Bad Alias Address in Federated User's ProxyAddresses

%3CLINGO-SUB%20id%3D%22lingo-sub-214899%22%20slang%3D%22en-US%22%3EBad%20Alias%20Address%20in%20Federated%20User's%20ProxyAddresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214899%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20using%20ADFS%20to%20create%20Office%20365%20accounts%20and%20for%20authentication.%20When%20a%20user%20is%20created%2C%202%20aliases%20are%20created.%20One%20with%20%40tenant.onmicrosoft.com%20and%20%40tenant.mail.onmicrosoft.com.%20These%20are%20then%20synchronized%20to%20our%20on%20premise%20AD.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ECurrently%20we%20are%20migrating%20from%20GroupWise%20to%20Office%20365.%20When%20a%20user%20is%20migrated%20the%20tool%20creates%20a%20rule%20that%20forwards%20mail%20to%20the%20first.last%40tenant.onmicrosoft.com.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI%20have%20a%20user%2C%20jane.smith%40ourdomain.com.%20When%20she%20was%20created%20in%20Office%2C%20the%20aliases%20were%20created%20as%20joe.doe%40tenant.onmicrosoft.com%20and%20jane.smith%40tenant.mail.onmicrosoft.com.%20She%20can%20now%20receive%20Joe%20Doe's%20forwarded%20email.%20On%20our%20on%20premise%20AD%2C%20she%20has%20the%20proper%20proxyaddresses%20jane.smith%40ourdomain.com%2C%20jane.smith%40tenant.onmicrosoft.com%20and%20jane.smith%40tenant.mail.onmicrosoft.com.%20Since%20we%20are%20using%20ADFS%20we%20cannot%20modify%20these%20addresses%20from%20the%20Admin%20console%2C%20and%20the%20on%20premise%20AD%20has%20the%20correct%20addresses.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI%20expect%20that%20I%20can%20repair%20this%20in%20Azure%20AD%2C%20but%20there%20is%20no%20option%20to%20replace%20the%20proxyaddresses%20in%20the%20set-azureaduser%20commandlet.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EAny%20suggestions%20will%20be%20welcomed%2C%20I%20would%20prefer%20to%20have%20the%20powershell%20commands%20to%20do%20this%2C%20but%20a%20manual%20process%20will%20work%2C%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-214899%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-214971%22%20slang%3D%22en-US%22%3ERe%3A%20Bad%20Alias%20Address%20in%20Federated%20User's%20ProxyAddresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214971%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20is%20a%20%22workaround%22%20that%20allows%20you%20to%20play%20with%20the%20aliases%20of%20a%20synced%20user%2C%20to%20an%20extent.%20Namely%2C%20you%20can%20use%20the%20following%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESet-Mailbox%20user%40domain.com%20-WindowsEmailAddress%20newuser%40domain.com%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20will%20set%20newuser%40domain.com%20as%20the%20primary%20SMTP%2C%20while%20preserving%20user%40domain.com%20as%20secondary.%20There%20is%20no%20way%20to%20remove%20any%20aliases%20though%2C%20unless%20you%20disable%20DirSync.%20Well%2C%20there%20is%2C%20but%20you%20will%20not%20like%20it%20-%20you%20need%20to%20make%20the%20user%20a%20%22disconnector%22%2C%20by%20deleting%20it%20and%20the%20recovering%20from%20the%20Office%20365%20recycle%20bin.%20Not%20supported%20in%20any%20way%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-214900%22%20slang%3D%22en-US%22%3ERe%3A%20Bad%20Alias%20Address%20in%20Federated%20User's%20ProxyAddresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-214900%22%20slang%3D%22en-US%22%3ESo%20to%20understand%20correctly%2C%20the%20jane.smith%40tenant.onmicrosoft.com%20and%20jane.smith%40tenant.mail.onmicrosoft.com%20are%20only%20showing%20in%20local%20AD%20and%20not%20in%20Azure%20AD%3F%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We are using ADFS to create Office 365 accounts and for authentication. When a user is created, 2 aliases are created. One with @tenant.onmicrosoft.com and @tenant.mail.onmicrosoft.com. These are then synchronized to our on premise AD.


Currently we are migrating from GroupWise to Office 365. When a user is migrated the tool creates a rule that forwards mail to the first.last@tenant.onmicrosoft.com.


I have a user, jane.smith@ourdomain.com. When she was created in Office, the aliases were created as joe.doe@tenant.onmicrosoft.com and jane.smith@tenant.mail.onmicrosoft.com. She can now receive Joe Doe's forwarded email. On our on premise AD, she has the proper proxyaddresses jane.smith@ourdomain.com, jane.smith@tenant.onmicrosoft.com and jane.smith@tenant.mail.onmicrosoft.com. Since we are using ADFS we cannot modify these addresses from the Admin console, and the on premise AD has the correct addresses.


I expect that I can repair this in Azure AD, but there is no option to replace the proxyaddresses in the set-azureaduser commandlet.


Any suggestions will be welcomed, I would prefer to have the powershell commands to do this, but a manual process will work, too.

2 Replies
Highlighted
So to understand correctly, the jane.smith@tenant.onmicrosoft.com and jane.smith@tenant.mail.onmicrosoft.com are only showing in local AD and not in Azure AD?
Highlighted

There is a "workaround" that allows you to play with the aliases of a synced user, to an extent. Namely, you can use the following:

 

Set-Mailbox user@domain.com -WindowsEmailAddress newuser@domain.com

 

This will set newuser@domain.com as the primary SMTP, while preserving user@domain.com as secondary. There is no way to remove any aliases though, unless you disable DirSync. Well, there is, but you will not like it - you need to make the user a "disconnector", by deleting it and the recovering from the Office 365 recycle bin. Not supported in any way :)