This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 84%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Our organization (Hybrid AD, only Exchange Online) is migrating to a new domain (.com to .gov) for our email. We've successfully migrated all user accounts, retaining the old address in Proxy, but some of the mail-enabled security groups are being difficult. I set the Mail field to the new address and update ProxyAddresses as smtp:{old address}; SMTP:{new address}. I force a delta sync and verify that the changes show in both the AAD Audit Logs and Synchronization Manager on the server. When I refresh Exchange Online it shows the Group Email (mail-enabled security) with the address; however, as soon as I click on the row to open and verify, that field in the listing changes to the old address and it shows as a distro group. The Primary address still has the old address and the new address isn't listed under Aliases. It doesn't seem to matter whether I have the new address as an alias at the beginning or not. As a test I've left everything with the old address and simply added the new address as an alias (smtp), but it never shows in Exchange and bounces back as unreachable.
I've successfully migrated two of the problem groups, but it seems to be completely random. On those two I had tried the steps that worked a dozen times until it finally magically worked. Because these groups are on-premises and synched up I can't make the changes in Exchange. No amount of time seems to help. When it worked, it worked immediately and unexpectedly.
Thank you!
Jon
Hi there. Have you removed the object from Azure and re-synced?
Thank you for the suggestion. I hadn't tried that previously because I was concerned about losing any settings, permissions, and data, but I just tested on an unimportant group. The group was recreated in Azure as a mail-enabled security group - it even shows as a security group in the Classic EAC, whereas all of the groups giving me problems show as distribution lists. The downside is that as I go through and delete/add the groups the Delivery Management for all of them is set to allow all internal and external delivery, which of course I can't change in Exchange. The important thing right now is to get the new address working, so we'll work on that bit sometime later.
Thanks again!
For a synced group, it will show as below, you could see (You can only manage this group in your on-premises environment. Use 'Active directory users & groups' or 'Exchange Admin Center' tools to edit or delete this group.):
For Exchange online hosted group, you could see the "edit":
For your group, I think it hosted on Exchange online, you could try to click the "edit" to modify email address for this group.
We can also it is synced with local AD, I think this phenomenon caused by AD and Azure account conflict. You could try to delete the local AD account, check whether it show as Exchange online hosted group.
It is suggested you delete this group from both Exchange online and Exchange on-premises, then create a new one.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.