20it's%20someone%20called%20Dave%20in%20building%2030)).%20If%20that%20happens%2C%20changes%20might%20not%20appear%20in%20AAD%20in%20a%20timely%20manner.%20This%20prevents%20admins%20from%20seeing%20a%20properly%20updated%20graph%20view%20in%20AAD%20or%20making%20additional%20changes%20like%20licensing%20or%20UPN%20changes%20(these%20changes%20mastered%20in%20AAD%20vs.%20mastered%20in%20EXO).%3C%2FP%3E%0A%3CP%3EThe%20Exchange%20Online%20and%20AAD%20teams%20have%20worked%20together%20to%20provide%20a%20new%20mechanism%20to%20synchronize%20the%20changes%20that%20originate%20in%20EXO%20and%20need%20to%20replicate%20to%20AAD%20without%20relying%20on%20the%20current%20back-sync%20mechanism.%3C%2FP%3E%0A%3CP%20class%3D%22note%22%3ENote%3A%20just%20as%20it%20is%20the%20case%20today%2C%20two%20specific%20attributes%20of%20tenant%20admin%20accounts%20(Phone%20number%20and%20Mobile%20phone%20number)%20will%20not%20be%20editable%20from%20Exchange%20Online%20after%20this%20feature%20is%20released.%20Because%20those%20can%20be%20used%20to%20validate%20password%20changes%2C%20Admin%20needs%20to%20modify%20them%20directly%20in%20AAD.%3C%2FP%3E%0A%3CP%3EOnce%20this%20improvement%20is%20deployed%20to%20your%20tenant%2C%20when%20you%20make%20user%20object%20changes%20in%20Exchange%20the%20changes%20will%20now%20be%20dual-written%20to%20AAD%20and%20EXO.%20The%20end%20result%20is%20that%20the%20replication%20of%20those%20properties%20should%20be%20close%20to%20immediate%20and%20changes%20made%20in%20EXO%20will%20immediately%20reflect%20in%20AAD%20when%20the%20cmdlet%20completes%20successfully.%3C%2FP%3E%0A%3CP%3ENote%20that%20this%20implies%20that%20there%20is%20now%20an%20AAD%20dependency%20when%20making%20such%20management%20changes.%20If%20AAD%20is%20unavailable%20for%20some%20reason%20when%20we%20attempt%20this%20dual-write%20you%20may%20see%20errors%20when%20executing%20an%20Exchange%20cmdlet%20or%20management%20action.%20This%20error%20will%20reference%20AAD.%20Note%2C%20that%20%3CSTRONG%3Ethis%20change%20should%20be%20transparent%20to%20all%20the%20Exchange%20management%20operations%20you%20are%20doing%20today.%3C%2FSTRONG%3E%20There%20is%20absolutely%20no%20need%20to%20change%20your%20scripts%20or%20your%20usage%20of%20EAC%20or%20other%20Exchange%20APIs.%20You%20%3CEM%3Emay%3C%2FEM%3Esee%20new%20errors%2C%20but%20they%20should%20be%20treated%20the%20same%20as%20you%20do%20today%3A%20re-run%20the%20cmdlet.%20If%20the%20issue%20persists%20when%20you%20open%20a%20support%20ticket%2C%20just%20mention%20that%20the%20error%20in%20Exchange%20is%20due%20to%20AAD%20and%20support%20should%20be%20able%20to%20help%20you%20redirect%20to%20the%20correct%20teams.%3C%2FP%3E%0A%3CP%3EHere%20is%20an%20example%20of%20the%20cmdlet%20error%20that%20you%20might%20see.%20You%20can%20always%20get%20more%20detailed%20information%20if%20you%20get%20the%20full%20error%20trace%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%5BMultiTenant%5CBL0PR00MB0354%5D%20PS%20C%3A%5CUsers%5Cchsun%26gt%3B%20set-mailbox%20testDareen%40dualwritetesting.onmicrosoft.com%20-CustomAttribute1%20%22demo%20test%22%0AAn%20Azure%20Active%20Directory%20call%20was%20made%20to%20keep%20object%20in%20sync%20between%20Azure%20Active%20Directory%20and%20Exchange%20Online.%20However%2C%20it%20failed.%20The%20issue%20may%20be%20transient%20and%20please%20retry%20a%20couple%20of%20minutes%20later.%20If%20issue%20persists%2C%20please%20see%20exception%20members%20for%20more%20information.