Azure AD Connect and domain sync issue

Page content

Last week I was getting complaints by users in our Office 365 environment that the address book in Exchange was not up to date. The issues was that users where getting email addresses with the .onmicrosoft.com as the default email address. The users with these onmicrosoft.com mail addresses where users that are in our on-premises Exchange environment.

The situation

At this customer we have a select group of users in Office 365 and all other users are in an on-premises Exchange environment. A few weeks ago I have updated the AADConnect client to the latest version and everything went well with the update and all users where still in sync with Office 365.

Let me start with explaining our environment a bit more before diving into the issue at hand. We have the following environment in a simple form.

Our environment

In the AD we have all users with a lot of different email aliases. We have about 200 domains and a lot of users have various email aliases and default email addresses.

The issue

Because not every user is using Office 365 services we only added the domains that are used for authentication and the domains that are necessary for the email aliases of the users that use Office 365. This was working now for a few months that we are using Office 365 and the sync.

Since the latest update of the sync client we got the issue that users say the default email alias .onmicrosoft.com for a few users. First I thought there was something wrong with the sync and searched for the particular user in the Synchronization Service manager, there I saw that all email addresses and aliases where correct. The second thing I checked was the proxyaddresses value of the user in Office 365 with PowerShell. Here I saw a difference of the values in the Synchronization Service manager and what was actually synced. After comparing the addresses between the Synchronization Service manager and PowerShell I noticed that the default email alias domain was not available in Office 365.

The solution

Well the solution was very simple, just add all domains to Office 365. Well this would be a big job because we have over 200 domains and adding them one by one would not be a great idee. Luckily we have PowerShell for the biggest part. I received a list of all domains from our Exchange team and I used that list to add all domains to Office 365. One warning about this, you can only have 50 unverified domains in your tenant, so with almost 200 domains to add we had to break it up in batches of 50.

These are the commands I used.

With this script I added the domains in the CSV file to Office 365.

With this script I got a CSV file with all unverified domains that I gave to the domain registrar. After they are added to all the domains I could run the next command

This script will confirm all newly added domains.

This set of three scripts can be repeated until all domains are added.

Now I only had to set the purpose of the domains in Office 365, this is something that needs to done by hand because there is no PowerShell command for that.

With the next synchronization the proxyaddresses in Office 365 are added and the problem was solved.