IBM Support

Admin Unable to Modify or Delete user@contoso.onmicrosoft.com in Azure Active Directory

How To


Summary

An administrator is unable to modify or delete the proxy address for the user user@contoso.onmicrosoft.com in Active Directory under Attributes -> Proxy Address. Despite these changes, the address remains unchanged in Azure/Office 365.

Objective


To resolve the issue where changes made to the user's Proxy Address in Active Directory are not syncing with Azure/Office 365.

Environment


  • Active Directory (on-premises)
  • Azure Active Directory
  • Office 365

Steps

Steps:
1.    Export Mailbox to PST Format (recommended)
Before proceeding with any changes, ensure that the mailbox is exported to PST format to avoid any potential data loss. 

2. Verify Editable Attributes
Ensure that attributes such as MailNickName, Mail, UserPrincipalName, Proxy Address, and all associated values are correctly configured and syncing with the cloud.
This is essential for ensuring that the changes to the user’s attributes will be properly reflected in both Active Directory and Azure/Office 365.

3. Change Domain Temporarily
In order to modify the Proxy Address (e.g., from contoso.onmicrosoft.com to contoso1.onmicrosoft.com), the following two steps can be followed:
  • Option 1: Escalate the case to Microsoft for further investigation, or
  • Option 2: Manually move the user to a non-synced Organizational Unit (OU). This will stop synchronization temporarily.
4. Force Synchronization
After moving the user to a non-synced OU, force a synchronization cycle using the following PowerShell command:
Start-ADSyncSyncCycle -PolicyType Delta
This will trigger a synchronization update, and the user will appear under "Deleted Users" in Office 365/Azure.
 
5. Restore User from Deleted Users
To restore the user, navigate to "Deleted Users" in the Office 365/Azure portal. The user should be listed here, and the restoration can either be done through the portal or using PowerShell.
Restore-MsolUser -UserPrincipalName "UserPrincipalName"

6. Modify Alias in Exchange Admin Center
After restoring the user, go to the Exchange Admin Center > Recipients > Mailboxes. Select the affected mailbox and modify the alias as necessary.

7. Delete the User
After modifying the alias, delete the user from Office 365 using the following PowerShell command:
Remove-MsolUser -UserPrincipalName User@contoso.com
The user will remain in "Deleted Users" and will not affect the restoration process.
 
8. Move User Back to Synced OU
Once the user is deleted, move the user back to the synced OU in Active Directory and force synchronization again.
Start-ADSyncSyncCycle -PolicyType Delta
The user will automatically be restored in Azure/Office 365.

Additional Information


The issue occurs because the domain contoso.onmicrosoft.com is considered a temporary domain created in Azure Active Directory (AAD), and as such, it cannot be directly modified or deleted from Active Directory.

This issue may also arise when synchronization between Active Directory and Azure Active Directory (AAD) is not correctly managed.

Document Location

Worldwide


[{"Type":"MASTER","Line of Business":{"code":"LOB66","label":"Technology Lifecycle Services"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SSTKH9","label":"Microsoft Azure"},"ARM Category":[{"code":"a8mKe000000004XIAQ","label":"AZURE"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

More support for:
Microsoft Azure

Component:
AZURE

Software version:
All Versions

Document number:
7177606

Modified date:
11 December 2024

UID

ibm17177606

Manage My Notification Subscriptions

Page Feedback