How do I get Exchange Online GUIDs to write to Active Directory
Posted by Phyber05@reddit | sysadmin | View on Reddit | 12 comments
We are a hybrid AD join, using Azure AD Connect, and also have an on prem Exchange 2019 server.... I have migrated most all mailboxes up to Exchange Online and mail is flowing...
However I'm noticing that since the mass migration, mailboxes created solely in Exchange Online aren't email-able by users/systems still on prem Exchange 2019.
I have checked my Azure AD connect and added the msExchMailboxGUID attribute to sync, but the text reads like it's only a one way sync from AD -> Entra ID.
Am I doing this wrong? How can I stop manually updating this field in AD?
mysterioushob0@reddit
I think Ive ran into this and it was a mix of making sure the Global Contact List was updated with the new emails and checking the ProxyAddress Attribute in ADUC. Whats the NDR code from the bounceback when Exchange 2019 emails Exchange Online?
Phyber05@reddit (OP)
This is the top error section:
Remote Server returned ‘550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient not found by SMTP address lookup’
mysterioushob0@reddit
Can you reproduce the issue by manually typing in an email address that previously failed to send? I ended up finding the fix I had to do for a somewhat related issue with in 2021 for an email setup just like your environment. Its not the same NDR code but after applying the fix from the following link, deleting auto complete entries for the test email from the To field in a new email, manually typing the test email and forcing a resync of the Global Address List (GAL) in Exchange Online seemed to fix the issue.
https://www.msnoob.com/recipient-not-found-by-exchange-legacy-encapsulated-email-address-lookup.html
datec@reddit
You have to run a command on all new accounts that you create. I think it's enable-remotemailbox but verify that first. You have to do this if you are going to keep routing mail from on premises servers. You don't have to do this if you create the exchange online mailbox from an on-prem exchange server. You will have to continue to do this until you remove the hybrid AD connector, because you must manage mailbox attributes on-prem while still hybrid. The only way to fully manage mail attributes in the O365 is to disconnect on-prem AD.
Sorry for the formatting, on mobile.
Phyber05@reddit (OP)
Thank you! I’d run that against Exchange Online, and it would write down to my Active Directory?
titlrequired@reddit
No install the exchange management tools on prem and run it there. Enable-RemoteMailbox tags the user object with the right attributes to let on prem exchange know it’s a remote mailbox and when synced tells exchange online to make a mailbox. You then get 30 days to license it.
You should do that, before licensing the mailbox ideally.
Phyber05@reddit (OP)
Could I create a script that whenever a new AD user is created, to run this script against their AD account? I'm trying to reduce the steps in user setup...
Enable-RemoteMailbox -Identity "jdoe" -RemoteRoutingAddress "john.doe@mydomain.com"
titlrequired@reddit
You can create scripts for lots of things.
Yes this would be easy to achieve and I imagine quite common implementation.
datec@reddit
You run it on your on-prem server.
disclosure5@reddit
You're doing this wrong. AD is synced, accounts must be enabled on premises.
Google "Enable-RemoteMailbox".
titlrequired@reddit
They are fully cloud only? No synced on prem user?
Domain is authoritative on prem?
Phyber05@reddit (OP)
Hi! So I create the user account in AD, and when the user is synced via Azure Connect, I assign them a 365 license, then their Exchange Online mailbox is auto created.
Previously, I was making the user in AD in an OU that didn’t sync to 365, then creating the users mailbox in my on prem Exchange 2019, then move the user out of that temp OU and let sync, then manually migrate their mailbox off the on prem Exchange, and assign license. I’m looking to streamline my setup process.