Link to home
Start Free TrialLog in
Avatar of Joergen Lind
Joergen LindFlag for Denmark

asked on

On-Prem and Office 365 GALs are different

Hi everyone.

We're in a hybrid setup with Exchange 2013 and Ofice 365.

Our issue is that some users with a mailbox in Office 365 cannot send to some users with mailbox on the on-prem Exchange 2013.
I've narrowed it down to the GALs, where the primarysmtp fields are different for the same user.

On-prem GAL entry:
x500:/0=ExchangeLabns/.... etc

Office 365 GAL entry:
SPO:SPO_436334 etc
x500:/o=COMPANY/ou=Exchange Administrative Group [FYDI.... etc

The MAIN culprit here is of course that the user's Primary SMTP address, listed in the Office 365 GAL, does not exist on the user's mail account at all.

But why are those two GAL's different? Is that by design? Links and/or helpful answers are much appreciated.


Bjorn Dirchsen
Avatar of Vasil Michev (MVP)
Vasil Michev (MVP)
Flag of Bulgaria image

If you have made changes directly in O365, those are in general not written back to AD. This is indeed by design, there are very few attributes that are written back to on-premises and only in specific situations. ProxyAddresses is one of those attributes (if you have the "Hybrid" option in AAD Connect enabled), so I'm not sure what went wrong in your case. But it's always required to make any changes in AD, then rely on dirsync to replicate them in O365.

In this specific scenario, you can just add the additional alias on-prem and be done with it.
Is domain is added to Office 365 Domains?
Avatar of Joergen Lind


@Vasil Michev. We ONLY make changes to users from the on-prem AD/Exchange since only few changes are written back from Office 365.  SO we can rule this out. Ok, I can add the nescessary attributes, but since these users are test-users i would like this to work before I migrate the remaining 100 users :)

Thanks, Bjorn
@Shreedhar Ette. No, is not added to the Office 365 domains. Could that be the reason?
Avatar of Shreedhar Ette
Shreedhar Ette
Flag of India image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Oh, good catch Shreedhar, I totally missed that. And it seems I also misinterpreted the addresses, assuming the O365 ones are the on-premises ones... Guess I should drink some more coffee :)

So yeah, Bjorn, you need to add/verify any domains you have associated with email addresses and any other attributes. Otherwise they will either be replaced with the domain or dropped altogether.
Cool. I'll jump to it right away and update with my findings.

Thanks a lot guys!

Br, Bjorn
It worked! Adding to the list of Domains (and waiting for the GAL to be updated at 5am)  solved it.

The attributes of the user in the O365 GAL are now:

Office 365 GAL entry:   <-- New!
SPO:SPO_436334 etc
x500:/o=COMPANY/ou=Exchange Administrative Group [FYDI.... etc   <--- New!

Thanks to Shreedhar for spotting the culprit right away!