Monday, May 5, 2014

Orphaned Exchange Online External Contacts preventing users account to sync to Exchange Online.


I recently had a problem with an Exchange Online tenant. There was an external mail contact which was previously synchronised from Active Directory to Exchange Online. So I had deleted the on-premise active directory mail contact but it still existed in Exchange Online. When I tried to delete the contact it gave the following errror message.

The action 'Remove-MailContact', 'Identity', can't be performed on the object 'Sean OFarrell ' because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

To trouble shoot this issue you can do a couple of things to ensure the external contact does not exist in your on premise Active Directory.


  1. Perform a custom search in ADUC: Search Syntax : proxyaddresses=SMTP:sean.ofarrell@contoso.com 
  2. Search the WAAD Mettaverse
  3. Run this command on the Exchange Onpremise management shell
    remove-mailcontact sean.ofarrell@contoso.com
So if after running all of the above steps you cannot find the external contact which is causing the issues. You do the following.
  1. In Exchange Online Run this command : get-mailcontact sean.ofarrell@contos.com | fl
  2. Take note of the attribute value: ExternalDirectoryObjectId
  3. In this example the externaldirectoryobjectid is 2cb3d9c7-cb29-439f-8174-6c80dd9fe6e8
  4. Then connect to Windows Azure Ad via Powershell and run this command
    get-msolcontact -objectid 2cb3d9c7-cb29-439f-8174-6c80dd9fe6e8 | remove-msolcontact
Problem solved. Now run a delta sync on your WAAD server and everything will work fine.

Friday, May 2, 2014

Office365 WAAD not deleting filtered Organisational Units

If you you upgraded a Dirsync Server to the newer WAAD sync tool and the original configuration was syncing the full AD forest then when you upgrade to the newer version. You need to perform a full synchronisation with the complete AD Forest.
 
After the full sync completes , You can then filter the OU's and they will be deleted from Syncing with Office365.
 
 
I recently had an issue whereby the objects in the OU's that I had filtered were not getting removed from my Office365 tenant. So to resolve the issue , I performed the steps above.
 
Once complete , Run the powershell command below to clear out the Office365 recycle bin.
 
Get-MsolUser –all -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force