Hybrid hysteria : Mail not being delivered to on-prem mailbox in Hybrid setup

I’ve setup a Hybrid Exchange recently where for some reason some mails didn’t got delivered to on-premises mailboxes.

Of course I checked if there was something wrong with the send and receive connectors and if the users existed in Azure AD as mail users. This was the case but.. some had a onmicrosoft.com “external” mail address whilst there mailboxes where homed on-premises.

Because the tenant was already created and managed by the customer I didn’t have the full story on how AD Connect was configured.

I discovered that the tenant didn’t have verified custom domains in the past but users where already synced from the local AD with a UPN ending with customdomain.com.

When you then sync the users the primary and external (forwarding) e-mail address end up with the onmicrosoft.com address instead of the correct @customdomain.com address.

Now let’s end the story and solve this one!

I found an article which almost described my problem: https://social.technet.microsoft.com/wiki/contents/articles/37875.exchange-hybrid-deployment-troubleshooting-incorrect-ad-user-and-on-premises-mailbox-mappings.aspx

The important thing here was that setting the target address property was the key to let Azure AD change the external address of the user to the @customdomain.com address.

I filtered out all the users with the wrong address and then added the correct address based on the UPN of the user.

In Exchange Online I did:

$csv=get-mailuser | where {$_.ExternalEmailAddress -like "onmicrosoft"}
$csv | export-csv C:\temp\incorrect.csv

Then I copied the CSV to C:\temp on the on-prem Exchange Server and ran these commands: (note: ADUC is included with the AD Powershell module so this will work)

$csv=Import-csv C:\temp\incorrect.csv
foreach ($user in $csv) {set-aduser -Identity $user.alias -replace @{targetAddress="SMTP:$($user.UserPrincipalName)"}}

After that I ran a Azure AD Delta sync on the server containing Azure AD Connect

Start-ADSyncsynccycle -policytype Delta

The result? All mail users got the correct external mail address!

Now to clean up this temporary state I took the same group of users with the CSV and cleared the targetAddress property:

foreach ($user in $csv) {set-aduser -Identity $user.alias -clear targetAddress}

And you’re done, that’s it!

I hope this article will be helpful if you ever find yourself in the same situation. If you have any questions please leave a comment below!

Dit vind je misschien ook leuk...

1 reactie

Geef een reactie

%d bloggers liken dit: