You can log in to the portal and view the sync status if you are unfamiliar with AAD Connect and the synchronization tool. Let it sync on its schedule, and once done, you can move onto the next step. If the user is an Administrator in Office 365, applying the workaround with the host file entry will block access to the Office 365 portal and they won’t be able to connect to the Admin Center.ĭo not be hasty with AAD Connect, as it may result in you having to re-create accounts over and over. You might have to delete the cached entry in your Outlook and select the user from the GAL the first time if you did email them previously.
If you email the user now, it should not bounce back, and the email should be delivered. It will then set up the account without error, and when you check the connection status, it will show your on-premises server and not Office 365.
#MICROSOFT 365 ACCOUNT PASSWORD#
Once you set up the profile locally on the machine - and if you’re running OAuth while being in hybrid mode - the behavior will be that it will ask you to enter the username and password with a Microsoft 365 login window.
#MICROSOFT 365 ACCOUNT LICENSE#
Add the user to the groups required again, but this time it will assign the license without error.Let AAD Connect Sync run again so that it picks up the new user and all its attributes.Create the user account in your local Active Directory and create an Exchange mailbox for the user.Let AAD Connect Sync run, and it will pick up the change and remove the user and license.This will remove the user from all groups as well. Remove the user from the local Active Directory.Unfortunately, you need to perform a couple of steps to redo everything, which is time-consuming - but it will save you in the long run.
Having seen this happen, it does cause issues down the line for the user. Now, the mailbox will connect, and the user will be able to work locally. This will allow Outlook when setting up the profile to allow you to enter the details for your Exchange environment. If you want to leave it like that, you can, but then the only way to connect to Exchange 2016/2019 on-premises is to add a host file entry on the local machine like this: In this instance, because a license was assigned to the user initially, the mailbox got created. Weird, right?Īll right, so why does this happen? First, if you are running the Microsoft 365 version of Office, the behavior is to look at Office 365 for a mailbox, and if there is one, it will automatically connect to it. People running a retail version of Microsoft Office, such as Office 2019 not on the LAN, can email the user from the global address list (GAL) without error. Recipient not found by Exchange Legacy encapsulated email address lookup People running the Microsoft Office 365 version can also get email bounce backs with a strange X500 address and Exchange reporting this bounce-back message: When you check the connection status, it points to Microsoft Office 365 and not your local Exchange Server. You log in to Outlook on the web with the local credentials, and you can see the email. The laptop is given to the user, but they call you to say that people are emailing them and they are not receiving any email. Because the user is logged into the LAN, the account sets up instantly and without error. OK, so now the IT person comes along and sets up the user’s machine - and while doing so creates a local mailbox on Exchange 2016/2019 on-premises. Now, the next sync takes place, and because the user is assigned a license, they then have a mailbox created in Microsoft 365.
#MICROSOFT 365 ACCOUNT PLUS#
So, what is the problem here? Let’s say I create User 1 on my local Active Directory and I go and add User 1 to the Microsoft 365 group that will have an E5 plus Microsoft Teams license assigned. You can have it set up so that when a user is added to this group, they will be assigned the license you specified that is assigned to these groups. The next thing you can do is have groups in your local Active Directory. Microsoft 365 hybrid mode and syncing Shutterstock After a user is created on your local Active Directory, when the next sync happens, it will show up in Azure AD, and both platforms now know of this user. While we are not going to jump into too much detail, let’s briefly explain this. For those that do not understand AAD Sync or AAD Connect, this basically syncs your local Active Directory to Azure AD, and the setup determines who the authoritative source is. They have a sync to Azure AD along with the hybrid configuration wizard set up so that Microsoft Office 365 knows what is happening on-premises.
Many companies, like my own, run Exchange 2016/2019 on-premises and also have AAD Connect installed. Here’s an odd situation you may have encountered when creating Microsoft 365 accounts if you have a hybrid setup.