Unable to update the specified properties for on-premises mastered Directory Sync objects

AD 21

Environment:
Hybrid with an older Exchange 2010 server.
AD server 2019 running AZURE AD CONNECT (latest version as of March 2022)
I've been adding new employees by creating a new account in AD and syncing with AZURE. No problems there.
Then I go into the Office 365 portal and assign Office for business licenses. A mailbox is then created and working no problem.
Recently, when using the Exchange Admin online, trying to add an alias to ANY mailbox or simply changing the REPLY to SMTP address, I am getting the error:
Error executing request. An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration. DualWrite (Graph) The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information.
This was uncovered when a user sent me an email and it came the onmicrosoft.com domain instead of the company domain. When I looked at the account, I tried to change the REPLY TO back to the default company email and got the error also.
Only 3 employees are effected by the "onmicrosoft.com" issue but I cannot add an alias email to ANY mailbox or change the primary email.
About 2/3 of the employees were migrated from the on premise Exchange server about a year ago and the rest created as mentioned above.
Checking the AD CONNECT LOGS, there are no errors at all when syncing and the online dashboards show no sync errors.
I then tried going into the users AD Properties on Premise and changed the PROXY ADDRESS ATTRIBUTE to change the default reply to SMPT:user@keyman .com. That syncs no problem and shows up in the portal as the primary address but when the user sends an email, it still comes from the onmicrosoft.com domain. I'm at a loss without any log errors to point me in the right direction. The syncing from on premise to online seems to be working fine otherwise.
Thank you

Travis R 6 Reputation points

2022-04-19T15:09:37.153+00:00

I'm having the exact same issue...

" Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration."

I keep seeing all the solutions referring to making the changes in your on-prem ecp..
However, there is no on-prem exchange server.. Only Microsoft 365 Hosted Exchange.

Any advice?
MiGorengChilli 1 Reputation point

2022-09-15T23:32:20.89+00:00

seeing the exact same error on 2 tenants now. Something has changed with how microsoft does dirsync/hybrid setup. We used to be able to edit these attributes in EXO.
MiGorengChilli 1 Reputation point

2022-09-16T00:02:51.213+00:00

Im thinking it might be related to this:

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-improvements-to-accelerate-replication-of/bc-p/3628838#M34099

Is there a way to turn off the dual-write feature?
Darth Suslik 31 Reputation points

2022-10-25T16:08:10.493+00:00

I'm sure you already figured this out but for those just now reading these forums... don't forget that AD Sync pushes the attributes from AD to 365 so... if you no longer have an on-prem Exchange server, that's fine... use Active Directory's attribute editor like you did before Exchange started allowing these aliases added directly in the EAC. Jump into your domain controller, open ADUC and open the user. Click the Attribute Editor and add your aliases there. Once you're done, wait for AD to Sync to 365 on its own or use the ADSync service app to start a Delta Sync (you'll likely still have to wait about 10 minutes for things to appear on the 365 side). Your aliases will start to appear in the Active User's properties eventually. That error you see is actually quite smart of Microsoft... it prevents new data from more than one source, potentially corrupting the record since Microsoft has no way of knowing which info source wins in each situation.
Szufnarowski, Joe 20 Reputation points

2023-02-23T20:08:31.3133333+00:00

I used Darth's suggestion which worked in my environment. The attribute to add the email aliases to is 'proxyAddresses' (which was blank), within my on-prem AD for the user connected with the shared mailbox. Thanks Darth.
Aung Si Thu 0 Reputation points

2023-03-15T01:09:20.6766667+00:00

Thanks, Darth. It worked!

11 answers

Mandeep Dalvair 0 Reputation points

2024-03-01T20:54:19.6733333+00:00

Dual Write Back Error using AD connect for SMTP Proxy addresses

The problem is most of you have forgot to add the smtp: or SMTP: infront of the email address

to fix pls open AD onprem

I not done so already make sure Advanced Features is enabled

"View" from the file menu > "Advanced Features"

Find the user > right click Properties > Attribute Editor

Search for "proxyAddresses" in the list > "Edit" add examples:

SMTP:DefaultReplyEmailaddress@domain.com

smtp:aliasaddress1@domain.com

smtp:aliasaddress2@domain.com

smtp:aliasaddress2@domain.com

a new customer of ours had the same issue for many years and this was an easy fix
Please sign in to rate this answer.

0 comments No comments
Sign in to comment