Share via

Entra ID users synced from on-prem have old attribute data that was removed from on-prem object

tato386_AIG 20 Reputation points
2025-05-29T20:53:55.12+00:00

I have noticed that many, if not all, of my Entra ID users have an X500 proxy address configured. I am syncing these users from an on-prem AD that has Exchange installed and I figure that at one point they actually did have an X500 addresses configured on-prem and that is why the Entra ID user objects show this. However, the problem is that I long ago removed the X500 addresses from on-prem accounts and they have not been removed from Entra ID. I have tested and confirmed that if I add/remove/delete any SMTP format addresses the changes are synced to Entra so this confirms that this attribute is indeed being synced successfully. It seems that the X500 data has somehow been "orphaned" and I am not sure how to remove it. Thoughts?

Thanks,

Diego

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,961 questions
0 comments
Accepted answer
  1. Surya Prakash Kotte 2,705 Reputation points Microsoft External Staff Moderator
    2025-05-30T05:37:36.6666667+00:00

    Hello @tato386_AIG

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue:

    Entra ID users synced from on-prem have old attribute data that was removed from on-prem object

    Solution:

    Issue is resolved by @tato386_AIG

    checked the proxyAddress attribute and there was no X500 address. However, I continued to look and found that the legacyExchangeDN value is used as a X500 address. I removed the LegacyExchangeDN from a test user and confirmed that X500 was removed in Entra ID.

    If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. tato386_AIG 20 Reputation points
    2025-05-30T19:06:50.77+00:00

    Hello @Surya Prakash Kotte I checked the proxyAddress attribute and there was no X500 address. However, I continued to look and found that the legacyExchangeDN value is used as a X500 address. I removed the LegacyExchangeDN from a test user and confirmed that X500 was removed in Entra ID.

    Thank you

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.