Skip Navigation LinksDirectory-Synchronization-(DirSync)

Unable to modify or delete object (Mailuser, MailContact, Users / Mailbox) that are synced with DirSync Active Directory Synchronization in Office 365

You cannot manage objects that were synchronized from the on-premises Active Directory Domain Services to Office 365

You want to manually manage or remove objects that were created through directory synchronization from the Microsoft Office 365 directory but, after ran the synchronization the object still corrupted.

Check if the object has the attributes configured properly in the Active Directory

Click Start > RUN > type ADSIEdit then press "OK"

Do right click ADSI Edit then press Connect to

DisplayName

“User 1 Test” (Type user's display name)

Mail

user1@example.com (type the PrimaryEmailAddress example)

MailNickName

User1

UserprincipalName

user1@example.com

ProxyAddresses

SMTP:user1@example.com

smtp:user1@domain2.com

SamAccountname

User1

Check if the object has the attributes configured properly in the Active Directory

Click Start

Click Start > RUN > type ADSIEdit then press "OK"

Do right click ADSI Edit then press Connect to

Select "Default naming context" then select "OU-that is located the user"

Select the user, do right click, press "Properties"

Check if the object has the attributes configured properly in the Active Directory


Search the "DisplayName " attribute, click "Edit" then press “Ok

 

Find the "mail" attribute, click "Edit" then press “Ok

 

Find the "mailNickname" attribute, click "Edit" then press “Ok

 

Find the "UserPrincipalName" attribute, click "Edit" then press “Ok

 

.

Find the "SamAccountname" attribute, click "Edit" then press “Ok

 

Force full Synchronization from the AD Directory Synchronization server

Start > Computers > Local Disk C > Program Files > Microsoft Online Directory Sync > select the PS file

"DirSyncConfigShell.psc1" (then press enter).

Type:

Start-OnlineCoexistenceSync

 

If the issue still occurring after the DirSync was forced but, the object still not doing changes.

Click Start > All Programs > Microsoft Cloud Services and select Windows Azure Active Directory for Windows PowerShell

Method 1:

How to connect BOTH PowerShell (Windows Azure Active Directory for Windows PowerShell) and (Exchange online PowerShell) in one session.

Copy and paste the commands below:

$LiveCred = Get-Credential
Connect-MSOLservice –Credential $livecred
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
https://ps.outlook.com/powershell/
-Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session

“Office 365 Global Credentials will be required”

After connect to Office 365 PowerShell, follow the process below:

1. Gather the user/mailbox information to be modified using the command below:

Get-Mailbox userorphan@tenant.onmicrosoft.com |FL WindowsLiveID, MicrosoftOnlineServicesID, Identity, Name, WindowsEmailAddress, PrimarySmtpAddress, EmailAddresses, UserPrincipalName

2. To change the UPN and identity login for the user, run the command below:

Set-MsolUserPrincipalName -UserPrincipalName userorphan@tenant.onmicrosoft.com -NewUserPrincipalName renamed@tenant.onmicrosoft.com

3. After the UPN was modified the attributes “Identity” and “Name” needs to be modified from Exchange online servers using the command below:

Set-Mailbox renamed@tenant.onmicrosoft.com -Name renamed@tenant.onmicrosoft.com –DisplayNameRenamed Display

Set-Mailbox renamed@tenant.onmicrosoft.com -WindowsEmailAddress renamed@tenant.onmicrosoft.com

4. To verify the all the important attributes were modified run the command below:

Get-Mailbox renamed@tenant.onmicrosoft.com |FL WindowsLiveID, MicrosoftOnlineServicesID, Identity, Name, WindowsEmailAddress, PrimarySmtpAddress, EmailAddresses, UserPrincipalName

========================================================================================

To search if any other account associated with the same UPN, from local AD run the command below:
Where "UserUPN" is the UPN/Alias for the affected user.
Live1 is the local domain controller.

To search UPN in local AD

ldifde -f result.txt -d "DC=live1,DC=local" -r "UserPrincipalName=*UserUPN*" -p subtree

ldifde -f mail.txt -d "DC=amdocorp,DC=com" -r "mail=*UserUpn*" -p subtree

ldifde -f UserPrincipalName.txt -d "DC=amdocorp,DC=com" -r "UserPrincipalName=*UserUpn*"-p subtree

ldifde -f sAMAccountName.txt -d "DC=amdocorp,DC=com" -r "sAMAccountName=*UserUpn*" -p subtree

ldifde -f mailNickname.txt -d "DC=amdocorp,DC=com" -r "mailNickname=*UserUpn*" -p subtree


To search the local AD attribu​tes usi AD PowrShell:


Get-ADUser -Filter * | FL UserPrincipalName,UserPrincipalName,distinguishedName,name