What Did I Learn Today

My experience, Your solution

252 Digital UK services

Copyright © 2024
License

Force cp to overwrite Azure AD SSO to Drupal

Azure AD Connect O365 Sync

Wed, Aug 10, 2016 · 2 minute read
powershelloffice365azure

There can be a problem with Azure Active Directory (AD) Connect when it first synchronises on premise AD with Office 365.
If a user in local AD does not have an email address defined (that matches O365) then their primary email address will change to tenant-name.onmicrosoft.com.
This issue is described in an excellent post from Jaap Wesselius.

The only effect noticed is that the onmicrosoft.com email address is used as the From address when emails are sent from Outlook (client or OWA).

The simple fix is to create or update the emails address in local AD and wait for (or force) a sync.

If you have numerous accounts to change (as I did) then Powershell and Excel can be used to apply the fix.

Assuming you have already connected then this will get the primary email addresses that need fixing in local AD:

Get-Mailbox | Select -Expand EmailAddresses Alias | ?{ $_ -cmatch "^SMTP:" } | ?{ $_ -match "onmicrosoft" }

Add following formula and repeat for each row.

A2 = SMTP:username@tenant-name.onmicrosoft.com
B2 = =MID(A2,6,FIND("@",A2)-6)
C  = empty
D1 = Get-ADMail %I%; Set-ADUser %I% -Email %I%@tenant-name.fqdn; Get-ADMail %I%;
D2 = =SUBSTITUTE($D$1,"%I%",B2)

A generated command line will look like this:

Get-ADMail username; Set-ADUser username -Email username@tenant-name.fqdn; Get-ADMail username;

Define a simple Powershell function to get current AD email address (paste into your session)

function Get-ADMail {
Param( $Identity )
Get-ADUser $identity -properties SamAccountName,mail | select SamAccountName,mail
}

Then paste contents of spreadsheet column D into your Powershell session.
Few seconds later - all accounts have been updated.
Few minutes later (although it could take 30 minutes for automatic sync), primary email has been changed in O365.

Try it with one account first, check primary SMTP email before and after to make sure you are happy it works.

Test first before applying any changes found on internet !!

PS: If you are impatient then a sync can be forced by executing this command:

# Force Azure AD Connect to sync
Start-ADSyncSyncCycle -PolicyType Delta
Comment on this article using form below. Requires email login only for authentication. HTML forbidden, Markdown only.