Often, an Organization has Office 365 set up for their mailboxes and other business tools, and then run into an issue after they add Federation to the picture, which is that they can no longer modify some attributes of the mailboxes or distribution lists once Federated, in the Office 365 portal directly any more.
This may be something along the lines of, “I cannot hide a distribution list from the GAL anymore,” or “I need to allow external senders to a Distribution list.”
Because the domain and objects are Federated to the source Active Directory, all changes need to be made in the source directory before they will update. (Microsoft will no longer allow it in the Office 365 portal). The problem is, not all needed attributes exist if Exchange server has not been installed first.
How can an Administrator add a $True value to ‘msExchHideFromAddressLists’ to hide a mailbox, if this attribute is not present in the source directory?
The answer is to extend the Active Directory schema to include those attributes needed for Exchange server. This is normally done upon install of Exchange server. If Exchange was not ever installed, these attributes will be missing. To add them, we can manually prepare Active Directory to include them, as if we were preparing to install Exchange server as well. With this method, we DO NOT need to install Exchange Server 2016, only to extend the schema.
*CAUTION* The next steps should be thought out carefully by an experienced Administrator and all caution should be taken to back up your environment before any changes are made to Schema.
Step 1- Download Exchange Server software and extract to a location that can be accessed from a Domain Controller or Global Catalog server. Do not install the software, simply extract it. As a courtesy, link provided here (subject to change by Microsoft and provided as a courtesy)
Step 2- Once the install files have all been extracted. Open a Command prompt as Administrator, while logged in as an Enterprise Administrator and Schema Administrator.
Step 3- In Command prompt, cd to the location where the content of the Exchange install media was extracted.
Step 4- Run the following command to install the Exchange server schema.
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
Once complete, this will replicate through the organization.
Next, you can browse through the new attributes and make the needed changes in ADSI/Attribute Viewer.
*All material in this blog are not specific to Centrify, and are well documented by Microsoft. Microsoft content for more information can be found here;
Last, upon next reload of the object in the Centrify Admin portal, the new attribute values will sync over to Office 365.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.