How to change primary email address for hybrid Azure/Local AD

Mike CoL 10 Reputation points

We have a local AD environment and it syncs only one way up to our Azure AD environment. I created a user account locally and used an extention attribute value "O365" which causes the record to be created in our Azure AD environment. This is the normal process and has worked fine for 1000+ user acounts. The problem I am experiencing is this new user account I created shows the address as the Primary email address in their Azure AD record. It should be, which is our local/network domain, the should be an alias and this address has always been created automatically when the record is created and synced for the 1st time to Azure.

I cannot change this in the Azure record because it is synced to our local AD, there is a small print note at the top of the user record window displaying this:
"This user is synchronized with your local ‎Active Directory‎. Some details can be edited only through your local ‎Active Directory‎." But the local AD record shows only one email address,, which is the proper value and format.

Do you know why this is occurring for only this user and how I can reconfigure the account so the primary email address is the one with our domain name?

I apprecate your help.

primary email address Azure vs local AD

Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
1,787 questions
Microsoft Entra
{count} votes

9 answers

Sort by: Most helpful
  1. Zafir Ahmed 15 Reputation points

    Go To active Directory >find the Users > go to Properties > attribute Editor > add the address to ProxyAddressess object Like and sync the active directory

    User's image

    3 people found this answer helpful.

  2. Alex Pettigrew 5 Reputation points

    Ensure the proxyAddresses attribute is filled out with

    1 person found this answer helpful.
    0 comments No comments

  3. NCA Admin 5 Reputation points

    The issue appears to be a dead-end configuration option in the Hybrid Environment. Microsoft does not have a way to edit the option in a local AD without a local Exchange server running in it. The Hybrid sync locks out the online ability to change the option and it does not exist in a local AD DC. The way they managed to config exchange in the hybrid environment; was to infer the settings you cannot access when the online exchange mailbox is created by looking at other fields in the user account from the local AD. My best guess so far is it is either the Proxy address field or the email address field in the user account attributes. If these are left to the defaults, blank, then when the user account is sync'd to the online servers, it's automatically assigned to the * domain in your tenant. My default domain is set to the public faced production domain we use, but that apparently does not apply to local user syncs, at least not yet. You can either move the user account to the correct domain online in the 365 Admin portal or set those user attribute fields in the local AD DC. Once the online user account is move to the correct domain, then assign the exchange license. The exchange server will create the mailbox with the correct domain as long as that part is fixed 1st.

    To fix an existing issue, back up everything 1st, then back it up again like always. Then remove the Exchange or equivalent license from the user account. Once the license is removed, and the mailbox is gone, fix the user account so the domain is correct. Up to earlier this year, I was able to permanently delete the mailbox, Fix the user account attributes, then add a license back to the user account and the online exchange server would create a new mailbox for the user account with the correct domain. Now, it uses the old mailbox when its re-enabled, even after permanent removal. Now I have to completely delete the user account everywhere, wait an hour to make sure all the servers update, then create a new user account and make sure the attributes and domain are set before the license is added on. The only other way to fix the issue is to setup a local exchange server in your AD so you have the settings available to you locally. There are many issues with setting up a new local exchange server in an existing hybrid environment to overcome. Unless you have a few dozen user account to worry about, it may be easier to reset them individually and port the data back into the new account and mailboxes.

    Good luck. I don't see Microsoft fixing this issue any time soon. Where the options are imbedded in the AD infrastructure, and how the hybrid environment engages the online config lockouts, makes it extremely difficult for Microsoft to isolate them. Most likely, we will have to wait for the next big server OS revision that is designed from the ground up for hybrid setup and configuration.

    1 person found this answer helpful.

  4. Vasil Michev 90,966 Reputation points MVP

    Do you see the desired address at all in Exchange Online? Is it assigned to the same user or a different one? Easiest way to check is via the Get-Recipient cmdlet:


    Depending on the result, you either have to remove the alias for any additional objects returned by the above query, or simply to set it as primary one. Strongly recommended to perform this operation on-premises. Back in the day, there was a workaround that enabled you to change the PrimarySMTPAddress directly in the cloud, but this is not a supported solution (and no longer works):

    Set-Mailbox -WindowsEmailAddress

    0 comments No comments

  5. Joanne Beirne 25 Reputation points

    Hi, did you resolve this issue? I cant seem to. On our AD server the SMTP and smtp are correct but it's not syncing through to the MS365 tenant. Any help appreciated. Thanks.

    0 comments No comments