In organizations using an email platform such as Microsoft 365, Exchange 2016, Exchange 2019, or Outlook.com, and many others, you may notice that they have more than one SMTP address (also called email aliases) assigned to an account. Many companies have name.surname (for example, John.Smith) or initial.surname (J.Smith) or just name (Smith) as the start of the email address. You may have come across users who have requested you to add an email alias.
If you are running Exchange 2016 or 2019 on-premises and have a Hybrid Configuration to Microsoft 365, you will have an instance of Azure AD Connect running on a server that synchronizes your on-premises Active Directory to Microsoft 365.
In Microsoft 365, you have an Exchange admin center just like you have on Exchange 2016 or Exchange 2019, except that you cannot manage the servers and some other components. Depending on how your Azure AD Connect is set up, if you want to make changes to an account on Microsoft 365 that you have migrated, you can get an error that the account and properties are managed by your on-premises servers. You cannot make changes like adding an alias to a user account.
Recently, a customer called me with this error, and they also advised that they tried using PowerShell, but it also gave them an error. They urgently needed to get the alias address added to complete the migration to Microsoft 365. The solution to this problem is straightforward and requires only a few steps to be completed.
Adding an email alias
In this article, we are not going to deep dive or set up Azure AD Connect. I covered that in an article previously here at TechGenix, but we will be utilizing PowerShell to force changes to Microsoft 365. To add the alias, we need to log in to Active Directory on-premises.
Click on the start menu type in “Active Directory,” and you will get a list of options to choose from and select Active Directory Users and Computers. Or you can open up Windows Administrative Tools and launch Active Directory Users and Computers from there. Or, if you are like me, who uses shortcuts to get to things, you can hold down the Windows+R keys and enter this command: dsa.msc. This will open up ADUC (Active Directory Users and Computers.
Once Active Directory Users and Computers launches, you will see a window similar to the one below:
To perform the step to edit the properties of an account, we need to enable advanced features. You can do this by clicking on the View menu button, and in the drop-down, click on Advanced Features, which will put a tick next to it. Once enabled, you will see more folders in Active Directory appear.
Navigate to the Organizational Unit (OU) where the account is that you want to modify. Open the account properties for that user as shown below:
Time to use the Attribute Editor
Because we enabled the Advanced Features, we now can see the Attribute Editor tab, and this is where we will be adding in the additional SMTP alias address. Scroll down to where you see the field called proxyAddresses. It will most likely be blank or have information in it as shown below:
Double-click on proxyAddresses and add in the address. You need to add SMTP: before the address )no spaces), for example, smtp:[email protected] You enter this in the box that says, Value to add: and then once you have typed in the address, you can then click the Add button as shown below:
When you click the Add button, the SMTP address will appear in the box below as shown in the image below:
Forcing a sync
You can now complete this by clicking OK and then clicking on Apply and OK in the window behind this one. The final step is to force an Azure AD Sync. On the server where you have Azure AD connect installed, open up an elevated PowerShell window and type in the command below to force a sync:
Start-ADSyncSyncCycle -PolicyType Delta
Press Enter and give it a couple of seconds. You should see a result showing “Success,” as seen below:
If you head over to the Microsoft 365 admin portal and open up the Exchange admin center, you can find the user and check the email aliases. It should show the one you just added along with the other ones. The process is straightforward and should take you only a few minutes to complete.
If you are not comfortable using PowerShell, you will need to wait for the next Azure AD sync to take place. On the Office 365 dashboard, you can see the time of the last sync and can calculate from there when it updates.
If you open up the Azure AD Synchronization application, you should see that the delta sync shows updates for a user account, normally shown as a GUID. If you double-click the GUID, you will see the account that has changed.
Featured image: Pixabay