I ran into an issue recently where I could not update or change the email address of an Office 365 mailbox for a client using AADSync. Since it took me some time to figure out the solution and I could not find any related content quickly on the web that was thorough; I figured I would put together a thorough solution to save time for the IT pros out there.
The problem starts after you perform a migration to Office 365 and you have AADsync setup to sync passwords or Federate your AD out to Office 365. You might try to setup a new user in your local Active Directory and pop over to your Office 365 Admin portal to change the default email address or add an alias. When you do that and try to save it you get an error telling you:
“The operation on mailbox “sysBlogging” failed because it’s out of the current user’s write scope. The action ‘Set-Mailbox’, ‘EmailAddresses’, can’t be performed on the object ‘sysBlogging’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.”
The error is telling you that AADsync is getting this info from your On-Premises Active Directory and that the Office 365 directory is not the authoritative directory for this user attribute. We need to edit this in the On-Premises Active Directory. Here is how you do it.
Open Active Directory Users and Computers (ADUC). Go to the View menu and make sure Advanced Features is selected.
Next we will go to the user and right click, then select Properties. In the user Properties, go to the Attribute Editor tab.
We want to edit the proxyAddresses attribute. Double click that one and format your email address as the following:
For the primary email address (Reply-to) enter it with SMTP in all caps.
Example = SMTP:firstname.lastname@example.org
For an alias enter it with smtp in lowercase letters:
Example = smtp:email@example.com
Once this is entered we will need to force a sync to Office 365 with AADsync. Go to the computer with AADsync and open a prompt (Run as Administrator). Enter the following command:
Wait for a few minutes. Then confirm in Office 365 that the email address change or addition has propagated to the user account.
I hope this saves someone some time.