External address for internal contacts (sort of)

Ok, I really have no idea how to name this one, so let’s just go on with the description.

Say you have a company with several subsidiaries, using different domains and mail systems. You want to move some of the functionality to Office 365, while keeping mail as it is. As a result of this, you have not verified those additional domains in Office 365.

Here’s the tricky part: you want those users to be visible in the GAL and you want to use the already existing AD objects to achieve this. So you have added additional SMTP addresses in the users in your local AD and even though there is no mailbox for those users in EO, and the object is synced as mail-enabled user, any alias for any domain you have not verified with Office 365 will be replaced with the @default.onmicrosoft.com domain.

To better illustrate this, lets use an example. If you manually create a mail-enabled user from the EAC or by using PowerShell, you will not face any problems:

PS C:\> New-MailUser -DisplayName 'Bill Gates' -ExternalEmailAddress bill@microsoft.com -FirstName Bill -LastName Gates -Name Bill -MicrosoftOnlineServicesID bill@michev.info

PS C:\> Get-MailUser | ft Name,Prima*,ExternalEmailAddress,userp*
Name                                         PrimarySmtpAddress                           ExternalEmailAddress                         UserPrincipalName
----                                         ------------------                           --------------------                         -----------------
Bill                                         bill@microsoft.com                       SMTP:bill@microsoft.com                      bill@michev.info

As you can see, the PrimarySmtpAddress for the user is populated with the ExternalEmailAddress value, regardless of the fact that the microsoft.com domain is obviously not verified in my Office 365 tenant. Dirsync however will not allow the same to happen, instead Bill would’ve been listed with the onmicrosoft.com SMTP:

PS C:\> Get-MailUser | ft Name,Prima*,ExternalEmailAddress,userp*
Name                                         PrimarySmtpAddress                           ExternalEmailAddress                         UserPrincipalName
----                                         ------------------                           --------------------                         -----------------
Bill                                         bill@xxxx.onmicrosoft.com                           SMTP:bill@microsoft.com                      bill@michev.info

And of course, editing synchronized objects is not possible via the EAC, so the only way to fix this is to use the good old WindowsEmailAddress parameter. Here’s a short script example of how to fix any such mail-enabled users you have:

# filter by Company name or any other relavant attribute
$mailusers = Get-Recipient -ResultSize Unlimited -RecipientTypeDetails MailUser -Filter {Company -eq 'Microsoft'}

# set the PrimarySmtpAddress to match the ExternalEmailAddress, using WindowsEmailAddress
foreach ($user in $mailusers) {
if ($user.PrimarySmtpAddress -like "*xxxx.onmicrosoft.com" -and $user.ExternalEmailAddress -like "*microsoft.com") {
write-host "Setting Primary SMTP address for user" $user.Name  "old SMTP address:" $user.PrimarySmtpAddress "new SMTP address:" $user.ExternalEmailAddress.Split(":")[1]

Set-MailUser -Identity $user.Identity -WindowsEmailAddress $user.ExternalEmailAddress.Split(":")[1]
}
}
This entry was posted in Exchange Online, Office 365, PowerShell. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *