Quick Script – Office 365 with On-Premise AD without Exchange

This one is for the techs out there.  We’ve been seeing an issue that only seems to crop up when you have Exchange hosted on Office 365, but you’re synchronizing to an on-premise Active Directory domain that never had Exchange installed.  You end up with groups that either don’t have e-mail addresses at all or have yourdomain.onmicrosoft.com addresses.

Since you’re synchronizing to an on-prem AD you can’t modify this in Office 365 and Microsoft’s recommendation was to manually edit the proxyAddresses attribute to force it.  If you take a look at that attribute you’ll see that it defaults to an x500 connector if you were setup in hybrid mode, otherwise it’s empty.

Even if you only had one or two groups to edit, remembering to manually set the proxyAddresses attribute when you’re creating a new group is going to ber one of those things that happens only after it bites you.  While I suspect you could extend the AD schema with Exchange attributes to add email and fix the problem (since this doesn’t seem to happen if you had Exchange before), I think that’s a lot of work.

Instead, we setup a scheduled task to run the Powershell script below.  This script will search for any AD object that has something set in the mail field and make sure that’s set as the primary e-mail address (capital SMTP) in proxyAddresses if it’s not already set.  Since this is a quick script the only gotcha is it will overwrite anything in the proxyAddresses.  This could be improved by parsing out what exists and only adding, but on looking we didn’t really want to keep the partial x500 address anyway.  Further, we don’t really use additional SMTP addresses the way we did with on-premise Exchange.  If you do end up modifying it, let us know and we’ll update it!



Posted in Advice, Scripts.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.