It is simple to change the Primary Email Address of an Office 365 user when your tenant is not being synced to your on-premises active directory, but if you are syncing to Office 365 with any of the following tools:
- Windows Azure Active Directory Sync (DirSync)
- Azure AD Sync (AADSync)
- Azure Active Directory Connect
Then you will be unable to change any of email addresses associated with that account, and you will get the following error:
The operation on mailbox “Mailbox” failed because it’s out of the current user’s write scope. The action ‘Set-Mailbox’, ‘EmailAddresses’, can’t be performed on the object ‘Mailbox’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.
How to change the Primary Email Address for an Office 365 account using Active Directory Users and Computers
- Open Active Directory Users and Computers
- Ensure you have “Advanced Features” enabled from the view menu:
- Double click on the user that you want to edit the email addresses for.
- Go to the “Attribute Editor” tab.
- Go to the “proxyAddresses” attribute and click edit.
- Edit the email addresses as per your requirements. Note that the primary address (which is the address that the user will send emails from) is in uppercase “SMTP”.
How to change the Primary Email Address for an Office 365 account using Powershell
You can perform the same operation using Windows Powershell, the basic syntax is like this:
Set-ADUser paulie -Add @{ProxyAddresses="SMTP:[email protected]"}
The problem with running this command is that you may already have a primary SMTP address set and this will not stop you from adding another one. So first of all run:
get-aduser paulie -properties proxyaddresses | Select-Object Name,ProxyAddresses |fl
This will show you all the current proxy addresses for this user. If you want to remove an existing proxy address you can use:
Set-ADUser paulie -Remove @{ProxyAddresses="smtp:[email protected]"}
It is possible neither of the above methods will work if you have never had Exchange installed locally, as the users will not have these attributes. You can follow the instructions on this page in order to get the attributes enabled for your users.
If you have any questions, feel free to ask in the comments.
Mezza says
Very useful! Thank you!
sh10 says
THX
Nelson Matias says
Thanks!!!!
Keith Wallace says
Thank you very much! If we wanted to do this for all users how would the script read?
Paulie says
Can you explain a little more about what you would like to achieve?
Mike Gusway says
We are running Azure AD Connect to sync our on-prem AD with O365. All mailboxes are remote. When we use Enable-RemoteMailbox our email address policy creates some custom aliases but for this particular user we don’t want it to apply. How can we exclude a specific user from the email address policy using PowerShell? In O365 I don’t see a way to disable this, and on our on-prem Exchange (only used for management), the get-mailbox and set-mailbox commands for users don’t work since there are no local mailboxes. I’m looking for the equivalent of set-mailbox -Identity username -EmailAddressPolicyEnabled $False
Thanks!
Earl says
thanks this really helped
AurukunFinn says
Thanks for this – very helpful.
On our AD / Exchange Online system, most accounts don’t have a proxy email address. They just have their main SMTP email address and in Attribute Editor the account properties show that Proxy Address is completely empty.
Suppose we add a proxy email address to one of these accounts. Time passes, we test both email addresses and they both work. Great.
Now, suppose we wanted to make the proxy email address the primary one.
* Do we just edit the “smtp” alias to make it an “SMTP” alias and then wait for everything to replicate?
* What happens to the old primary email address – will that automatically appear as an “smtp” alias?
Thanks.
Ed says
Very Useful!!, Thank you so much.
Frank Meng says
Very useful share. Thank you.