Friday, August 26, 2011

Add a secondary alias to a federated Office 365 mailbox

Today, Joe called and asked me why he couldn't get emails at  Well, his account was setup for and that's also his UPN in Active Directory.  His business cards have already been printed and he's been using his email to send, so we can't just re-create things.

Office 365, open the pod bay doors

Now, you could just log into Office 365, click on Manage under Exchange Online, find the user's mailbox and add the address under E-mail Addresses.  But since your using SSO with Federation, you're getting this lovely message:
I'm sorry, Dave. I can't do that.
Really, open the bay doors, please

Well, if you managed to get SSO and Federation configured, you're probably already familiar with the key to this process, ADSIEdit.  Launch it and connect to the Default naming context.

Step 1: Get the Blue Key
Drill down through the schema until you find your user object, right click it and select Properties.

Step 2: Get the Red key
 Locate the proxyAddresses property and edit it.  Add your secondary alias using the following format (capitalization matters, significantly!):

Note the existing alias with a capitalized SMTP.  That means it's the primary, so we don't want to mess with it.  Click OK all the way back out of ADSIEdit and head over to your DirectorySync server.  Launch %programfiles%\Microsoft Online Directory Sync\DirSyncConfigShell.ps1 and type:


Later, log into the management console of Exchange Online and you should see the results you need:

Look, it's the pod bay, finally!

And according to the references below, if we extend the Active Directory schema for Exchange 2010 SP1, we can leverage additional Active Directory properties that will replicate up to Office 365 and take effect.  Or we could all learn PowerShell remoting, which I've used a few times already for other items, like mass contact creation, but I'll leave that as an exercise for the reader.


1 comment: