Tuesday, 10 July 2018

O365 hybrid setup - how to use SMTP matching to match an on-prem user to an O365 account

 

 

The scenario is that a user account has been created in Office 365 in a hybrid setup. This scenario is actually ok and is supported by Microsoft. However, it causes problems for an Office 365 user when they require access to public folders on the on-premises Exchange server.

 

First make sure you have the correct UPN for the online account by running the following (you'll have to have the msonline module by following this guide but please note some of these commands are now deprecated so would need to be manually added to powershell).

 

 

Get-MsolUser -SearchString "foo" | select-object Displayname, UserPrincipalName, ProxyAddresses

 

 

DisplayName

-----------

Foo Bar      

UserPrincipalName

----------------- 

foo@contoso.com

ProxyAddresses

--------------

{smtp:foo@contoso.com, SMTP:foobar@contoso.com, smtp:foo@contoso.net}

 

 

 

Create a user object in your local AD with the same attributes as the one in O365 (first name, last name, UPN, etc.).

 

Set up the primary SMTP address for the AD object so that it is the same as the capitalised SMTP address in the previous step eg SMTP:foobar@contoso.com.

 

You can do this in Active Directory either by adding the address into the email field on the general tab or by adding it to the proxyAddresses attribute directly (you will need to enable advanced features from the view settings in active directory to be able to see the Attributes tab).  The second option is probably better as we need to add the other email aliases anyway.  Add them in this format (the capitalised address will be your primary SMTP address):

 

smtp:foo@contoso.com

SMTP:foobar@contoso.com

smtp:foo@contoso.net

 

Force a manual sync of AD

 

repadmin /syncall /APed

 

 

Force a manual sync of AAD Connect

 

Start-ADSyncSyncCycle -PolicyType Delta

 

 

Result

------

Success

 

 

 

In the exchange admin centre you should see the status change from "Cloud" to "Synced with Active Directory"

 

Don’t forget the online account password will have changed to the one you specified when you created the AD account.

 

 

 

No comments:

Post a Comment