%0A%0A%20%20%20%20%2B%20CategoryInfo%20%20%20%20%20%20%20%20%20%20%3A%20NotSpecified%3A%20(%3A)%20%5BSet-Mailbox%5D%2C%20UnableToWriteToAadException%0A%20%20%20%20%2B%20FullyQualifiedErrorId%20%3A%20%5BServer%3DBL0PR00MB0354%2CRequestId%3D6669e8ca-2919-450f-93d7-5757b75bef45%2CTimeStamp%3D3%2F15%2F2019%0A%20%20%20%209%3A07%3A01%20PM%5D%20%5BFailureCategory%3DCmdlet-UnableToWriteToAadException%5D%20B6FABBF%2CMicrosoft.Exchange.Management.RecipientT%0A%20%20asks.SetMailbox%0A%20%20%20%20%2B%20PSComputerName%20%20%20%20%20%20%20%20%3A%20bl0pr00mb0354.namprd00.prod.outlook.com%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%20id%3D%22toc-hId-1623634937%22%3EHow%20to%20know%20if%20this%20has%20rolled%20out%20to%20your%20tenant%3F%3C%2FH3%3E%0A%3CP%3ETo%20find%20out%20if%20this%20change%20has%20already%20rolled%20out%20to%20your%20tenant%2C%20you%20can%20run%20the%20following%20CMDlet%3B%20note%20that%20if%20the%20value%20does%20not%20display%20for%20your%20tenant%20at%20all%2C%20you%20can%20interpret%20that%20as%20%E2%80%9CFalse%E2%80%9D%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3EPS%20C%3A%5CUsers%5Cadmin%26gt%3B%20Get-OrganizationConfig%20%7C%20fl%20IsDualWriteEnabled%0AIsDualWriteEnabled%20%3A%20False%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20hope%20you%20agree%20that%20this%20change%20is%20a%20good%20thing.%20We%20really%20want%20your%20admin%20and%20management%20experience%20to%20be%20as%20efficient%20and%20useful%20as%20possible%2C%20and%20this%20change%20eliminates%20one%20issue%20we%20were%20aware%20of%20that%20caused%20some%20pain.%3C%2FP%3E%0A%3CP%3EPlease%20do%20let%20us%20know%20what%20you%20think%20in%20the%20comments%20section%20below%2C%20and%20we%20hope%20you%20notice%20the%20improvement!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22author%22%3EThe%20Exchange%20Team%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-837218%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20part%20of%20continued%20improvements%20to%20the%20Exchange%20Online%20service%2C%20we%20are%20releasing%20an%20improvement%20to%20the%20User%20object%20management%20experience.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-837218%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdministration%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EScripting%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1028870%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1028870%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3207%22%20target%3D%22_blank%22%3E%40Josh%20Villagomez%3C%2FA%3E%20%2C%20yes%2C%20dual-write%20applies%20to%20hybrid%20user%2C%20too.%20Actually%20it's%20depends%20on%20SOA.%20If%20SOA%20is%20at%20on-premise%2C%20then%20no%20need%20to%20dual-write.%20Tenant%20admin%20is%20not%20able%20to%20make%20changes%20in%20EXO%20side%20(for%20dual-write%20properties%2C%20at%20least).%20But%20if%20SOA%20transferred%20to%20cloud%2C%20then%20we%20will%20dual-write%20the%20user%20if%20changes%20made%20on%20EXO%20side.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1410452%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1410452%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20found%20the%20post.%20We're%20observing%20long%20delays%20(10%20minutes%20or%20more%20in%20some%20cases)%20replicating%20primary%20SMTP%20address%20from%20Exchange%20Online%20to%20AAD%20mail%20attribute.%20Does%20not%20fit%20well%20to%20what%20was%20described%20above.%20Is%20this%20something%20that%20is%20expected%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1410493%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1410493%22%20slang%3D%22en-US%22%3E%3CP%3ENot%20related.%20There%20is%20a%20sometimes%20significant%20delay%20in%20changes%20being%20replicated%20within%20the%20service%20the%20last%20few%20weeks.%20Just%20be%20patient.