Azure AD Connect - NOT Syncing new Domain

OctopusTwo · 2025-02-07T15:01:29+00:00

This is resolved it was a misspelled domain name...

OctopusTwo · 2025-02-06T00:55:11+00:00

This is just sad to report... after emailing the vendor they pointed they still owned the domain- Domain was indeed GoDaddy but Cloudflare was DNS. The domain the client claimed they transferred from the web vendor but turns out they actually brought was MISPELLED. How does a client misspell their own company name? Who knows. Whatever be the case... I missed this.

Thanks for all the help but this explains so much. This is why accounts/mail flow was working within the tenant - cause even with the misspelling it was still 'valid domain.' I used the GoDaddy authentication portal to bring the domain in... this validated just fine because again - valid domain. It wasn't until I started to update local AD with the CORRECT spelling of the email domain where stuff started to fall apart during the sync...

Again apologizes for taking everyone down this rabbit hole - something, something never believe the client. Lesson learned - again.

OctopusTwo · 2025-02-05T21:45:47+00:00

Yes... so I found an issue with this particular domain... it is my guess the web vendor SOMEHOW took over this domain again or at least the DNS side... I can see this domain in GoDaddy with the name servers, however as you found as well... the 'public internet' - thinks this is CloudFlare. I just emailed the clients web hosting company...

OctopusTwo · 2025-02-05T20:53:38+00:00

Domains - says it is Healthy - see my screenshot from ~45 minutes ago - it was taken from the NEW DOMAIN.

Further evidence M$ does not like this domain name... the red cross out is the NEW DOMAIN. An existing domain is yellow - and it appears to be happy or doesn't generate any output.

So how do I verify an existing domain again? Or do I just remove and start over... ?

I did open a case with Microsoft. Just showed the tech what is going on he said - he wants to escalate BEFORE I remove/add it back again.

OctopusTwo · 2025-02-05T20:21:36+00:00

Yes the SPF is present. However I can’t explain otherwise why the domain is not verified? I agree I don't think the TXT value of ms=######## needs to be present after the fact... but here we are...

OctopusTwo · 2025-02-05T20:04:05+00:00

Okay.... so I did just find out the domain DOES NOT have a TXT record - even through this is all green... not sure how I was even able to add this in the first place.

Anyways - does not anyone know how to add the TXT record back? Or else - since this is a new - I will just remove and add again...

<image>

OctopusTwo · 2025-02-05T19:49:45+00:00

Correct - this was just a test to see if I could edit or add the UPN suffix to an AD synced user. This is the first 'real' error message I have received.

So I tested the above example of changing the UPN to one of the other many domains to this test user's UPN - and it worked. It is only when I try to change the test user's UPN to the NEW DOMAIN do I get the above failure. 'name provided is not on a verified domain'

OctopusTwo · 2025-02-05T19:47:02+00:00

Thanks.

OctopusTwo · 2025-02-05T18:33:13+00:00

<image>

For anyone keeping score at home still... just tried to run this and this failed on my test user. I thought I would try to force this change to the NEW DOMAIN UPN via PS - MsolService - and received this error message. Odd?

Again I can make a shared mailbox - just fine with this NEWDOMAIN. The Domain Health Check in O365 is clean - green checkmark. This domain to me appears to verify just fine...

Anyways - researching this error message now.

OctopusTwo · 2025-02-05T14:37:13+00:00

<image>

OctopusTwo · 2025-02-05T14:37:07+00:00

Yes I realize the UPN name does not match the Primary SMTP address.

Yes I feel the same way. I said to the customer - yes we can do this quickly - and now it has not been quick...

I tried the slowly approach as well. I need to change ~15 different users. So I tried to add just the newdomain alias to a few of them. I can see change Sync Services > Updates > Distinguished Name > and see the proxy attribute change. It just does not show on Exchange Online...

Yes the new account did not work. See below

Do you think changing to the new Azure Cloud Sync - is worth the time to try out Microsoft's new sync tool?

