Sync-generic-failure when removing proxyAddresses from on-prem account

Question

I need to remove a proxy address from a user so I can preform actions in exchange, however when I go to remove the attribute from the on prem account I get a sync-generic-failure. I'm unable to remove the proxy address in exchange or microsoft admin center due to the fact that the account is synced. I am also unable to adjust the synced attribute because is a default attribute. All help is appriciated.

Answer 1

Hello @Liam Ray So based on your description so far, you're getting a sync-generic-failure, the engine is trying to delete a smtp: address, but the change isn't being accepted. This might be due to:

• Immutable or protected attribute in the sync rules.
• Incorrect modification method (e.g., not using ADSI Edit or proper tools).
• Conflicting sync rules or permissions.

Please make sure that the error only occurs on this account so that we can better locate the bug and solve this issue correctly.

Here are some methods to try:

- Check for Custom Sync Rules

Please make sure that this proxy address is not used by other accounts and does not conflict with other sync rules. If the sync still fails:

• Open Synchronization Rules Editor.
• Look for any custom inbound or outbound rules affecting proxyAddresses.
• Ensure no rule is trying to enforce a value that conflicts with your change.

- Use ADSI Edit to Modify proxyAddresses

Since the attribute is synced, you must change it on-premises:

• Open ADSI Edit on your domain controller.
• Connect to the Default Naming Context.
• Navigate to the user object.
• Right-click → Properties → Find proxyAddresses.
• Remove the unwanted smtp: entry (case-sensitive: SMTP: is primary, smtp: is secondary).
• Click OK and close.

Be careful not to remove the primary SMTP address unless you're replacing it.

- Force a Delta Sync

After making the change:

Start-ADSyncSyncCycle -PolicyType Delta

This will push the updated attributes to Entra ID.

- Review Azure AD Connect Logs

Check the Synchronization Service Manager:

• Go to Operations tab.
• Look for the failed sync run.
• Click the error to get more details—especially if there's a rule precedence or attribute flow conflict.

Kindly let me know if any of these works for you or if you have any further question.

If I have answered your question, please accept this as answer as a token of appreciation and don't forget to give a thumbs up for "Was it helpful"!

Best regards,

Megan

Answer 2

Hi @Liam Ray
It sounds like you're running into a sync-generic-failure when trying to remove a proxy address from an on-premises account that's synced with Microsoft Entra ID.

The issue here is you have multiple custom rules with the same sync scope which are trying to flow the value for attribute msExchMailboxGUID which have differing ExecuteOnce: true/false values.

1. Check for Duplicate SMTP Addresses: Ensure that the proxy address you're trying to remove isn't being used by another object in your on-premises Active Directory or Exchange Online. Duplicate addresses can trigger sync issues. You can check for conflicts by running the following PowerShell command in Exchange Online:

      
      Get-EXORecipient -ResultSize unlimited | Where-Object {$_.EmailAddresses -match "<conflicting SMTP address>"} | fl Name, RecipientType, EmailAddresses
   

2. Use ADSI Edit/Clear msExchRemoteRecipientType: If you're in a hybrid environment and the conflict is due to an incorrect setting, you might need to use ADSI Edit to clear the value of the msExchRemoteRecipientType attribute for the affected user. Ensure that you're careful doing this, as incorrect changes can cause issues. Here’s a summary of the steps:
   • Open ADSI Edit and connect to the default naming context.
   • Locate the user object and find the msExchRemoteRecipientType attribute.
   • Clear its value and apply changes.
   3. Force a Sync: Once you've made these changes, force a sync with the following command:

      Start-ADSyncSyncCycle -PolicyType Delta
      
      
   

   Hope this helps. Do let us know if you have any further queries.