Extend your Active Directory Schema to include Exchange attributes for Office 365
You will need to download the Exchange setup from VLSC and extract them to a local folder.
Then, open an elevated PowerShell and run
.\setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
Assuming to do accept the terms…
Once this is done, you will be able to use the newly created attributes.
AADConnect however will not recognize them as yet, To rectify this rerun the AADConnect setup tool, located at “C:\Program Files\Microsoft Azure Active Directory Connect” (you should also have a shortcut on the desktop):
As shown on the screenshot select “Refresh connector schema” option, then press the Next button.
You will be prompted to enter credentials for the Azure AD connector, and to select the directories for which connectors you would like to perform the schema refresh.
You will now be able to manage any of the Exchange related attributes and the changes you made will be reflected in Exchange Online.
Hi,
Great straightforward tutorial.
What will happen with the values of attribute that are already populated on Exchange Online ? Will the synchro override them with null values ? will it sync back to on-premise ?
The values would be over written.
Hello and thanks for this topic; I’m joining “Sysadmin” on his question :
We have a customer that recently migrated from Exchange On-prem (Forest 1) to Exchange Online (Forest 2) using a third-party solution. The tool populated a set of attributes on Azure on some mail-enabled security groups that can not be changed anymore (hidden from address book for example) because groups are based on an on-prem group from Forest 2 that has never had Exchange.
We are thinking about suggesting a schema extend to include related attributes but we do not know if this would clear/reset attributes to default when we are going to extend the schema.
In other words: Will attributes settings from AzureAD be synced back to on-premises on first sync after the schema extend ?
Thanks,
Steven
It depends on your setup of AD Connect if it is set to replicate those attributes back to your AD, extending the schema on-site with empty values would, in my opinion wipe the cloud attributes out that got synced.
Hi ,
I want to restrict who can send email to a mail enabled distribution group, but I get error when I try to add few user name /sender list.
I do not have a on-premise exchange server, but i have domain controller(windows server 2019) which is on-premise
Also where do i download exchange, i do not see anything in VLSC.
below is error
The operation on mailbox “” failed because it’s out of the current user’s write scope. The action ‘Set-Distributiongroup’, ‘Accept messages only from senders or members’, can’t be performed on the object ‘company group’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.
Could please kindly let me know if above steps will fix this issue.
Regards,
Alex