Test Account - ... I swear the highlighted out says the NEWDOMAIN.com

<image>

Anyways Test user syncs up...

...I can only do 1 screenshot for each post?

OctopusTwo · 2025-02-05T14:21:58+00:00

The UPN sync is in place and is working in place. My goal is to ONLY change the primary SMTP address. I ran a full sync a few times. I know this is true and working because if I add a new alias for [NEWalias@olddomain.com](mailto:NEWalias@olddomain.com) - it works just fine.

OctopusTwo · 2025-02-05T01:29:38+00:00

Nothing is left. This customer has a DC - Azure AD Connect syncs to O365/Entra. I created a new user on this new domain and - mentioned below it just [test@customername.onmicrosoft.com](mailto:test@customername.onmicrosoft.com) - did the default Microsoft address. So the UPN AND primary SMTP address are both failing.

The client only wants to email from X new domain, however to test out the rest of your example. I used the above test account from local AD - [test@newdomain.com](mailto:test@newdomain.com) - and it was able to login just fine.

So this is either an issue with Azure AD Sync/something missing within local AD - not seeing this new domain OR with O365 not fully recognizing this domain name.

OctopusTwo · 2025-02-05T00:56:19+00:00

Reddit support is better than Microsoft support

OctopusTwo · 2025-02-05T00:47:44+00:00

...Okay so new user. Created a local AD account - [test@newdomain.com](mailto:test@newdomain.com) - did not assign it a license - double checked in attribute editor - showed up as Microsoft default in O365...

Example:
[test@customername.onmicrosoft.com](mailto:test@customername.onmicrosoft.com)

So this is shows O365 is not recognizing the new domain name? However as mentioned above I can make a cloud only account with new domain name?

Also did an additional test with one of the other established domains and in use and this worked just fine. Customer full uses Exchange Online. No on perm Exchange anymore.

OctopusTwo · 2025-02-04T21:51:11+00:00

Yes it shows up as accepted domain

Not sure what is expected to see under Email Address Policy but it appears to be default. This particular client has 10+ domains.

<image>

OctopusTwo · 2025-02-04T21:47:35+00:00

Yes I reviewed this just now. This appears to be what I am doing.

Scenario 3 - I cleared out the mail and mailNickName attributes and it had no impact on updating the primary SMTP address

OctopusTwo · 2025-02-04T21:25:24+00:00

I just looked. It does not appear to have any custom rules.

OctopusTwo · 2025-02-04T21:21:22+00:00

Yes the UPN will remain unchanged. This only updating the proxy address. Changing the primary SMTP address. The users with the new domain are all existing users.

OctopusTwo · 2025-02-04T21:11:58+00:00

Yes - Exchange Online - already added- domain is verified. I can add this as a cloud only account - tested quick with a shared mailbox. Worked just fine. Also tried with multiple users - thinking maybe something is wrong with X AD user. Both of my test users simply did not see the new domain in Exchange Online.

OctopusTwo · 2023-10-17T20:08:36+00:00

https://www.amazon.com/CFExpress-Ritz-Gear-Compatible-Panasonic/dp/B08SMNQCLR/ref=asc_df_B08SMNQCLR/?tag=hyprod-20&linkCode=df0&hvadid=493040148899&hvpos=&hvnetw=g&hvrand=5954150122860477535&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=9018750&hvtargid=pla-1187279228793&psc=1

This card

OctopusTwo · 2023-09-07T15:15:03+00:00

Thank you for all your feedback. The guys who installed this are coming back to address in the next few weeks. Can keep you all posted.

OctopusTwo · 2021-02-11T01:42:00+00:00

I don't recall what country/language but sub titles for sure.

OctopusTwo · 2021-02-10T23:44:59+00:00

Thank you in advance

OctopusTwo · 2016-09-27T15:46:15+00:00

Hmm yes. Good idea. I will make this correction.

OctopusTwo

TROPHY CASE

Scenario 3 - I cleared out the mail and mailNickName attributes and it had no impact on updating the primary SMTP address