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1501926%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1501926%22%20slang%3D%22en-US%22%3E%3CP%3EWould%20DualWrite%20have%20removed%20the%20ability%20to%20run%20a%20%22Set-MailUser%20user%20-WindowsEmailAddress%20zzz%40externaldomain.yyy%22%20command%20in%20ExchangeOnline%20for%20a%20MailUser%20object%20that%20is%20synced%20from%20OnPrem%3F%20I%20understand%20that%20you%20typically%20cannot%20update%20synced%20objects%20from%20the%20Cloud%2C%20but%20this%20command%20used%20to%20work.%20And%20the%20values%20are%20correct%20OnPrem%2C%20but%20not%20in%20the%20Cloud.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EFor%20example%2C%20I%20have%20a%20MailUser%20object%20on-prem%26nbsp%3B(multiple%2C%20actually)%20which%20is%20synced%20to%20ExchangeOnline.%20The%20ExternalEmailAddress%20is%20correct%20(points%20to%20an%20external%20domain).%20On-prem%2C%20the%20PrimarySmtpAddress%20and%20WindowsEmailAddress%20match%20the%20ExternalEmailAddress.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EPreviously%2C%20in%20ExchangeOnline%2C%20the%20PrimarySmtpAddress%20and%20WindowsEmailAddress%20would%20match%20ExternalEmailAddress%20when%20first%20created.%20Then%20something%20would%20change%20and%20on%20a%20subsequent%20AD%20Connect%20Sync%2C%20they%20would%20no%20longer%20match.%20But%2C%20I%20could%20use%20the%20Set-MailUser%20command%20in%20ExchangeOnline%20to%20set%20WindowsEmailAddress%20to%20be%20that%20external%20address%2C%20and%20everything%20would%20start%20working%20again.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ENow%2C%20if%20I%20try%20to%20run%20a%20Set-MailUser%20command%20in%20the%20cloud%2C%20it%20fails%20with%20this%20message%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3EAn%20Azure%20Active%20Directory%20call%20was%20made%20to%20keep%20object%20in%20sync%20between%20Azure%20Active%20Directory%20and%20Exchange%20Online.%0AHowever%2C%20it%20failed.%20Detailed%20error%20message%3A%0AUnable%20to%20update%20the%20specified%20properties%20for%20on-premises%20mastered%20Directory%20Sync%20objects%20or%20objects%20currently%0Aundergoing%20migration.%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI'm%20not%20sure%20when%20DualWrite%20was%20enabled%20in%20my%20tenant%2C%20but%20this%20issue%20started%20very%20recently.%20Any%20thoughts%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E(This%20is%20being%20done%2C%20by%20the%20way%2C%20to%20enable%20Google%20GSuite%20Calendar%20Availability%20sharing%20with%20the%20external%20domain.%20When%20the%20WindowsEmailAddress%20doesn't%20match%20the%20ExternalEmailAddress%2C%20or%20maybe%20PrimarySmtpAddress%2C%20availability%20lookups%20fail.)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1505665%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1505665%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20looks%20like%20this%20has%20negatively%20affected%20the%20Exchange%20Online%20on-boarding%20migration%20tool.%20Every%20migration%20batch%20we%20try%20to%20run%20(migration%20type%3A%20G%20Suite)%20now%20fails%2C%20with%20the%20following%20error%20for%20each%20user%20in%20the%20batch%3A%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3EError%3A%20MigrationProvisioningPermanentException%3A%20An%20Azure%20Active%20Directory%20call%20was%20made%20to%20keep%20object%20in%20sync%20between%20Azure%20Active%20Directory%20and%20Exchange%20Online.%20However%2C%20it%20failed.%20Detailed%20error%20message%3A%20Unable%20to%20update%20the%20specified%20properties%20for%20on-premises%20mastered%20Directory%20Sync%20objects%20or%20objects%20currently%20undergoing%20migration.