You dont have javascript enabled! Please enable it!

Remove the SMTP Proxy Address for a User in Azure Active Directory

5 Min. Read

This article describes how to remove the SMTP proxy address attribute for a user in Azure Active Directory (Azure AD) and assign it to a different user.

Introduction

The proxy Address attribute in Active Directory is a multi-value property that can contain various known address entries. For example, it can contain SMTP addresses, X500 addresses, SIP addresses, and so on.

When an object is synchronized to Azure AD, the values that are specified in the proxyAddresses attribute in Active Directory are compared with Azure AD rules, and then the proxyAddresses attribute is populated in Azure AD. Therefore, the values of the proxyAddresses attribute for the object in Active Directory may not be the same as the values of the proxyAddresses attribute in Azure AD.

As you probably know, in Exchange Online, we can configure more than one email address for the same mailbox. The additional addresses are called proxy addresses. A proxy address lets a user receive an email that’s sent to a different email address. Any email message sent to the user’s proxy address is delivered to their primary email address, which is also known as the primary SMTP address or the default reply address.

In this article, we will show you how to change the proxy address attribute for a user in Azure Active Directory (Azure AD) and use it for a different user.

The issue

We removed an Office 365 license for a user and moved it to another user, and then we added a new email address for the old user to the second user mailbox.

When we attempted to save the changes, Exchange Online threw the following error:

Error executing request. An Azure Active Directory call was made to keep the object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: Another object with the same value for property proxyAddresses already exists. ConflictingObject: User_1c69c7bf-e4fe-4860-95f6-27f7d9c2151e DualWrite (Graph) RequestId: e67b290d-19bb-4458-9087-2d64467c4787 The issue may be transient and please retry a couple of minutes later. If the issue persists, please see exception members for more information.

Email address type update failed
Email address type update failed

Another warning message that we saw for the affected user is the following:

Exchange: The execution of cmdlet Set-SyncMailbox failed. Cloud property value in AAD is different from the value in EXO. Recipient: username, Cloud property name: CloudMSExchRecipientDisplayType, value in AAD: , value in EXO: ACLableMailboxUser. You can wait for Repair Engine to fix it if replaying divergence didn’t work.

Finding the cause

After several hours of waiting as noted by Microsoft (the issue may be transient), the error did not go away.

A quick look in Azure Active Directory (Azure AD) for the primary user, we found out that the SMTP proxy address is still attached to this user where the O365 license was removed, hence, we cannot add it to the second user mailbox.

The cause of this issue is that the object (attribute) was not synced between Exchange Online and Azure AD. The object that has the same proxy address already exists in Exchange Online.

We tried to edit and remove the SMTP Proxy address in Azure AD, but this is not possible (not editable) as shown in the figure below.

Edit user contact info in Azure AD
Edit user contact info in Azure AD

What is the solution then?

Fixing the issue

To fix this issue, take the following steps:

First, we need to assign the license back to the primary user and wait until the built-in repair engine fixes it automatically.

Next, you need to add/update the proxy address that’s associated with the primary user (object) in the Exchange admin center under (manage email address types).

Next, is to remove the SMTP proxy address for the first user. Because now we have two proxy addresses for the primary user in Azure AD and in Exchange Online.

Last, we must remove and delete the alias that we don’t want for the primary user, and then add it to the second user.

This can be done using the Microsoft 365 admin center portal as follows:

Log into the M365 admin center with an admin account.

Find the primary user and click on it. After the user details open, click on Manage username and email as shown in the figure below.

Manage username and email
Manage username and email

Next, you can click on “···” -> Delete alias to remove the SMTP proxy address as shown in the figure below.

Delete alias
Delete alias

Another option is to use the Exchange Online PowerShell V2 module to remove the SMTP proxy address by taking the following steps:

The Exchange Online PowerShell V2 module (abbreviated as the EXO V2 module) uses modern authentication and works with multi-factor authentication (MFA) for connecting to all Exchange-related PowerShell environments in Microsoft 365.

The latest version of the EXO V2 module is officially supported on PowerShell 7 on Windows, Linux, or Apple macOS.

At the time of this writing, we are using  ExchangeOnlineManagement version 2.0.5 (GA). Take now the following steps:

First, install the PowerShell module by running the following command:

Install-Module -Name ExchangeOnlineManagement

Next, import the module:

Import-Module ExchangeOnlineManagement

Next, you need to connect to Exchange Online PowerShell using modern authentication with or without MFA. This example connects to Exchange Online PowerShell in a Microsoft 365 or Microsoft 365 GCC organization.

Please note that if you are using Office 365 in Germany, China, or US Gov High/DoD, then you need to set the appropriate “-ExchangeEnvironmentName” parameter to specify the Exchange Online environment as documented here.

Connect-ExchangeOnline -UserPrincipalName username@domain.com

Once connected, we need to remove the alias of the primary account by running the following command:

Set-Mailbox username@domain.com -Emailaddresses @{remove="smtpaddress@domain.com"} -Force

Last but not least, remove the license for the first user and then wait a bit before you assign it to the second user.

Next, wait until the warning message is gone for the second user, this will take around 5 minutes to sync. Exchange: The execution of cmdlet Set-SyncMailbox failed. Cloud property value in AAD is different from the value in EXO. You can verify that the sync is completed under the account name of the second user in the Microsoft 365 admin center.

Finally, you can now add the primary email address of the first user to the second user as an additional email address type in the Exchange admin center portal (Manage email address types), or you can use the following PowerShell command to add it:

 Set-Mailbox username@domain.com -EmailAddresses @{add="smtpaddress@domain.com"}

Hope this helps someone out there!

Summary

In this quick guide, we showed how to remove the SMTP proxy address attribute for a user in Azure Active Directory (Azure AD) in Microsoft 365 admin center and in PowerShell, and then we resolved the sync issue between Exchange Online and Azure AD.

A primary email address in Microsoft 365 is usually the email address a user was assigned when their account was created. When the user sends an email to someone else, their primary email address is what typically appears in the From field in email apps. They can also have more than one email address associated with their Microsoft 365 business account. These additional addresses are called aliases.

More details about the Exchange Online PowerShell V2 module on Microsoft documentation.

Add or remove email addresses for a mailbox in Exchange Online on Microsoft documentation.

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Related Posts

Previous

Hardening Azure VMs: 5 Critical Best Practices

The SysAdmin’s Guide to Azure IaaS – Second Edition

Next

Let me know what you think, or ask a question...

error: Alert: The content of this website is copyrighted from being plagiarized! You can copy from the 'Code Blocks' in 'Black' by selecting the Code. Thank You!