Exchange hybrid writeback with cloud sync is enabled, but I still can't edit attributes from 365...

Copper Contributor

Hi,

 

I'm very familiar with Exchange hybrid mode, I did a lot of hybrid migration, and I'm waiting since very long time for Exchange Hybrid Writeback  feature to be able to edit hybrid Exchange mailbox settings from Exchange Online Admin Center instead of having to connect to the on-prem hybrid server or to "Exchange Recipient Admin Center".  I did configure it with Cloud Sync, enabled Exchange Hybrid Writeback option like in the following article (Exchange hybrid writeback with cloud sync - Microsoft Entra ID | Microsoft Learn), but I still can't edit any mailbox attributes that comes from the on-prem AD, like emails adresses (aliases), etc.  I still receive the same old error message saying " Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration. DualWrite (Graph) RequestId: 4c2d42fa-9c6e-4749-8d00-79e9f8041787 The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information."

 

Am I misunderstanding how it is supposed to work?  I searched a lot on the web, and even if it seems to be a very valuable feature, not much poeple talk about it, and when they talk about it, they don'T make a demo of how to use it once it is configured.

 

Thanks!

 

PatBrodeur_0-1723083778986.png

PatBrodeur_1-1723083809862.png

 

3 Replies
Hybrid writeback does not modify the source of authority, any object synced from AD still remains authored in AD. What it does is to allow writeback of specific attributes via the sync rules in Entra Connect/Cloud sync. But this doesn't mean you can edit the object's proxyAddresses attribute directly, like in your example. Rather, changes made by other means (service-side, adding X500, or the WindowsEmailAddress workaround) get synced back on-premises.

@VasilMichev Ok, but when we look at the way it is explained in the document, is does not say how it can be edited.  It lists the values that can be writeback, and it includes all what many poeple are asking for since many years.  Can you give us a better idea of how can we use this Exchange writeback feature?  What are the use case?

The use case is to keep said attributes in sync between the two orgs. Attributes such as msExchBlockedSendersHash can be updated by end user action, others by admin action (msExchUserHoldPolicies), and some are system-only (i.e. msDS-ExternalDirectoryObjectId)