%20The%20issue%20may%20be%20transient%20and%20please%20retry%20a%20couple%20of%20minutes%20later.%20If%20issue%20persists%2C%20please%20see%20exception%20members%20for%20more%20information.%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3EI've%20been%20fighting%20with%20this%20for%20days%2C%20restarting%20batches%2C%20creating%20new%20batches%2C%20small%20batches%2C%20large%20batches.%20Same%20result%20every%20time%3A%20complete%20failure.%20Office%20365%20support%20so%20far%20has%20been%20no%20help%2C%20though%20the%20ticket%20is%20still%20open.%20It%20certainly%20seems%20however%20that%20there%20are%20underlying%20infrastructure%20issues%20in%20Office%20365%20that%20are%20causing%20this%20and%20other%20issues.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2030852%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2030852%22%20slang%3D%22en-US%22%3E%3CP%3EYeah%2C%20still%20doesn't%20update%20and%20work%20quickly.%26nbsp%3B%20Made%20a%20change%20and%20added%20an%20Alias%20to%20the%20Attributes%20of%20my%20user%20account...30min%20later...still%20rejects%20the%20email%20as%20user%20address%20not%20found.%20Admin%20doesn't%20show%20the%20attribute%20as%20another%20email%20address%20in%20Exchange%20online%20admin%20GUI%20etc....Ridiculous.%26nbsp%3B%20Latest%20ADSync%20installed%2C%20manually%20do%20delta%2Finitial%20syncs...still%20crazy%20lag.%26nbsp%3B%20Even%20doing%20basic%20things%20in%20the%20Exchange%20online%20Admin%20GUI%20takes%2030-45%20seconds%2C%20like%20click%20a%20page%20and%20it%20takes%20forever%20to%20load%2C%20then%20fill%20info.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2093964%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Improvements%20to%20Accelerate%20Replication%20of%20Changes%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2093964%22%20slang%3D%22en-US%22%3E%3CP%3ELooks%20like%20Microsoft%20broke%20everything%3C%2FP%3E%3CP%3ESame%20error%20when%20trying%20to%20convert%20user%20mailbox%20to%20shared%20mailbox%2C%20when%20edit%26nbsp%3BAliases%20in%20user%20mailbox.%3C%2FP%3E%3CP%3EAll%20work%20has%20stopped.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EError%20executing%20request.%20An%20Azure%20Active%20Directory%20call%20was%20made%20to%20keep%20object%20in%20sync%20between%20Azure%20Active%20Directory%20and%20Exchange%20Online.%20However%2C%20it%20failed.%20Detailed%20error%20message%3A%20Exception%20happened%20when%20doing%20AAD%20dual-write.%20For%20more%20details%2C%20please%20check%20RemoteException%20if%20using%20RPS%20client%20or%20innerException%20otherwise.%20RequestId%20%3A%20da43aad9-bde9-47ae-a976-40009cf66134%20The%20issue%20may%20be%20transient%20and%20please%20retry%20a%20couple%20of%20minutes%20later.%20If%20issue%20persists%2C%20please%20see%20exception%20members%20for%20more%20information.%3CBR%20%2F%3E------------------------------------------%3CBR%20%2F%3EAn%20Azure%20Active%20Directory%20call%20was%20made%20to%20keep%20object%20in%20sync%20between%20Azure%20Active%20Directory%20and%20Exchange%20Online.%20However%2C%20it%20failed.%20Detailed%20error%20message%3A%20Exception%20happened%20when%20doing%20AAD%20dual-write.%20For%20more%20details%2C%20please%20check%20RemoteException%20if%20using%20RPS%20client%20or%20innerException%20otherwise.%20RequestId%20%3A%205596039b-0644-47e0-9d65-99ce48ffb2ba%20The%20issue%20may%20be%20transient%20and%20please%20retry%20a%20couple%20of%20minutes%20later.%20If%20issue%20persists%2C%20please%20see%20exception%20members%20for%20more%20information.%3CBR%20%2F%3E---------------------------------------------%20-------------%3C%2FP%3E%3C%2FLINGO-BODY%3E

