New Users email is different when syncing to Azure.

Randy Haley 20 Reputation points

I added a new user in active directory and list ******@xyz.com in the general tab. A few minutes later, AD Connect Sync did it work but the user has a ******@xyz.onmicrosoft.com email address. I can't change it in Azure because it is synced with an on-premise DC.

I have tried removing the user from AD, waiting until in syncs, and readding him but the same thing happens.

Any help would be appreciated.

Thank You,

  1. Deleted

    This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Sign in to comment

2 answers

  1. Steven Nguyen (WICLOUD CORPORATION) 85 Reputation points Microsoft External Staff Moderator

    Hi Randy Haley,

    Based on my analysis, this behavior is expected in a hybrid Active Directory environment

    When a user is synchronized via Microsoft Entra Connect, the cloud identity is determined primarily by the following on-premises attributes:

    • userPrincipalName (UPN)
    • proxyAddresses

    The E-mail field in the General tab primarily serves as a display attribute. It does not dictate the cloud identity or the primary SMTP routing address.

    If the user’s UPN suffix:

    • Does not match a verified domain in Entra ID, or
    • Is a non-routable domain (such as .local)

    In such cases, Entra ID automatically falls back to the tenant’s default domain (e.g., *.onmicrosoft.com), which explains why the user appears with this address after synchronization.

    ============================

    Recommended Resolution

    Please follow the steps below on your on-premises Active Directory:

    1. Verify the custom domain in Entra ID

    • Ensure that xyz.com has been successfully added and verified in your Entra tenant.

    2. Update the UserPrincipalName (UPN) on-premises AD

    • Open Active Directory Users and Computers (ADUC).
    • Go to the Account tab of the user.
    • Change the UPN suffix from the drop-down menu to match your verified domain: ******@xyz.com.

    3. Update the Primary Routing Address

    • Navigate to the Attribute Editor tab for the same user. (Note: Enable 'Advanced Features' in the ADUC View menu if this tab is hidden).
    • Locate and edit the proxyAddresses attribute.
    • Add the following value (ensure "SMTP" is capitalized to designate it as the primary address):
      • SMTP:****@xyz.com**
    1. Trigger a synchronization cycle
    • Run the following command in PowerShell on your Entra Connect server to force an immediate update:
      • Start-ADSyncSyncCycle -PolicyType Delta

    After the sync cycle completes, the user’s UPN and primary email address in Entra ID will be updated correctly.

    ============================

    If this helps resolve your problem, please consider hitting "Accept Answer" so other users facing this failure can easily find the solution!

    0 comments No comments
    Sign in to comment

  2. AI answer

    Because the user is synchronized from on-premises Active Directory, the primary SMTP address in Exchange Online is being generated from directory attributes, not from what is typed only on the General tab.

    For synced users, Exchange Online email addresses are populated from these on-premises attributes (in priority order):

    1. proxyAddresses
    2. mail
    3. userPrincipalName

    If none of these contain ******@xyz.com when the object first syncs, Exchange Online creates and uses the default MOERA address ******@xyz.onmicrosoft.com as the primary SMTP.

    To have the user show ******@xyz.com as the primary email address:

    1. In on-premises Active Directory, open the user in Active Directory Users and Computers.
    2. Make sure the user’s userPrincipalName suffix is @xyz.com (a verified domain in Microsoft 365).
    3. Populate one of the supported attributes with the desired SMTP address:
      • Preferably set proxyAddresses so it contains:
        • SMTP:******@xyz.com (note the uppercase SMTP: for the primary address)
        • Optionally smtp:******@xyz.onmicrosoft.com as a secondary address.
      • If proxyAddresses is not used, set the mail attribute to ******@xyz.com.
    4. Run or wait for Azure AD Connect synchronization.

    After sync, Exchange Online will set ******@xyz.com as the primary SMTP and keep ******@xyz.onmicrosoft.com as a secondary MOERA address. The MOERA (******@xyz.onmicrosoft.com) cannot be removed or changed, but it can be overridden as the primary SMTP by correctly populating proxyAddresses/mail in on-premises AD.

    Do not try to change the email directly in Microsoft 365 for a synced user; always change the attributes in on-premises AD and let Azure AD Connect update the cloud object.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.
Sign in to answer

Your answer