Share via

How do I change a user's initial domain proxy address

Michael Basso 1 Reputation point
May 1, 2022, 3:00 AM

One of our student's AAD account has an incorrect initial domain proxy address. We do not use Exchange so all the fixes coming back from my searches do not help me. We have on-premise AD. The student had a name change about 5 years ago. All has been well until this week the student was unable to authenticate to an app that usesd Azure SSO. I need to change "@ourdomain.org.onmicrosoft.com" to "@ourdomain.org.onmicrosoft.com" but can't figure out how to. Any suggestions are much appreciated.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,555 questions

7 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Isaac K. Olukare 6 Reputation points
    Jan 28, 2023, 1:28 PM

    Currently, it is not supported to sync any proxyaddress or alias with the .onmicrosoft domain from on-prem to O365 as this domain is only manageable from O365.

    A workaround for this would be so move the affected user to an Unsynced OU. Push a sync which should soft delete the user then restore the deleted user back to active users.

    This action converts the affected user to a cloud only user which allows you to modify the Alias/Proxy address to the correct one. When this is done, return the user to a Synced OU, push a Full sync and this should convert the user to an On-prem user again.

    So far this was the only way I could modify the .onmicrosoft domain proxyaddress of a synced user.

    1 person found this answer helpful.
    0 comments
  2. T. Kujala 8,741 Reputation points
    May 1, 2022, 9:19 AM

    Hi @MichaelBasso-2420,

    Even you don't use Exchange, you need to make changes in On-Premises AD if the attibute has been synced.

    197923-proxy.jpg

    If the attribute hasn't been synced, you need to make changes in Exchange Admin Center (https://admin.exchange.microsoft.com).

    0 comments
  3. Michael Basso 1 Reputation point
    May 1, 2022, 3:00 PM

    Thank you for you reply. However, I had already tried adding entries into the on-prem ProxyAddress attribute like you suggest. There were no entries, so I added 'SMTP:@ourdomain.org' and 'smtp:@ourdomain.org.onmicrosoft.com'. then I manually ran a sync and nothing changed. AAD still had 'SMTP:@ourdomain.org' and 'smtp:wrong@ourdomain.org.onmicrosoft.com'.

    0 comments
  4. Michael Basso 1 Reputation point
    May 1, 2022, 3:07 PM

    @T. Kujala , You suggest "you need to make changes in Exchange Admin Center (https://admin.exchange.microsoft.com)". However, there are no student account there. Therefore i added the Exchange license for this one student. I was then allowed to edit the email address but it would not let me save it. This is the error I get.

    Email address type update failed
    Error:
    Error executing request. An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration. DualWrite (Graph) RequestId: 94ee5ca4-b6fa-4476-b568-ab2101a0e6d3 The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information.

    0 comments
  5. T. Kujala 8,741 Reputation points
    May 1, 2022, 3:49 PM

    @MichaelBasso-2420,

    Okay. I understand.

    You could open Synchronization Service Manager and check if the ProxyAddresses has been selected.

    If the attribute is not available, you should have Exchange Server for modification.

    198035-proxy-addresses.jpg

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.