As part of continued improvements to the Exchange Online service we are releasing an improvement to the User object management experience.

Today, when you create or modify user’s properties via Exchange Admin Center (EAC), Exchange Online PowerShell or other API, the change replicates to Azure Active Directory (AAD) through a sync mechanism which can take some time to complete. Simply put, you might not see the result of your change in AAD for a while.

This “back-sync” mechanism (as you may have heard it referred to) from Exchange Online to AAD has served us well for many years making sure the data in both directories (which sometimes includes an on-premises directory if you have AAD Connect or Exchange Hybrid enabled) remains in sync. This sync mechanism provides key functionality that AAD and Exchange Online depend upon.

However, this back-sync mechanism can sometimes become slow (due to various reasons that we won’t go into here (we suspect it's someone called Dave in building 30)). If that happens, changes might not appear in AAD in a timely manner. This prevents admins from seeing a properly updated graph view in AAD or making additional changes like licensing or UPN changes (these changes mastered in AAD vs. mastered in EXO).

The Exchange Online and AAD teams have worked together to provide a new mechanism to synchronize the changes that originate in EXO and need to replicate to AAD without relying on the current back-sync mechanism.

Note: just as it is the case today, two specific attributes of tenant admin accounts (Phone number and Mobile phone number) will not be editable from Exchange Online after this feature is released. Because those can be used to validate password changes, Admin needs to modify them directly in AAD.

Once this improvement is deployed to your tenant, when you make user object changes in Exchange the changes will now be dual-written to AAD and EXO. The end result is that the replication of those properties should be close to immediate and changes made in EXO will immediately reflect in AAD when the cmdlet completes successfully.

Note that this implies that there is now an AAD dependency when making such management changes. If AAD is unavailable for some reason when we attempt this dual-write you may see errors when executing an Exchange cmdlet or management action. This error will reference AAD. Note, that this change should be transparent to all the Exchange management operations you are doing today. There is absolutely no need to change your scripts or your usage of EAC or other Exchange APIs. You may see new errors, but they should be treated the same as you do today: re-run the cmdlet. If the issue persists when you open a support ticket, just mention that the error in Exchange is due to AAD and support should be able to help you redirect to the correct teams.

Here is an example of the cmdlet error that you might see. You can always get more detailed information if you get the full error trace:

 

[MultiTenant\BL0PR00MB0354] PS C:\Users\chsun> set-mailbox testDareen@dualwritetesting.onmicrosoft.com -CustomAttribute1 "demo test"
An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information.

    + CategoryInfo          : NotSpecified: (:) [Set-Mailbox], UnableToWriteToAadException
    + FullyQualifiedErrorId : [Server=BL0PR00MB0354,RequestId=6669e8ca-2919-450f-93d7-5757b75bef45,TimeStamp=3/15/2019
    9:07:01 PM] [FailureCategory=Cmdlet-UnableToWriteToAadException] B6FABBF,Microsoft.Exchange.Management.RecipientT
  asks.SetMailbox
    + PSComputerName        : bl0pr00mb0354.namprd00.prod.outlook.com

 

How to know if this has rolled out to your tenant?

