How do you dirsync mailusers in Office 365 from AD?

Question

We have Contact objects in Active Directory that are synchronized into Office 365. However, many of these are contacts for users that we have also established an AD account for, meaning we have two objects for many of these people. As we use SharePoint, we need both of these objects to be current (one for the address book, and one for SharePoint).

Exchange Online supports mail users (non-mailbox users), and in Exchange Online, mail contacts can be synchronized from AD contacts, so how do you synchronize a mail user instead of a mail contact? My understanding is that these would be Active Directory users that we just wouldn't license, and I assume we'd set a specific AD property that puts them in mail users instead of mail contacts, but I can't find any documentation about how to do this.

Answer 1

"Mail Users" are security principals with an email address. That is - just an AD account.

"Mail Contacts" are just information containers, and are essentially the equivalent of AD Contact (they map 1:1).

When you sync an OU with AD user objects, then corresponding security principals are created in Azure AD. At this point your users have no licenses to any resources, BUT they will available as a Mail User to Exchange online. If you have two resources however that conflict that could cause a problem. I've not tried to sync both - but if you have a Mail Contact, than syncing Mail User will fail and vice versa (as they both have the same SMTP address).

Mail Contacts are generally used for external contacts to a domain.

So - you should not need two separate objects synced with O365, you only need one or the other. To be honest this should be the same on-prem, you should need both as Exchange will use the AD contact as well.

I would move your "contact" objects to a dedicated OU and not sync this, just sync the AD principles with the email configured and they should be visible in your GAL.

Answer 2

To create a Mail User (instead of a Mailbox) from an Active Directory account when using DirSync / Azure AD Sync, try setting the following attributes in Active Directory:

• mail: [External email address]
• mailNickName: [Required user ID, probably the same as as samAccountName]
• targetAddress: SMTP:[External email address]
• proxyAddresses: SMTP:[External email address]

for example:

• mail: joebloggs@example.com
• mailNickName: joebloggs
• targetAddress: SMTP:joebloggs@example.com
• proxyAddresses: SMTP:joebloggs@example.com

This seems to do the job for me. The key attribute that isn't normally required for DirSync / Azure AD Sync users is mailNickName.

Source: https://social.msdn.microsoft.com/Forums/en-US/478e3ee9-1723-4ac7-8d58-c6d0961e000f/create-mailuser-no-mailbox-external-address-in-local-ad-and-sync-to-365?forum=WindowsAzureAD

Answer 3

To create a mail user (instead of a mailbox) from an Active Directory account when syncing with Azure Active Directory Connect, try setting the following attributes in Active Directory:

mail: [External email address] mailNickName: [Required user ID, probably the same as as samAccountName] targetAddress: SMTP:[External email address] proxyAddresses: SMTP:[External email address]

> True, and works for me. But normally AD does not have mailNickName nor targetAddress attributes, if you newer haven't installed Exchange. But it's possible to extend AD schema for Exchange without installing or buying anything: https://guides.appriver.com/m/89074/l/698027-extend-active-directory-schema-to-include-exchange-attributes