Friday, September 1, 2017

Remove Proxy Address from Office 365 User

I ran into an issue today where I needed to remove a proxy address from a cloud-based administrative user in Office 365 that was unlicensed. This user had a proxy address that was conflicting with a proxy address that was being synced with Azure AD Connect for another user account.

The cloud user was originally created as byron@OnPremDomain.com and renamed to be byron@CloudDom.onmicrosoft.com. When this was done, the original address (byron@OnPremDomain.com) was kept as a proxy address. You could view both addresses when using Get-MsolUser. This address caused a synchronization error for an on-premises user named byron@OnPremDomain.com.

To resolve this error, I need to remove byron@OnPremDomain.com from the list of proxy addresses. However, you can't do this with Set-MsolUser. The mechanism for managing proxy addresses in Office 365 is Set-Mailbox. But, without a license, there is no mailbox for the user account.

The solution is to add a license temporarily:
  1. Add a license for byron@CloudDom.onmicrosoft.com which creates a mailbox.
  2. Use Set-Mailbox -EmailAddresses to remove the incorrect proxy address.
  3. Verify Get-MsolUser shows only the correct proxyaddresses.


7 comments:

  1. I see the solution but having issues running the commands. How do I run the Get-MsolUser command and have it show me all the proxy addresses for a particular user? Also, what would the command be to remove the incorrect proxy address. Could you please provide an example? Thank you

    ReplyDelete
  2. Get-MsolUser -UserPrincipalName $usr | select -ExpandProperty proxyaddresses

    ReplyDelete
  3. I am having issue with a licensed user only....

    ReplyDelete
    Replies
    1. If the user is cloud-only, then you should be able to adjust the email addresses using the Exchange Admin management website without any issues. The only possible concern I can think of would be removing an address that matches the UPN/logon of the user. That might not be allowed.

      If the user is synchronized with on-premises Active Directory by using Azure AD connect then you need to edit the properties of the user on-premises to change the email addresses. Ideally, this is done with management tools on an Exchange Server on-premises. However, if you don't have an Exchange Server on-premises then you edit the proxyAddresses attribute of the user object. That attribute has a list of email addresses that sync to Azure AD/Office 365. The addresses with SMTP: in caps is the primary/replyto address.

      Delete
  4. what if you dont have an email account setup?

    ReplyDelete
    Replies
    1. Assign a license to the user to create a mailbox. Then you can edit the addresses in the Exchange Admin console. Then remove the license afterwards.

      Delete