To find out if this change has already rolled out to your tenant, you can run the following CMDlet; note that if the value does not display for your tenant at all, you can interpret that as “False”:

 

PS C:\Users\admin> Get-OrganizationConfig | fl IsDualWriteEnabled
IsDualWriteEnabled : False

 

We hope you agree that this change is a good thing. We really want your admin and management experience to be as efficient and useful as possible, and this change eliminates one issue we were aware of that caused some pain.

Please do let us know what you think in the comments section below, and we hope you notice the improvement!

 

The Exchange Team

21 Comments
Regular Visitor
What if I ignore the UnableToWriteToAadException? Will EXO retry syncing to AAD at a later moment on its own or do I absolutely have to re-run the cmdlet?
Microsoft
@Victor - you will need to retry the operation; once this change goes into the effect, the properties in question will not be written to Exchange Online if the write to AAD fails.
Regular Contributor

Oof - I feel bad for Dave in building 30 if the WSYP program is still in place. https://blogs.technet.microsoft.com/uktechnet/2012/04/27/friday-fun-microsoft-wsyp-we-share-your-pai...

Occasional Contributor

How does this apply in a scenario such as Undo-SoftDeletedMailbox, where the cmdlet's success does not really tell the whole story about the background replication? Would those operations take a lot longer, or would they have the same failure modes they do today (e.g. potential collisions)?

Regular Visitor

Hi, in total this sounds very good - I only have one concern: what is the performance impact of this change? Updating Azure AD through Graph API is very slow compared to the old native exchange online cmdlets. Have you measured a mass update for let’s say 10.000 users with your old and your new script?

 

I also assume changes are only made to Cmdlets with the set,new or update verb? Get commands still grab everything from the underlying AD?

 

would be nice if you could do a comparison and share your results ;p

 

regards

christian 

New Contributor

Hi team,

Any plans to improve the forward sync mechanism or way to do it from the customer end?

How can we know if the improvement is deployed to our tenant?

Visitor
Does this improve the speed of AAD Connect? Currently we sync AD changes hourly, which can be problematic. Then Mail changes from O365 have to sync back to AD, which can be very problematic. Dave has alot to answer for!
Contributor

@jamsnz You can change the scheduler to even 5 minutes if you need to.

 

Set-ADSyncScheduler -CustomizedSyncCycleInterval d.HH:mm:ss

 

Microsoft

@Opti-IT You cannot change the Sync cycle interval less than 30 minutes. When you run Get-ADSyncScheduler, the AllowedSyncCycleInterval is set to 30 minutes. Any values set to a cycle lower than 30 minutes will default to 30. 

Contributor

@Josh Villagomez Oh, thanks for that, you are right, of course.

Occasional Visitor

Hi Team,

Receiving following error:
We have different accounts for local AD,azure AD and Exchange... could the issue lie there?

error
An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information+ CategoryInfo : NotSpecified: (:) [Enable-UMMailbox], UnableToWriteToAadException
+ FullyQualifiedErrorId : [Server=DB6PR8503MB0117,RequestId=d79f7b8f-b887-46e2-ad19-878f4cdc02ce,TimeStamp=9/24/20
9 6:24:02 AM] [FailureCategory=Cmdlet-UnableToWriteToAadException] 111CFF3D,Microsoft.Exchange.Management.Tasks.U
EnableUMMailbox
+ PSComputerName : outlook.office365.com
Microsoft

@jenmertens1605 for Enable-UMMailbox with RequestId=d79f7b8f-b887-46e2-ad19-878f4cdc02ce, looks the Source of Authority of the organization and the user is at on-prem. So Enable-UMMailbox should be run against on-prem. But this request looks running via Remote Powershell (RPS) in the Cloud machine DB6PR8503MB011. Looks to me the error is by design.

 

However, what is the behavior before dual-write enabled in Sept? You can run Enable-UMMailbox via RPS? If so, please open a support ticket and we will investigate and fix it.

