Suppose you are using Microsoft Exchange Online with Azure AD Connect Sync to synchronize users between an on-premises Active Directory and Azure Active Directory. Further suppose that there are some users for whom you do not want to create an Exchange Online mailbox, but would like to forward email to an external address. This might occur for part-time employees, contractors, partners, or other users for whom it is convenient to have a company email address, but a mailbox to hold the email is not required or desired. How would you accomplish this?
Mail-Enable Users
The best solution I have come up, based on the Microsoft Answers question Convert on-premise AD users to MailUsers (Exchange online) and other similar discussions, is to create a Mail User for each AD user. Unfortunately, the Mail User can not be created using the steps in the Mail User documentation because the user already exists, causing a conflict:
error
The proxy address “SMTP:user@example.com” is already being used by the proxy addresses or LegacyExchangeDN. Please choose another proxy address.
Instead, the user must be mail-enabled in the on-premises AD, then
synchronized to Azure AD. If Exchange is installed on the server, this can be
accomplished with
Enable-MailUser:
Enable-MailUser -Identity UserName -ExternalEmailAddress user@otherdomain.example
If Exchange is not installed, the same effect can be accomplished by setting the necessary AD user object properties:
mail- For the user’s Primary SMTP Address.
proxyAddresses- For any additional addresses for the user.
mailNickName- For the user’s Exchange Alias.
targetAddress- For the external address to which the user’s mail will be forwarded.
These can be set by any LDAP or AD property editor, such as ADSI Edit or
Set-ADUser:
Set-ADUser -Identity UserName -Replace @{mail='username@company.example';mailNickName='username';proxyAddresses=@('SMTP:username@company.example','SMTP:username@companyalt.example');targetAddress='SMTP:user@otherdomain.example'}
AD Schema Extension
Unfortunately, if Exchange has not been installed, these properties may not exist in the AD Schema, which would cause errors such as the following:
Set-ADUser : The specified directory service attribute or value does not exist Parameter name: mailNickName
Be aware that “when directory synchronization is enabled for a tenant and a user is synchronized from on-premises, most of the attributes cannot be managed from Exchange Online and must be managed from on-premises”. To facilitate this, Microsoft provides the Hybrid Configuration Wizard to license a locally-installed Exchange server by validating your O365 tenant. (Note that Exchange doesn’t need to be fully configured to manage mailboxes.) Alternatively, it is possible to use the Exchange installer to extend the AD Schema without installing Exchange:
setup.exe /prepareschema /iacceptexchangeserverlicenseterms
After /prepareschema completes, it should be possible to set the properties
described above on user objects.
Synchronize to Azure
Once the properties have been set, simply wait for AD Connect Sync to synchronize the properties to Azure or start a sync cycle to do so immediately. Once synchronized, the mail-enabled users should appear as Mail Users in the Exchange Admin Center.