Microsoft

@ChSun Does the dual-write design apply to hybrid user identities? This blog post mentions "when you make user object changes in Exchange the changes will now be dual-written to AAD and EXO." However, it does not say if the changes applies to cloud-only user objects or synchronized objects such as those exported by Azure AD Connect, where AD is the SOA. Thank you. 

Microsoft

@Josh Villagomez , yes, dual-write applies to hybrid user, too. Actually it's depends on SOA. If SOA is at on-premise, then no need to dual-write. Tenant admin is not able to make changes in EXO side (for dual-write properties, at least). But if SOA transferred to cloud, then we will dual-write the user if changes made on EXO side.

Occasional Visitor

Just found the post. We're observing long delays (10 minutes or more in some cases) replicating primary SMTP address from Exchange Online to AAD mail attribute. Does not fit well to what was described above. Is this something that is expected? 

Not related. There is a sometimes significant delay in changes being replicated within the service the last few weeks. Just be patient.

Senior Member

Would DualWrite have removed the ability to run a "Set-MailUser user -WindowsEmailAddress zzz@externaldomain.yyy" command in ExchangeOnline for a MailUser object that is synced from OnPrem? I understand that you typically cannot update synced objects from the Cloud, but this command used to work. And the values are correct OnPrem, but not in the Cloud.


For example, I have a MailUser object on-prem (multiple, actually) which is synced to ExchangeOnline. The ExternalEmailAddress is correct (points to an external domain). On-prem, the PrimarySmtpAddress and WindowsEmailAddress match the ExternalEmailAddress.


Previously, in ExchangeOnline, the PrimarySmtpAddress and WindowsEmailAddress would match ExternalEmailAddress when first created. Then something would change and on a subsequent AD Connect Sync, they would no longer match. But, I could use the Set-MailUser command in ExchangeOnline to set WindowsEmailAddress to be that external address, and everything would start working again.


Now, if I try to run a Set-MailUser command in the cloud, it fails with this message:

 

 

An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online.
However, it failed. Detailed error message:
Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently
undergoing migration.

 


I'm not sure when DualWrite was enabled in my tenant, but this issue started very recently. Any thoughts?

 

(This is being done, by the way, to enable Google GSuite Calendar Availability sharing with the external domain. When the WindowsEmailAddress doesn't match the ExternalEmailAddress, or maybe PrimarySmtpAddress, availability lookups fail.)

Occasional Visitor

It looks like this has negatively affected the Exchange Online on-boarding migration tool. Every migration batch we try to run (migration type: G Suite) now fails, with the following error for each user in the batch:

Error: MigrationProvisioningPermanentException: An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration. The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information.

I've been fighting with this for days, restarting batches, creating new batches, small batches, large batches. Same result every time: complete failure. Office 365 support so far has been no help, though the ticket is still open. It certainly seems however that there are underlying infrastructure issues in Office 365 that are causing this and other issues.

Occasional Contributor

Yeah, still doesn't update and work quickly.  Made a change and added an Alias to the Attributes of my user account...30min later...still rejects the email as user address not found. Admin doesn't show the attribute as another email address in Exchange online admin GUI etc....Ridiculous.  Latest ADSync installed, manually do delta/initial syncs...still crazy lag.  Even doing basic things in the Exchange online Admin GUI takes 30-45 seconds, like click a page and it takes forever to load, then fill info.

New Contributor

Looks like Microsoft broke everything

Same error when trying to convert user mailbox to shared mailbox, when edit Aliases in user mailbox.

All work has stopped.

 

Error executing request. An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: Exception happened when doing AAD dual-write. For more details, please check RemoteException if using RPS client or innerException otherwise. RequestId : da43aad9-bde9-47ae-a976-40009cf66134 The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information.
------------------------------------------
An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: Exception happened when doing AAD dual-write. For more details, please check RemoteException if using RPS client or innerException otherwise. RequestId : 5596039b-0644-47e0-9d65-99ce48ffb2ba The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information.
--------------------------------------------- -------------