Request help with issues related to O365 and on prem exchange user accounts (the action can't be performed on the object because the object is being synchronized...)

So I am constantly getting this message when working in Office 365 and On-Prem (exchange 2013) EAC
"the action can't be performed on the object because the object is being synchronized..."

Like I go to run an Exchange PS command or do something through the GUI but can't. Some users show up on both sides and some only on one or the other. Very frustrating.

For example, I went to add myself as a moderator on a Distribution Group in O365 but I got the error above so I go over to the on prem (enterprise) EAC and when the window comes up displaying user accounts, I am not there.

Any ideas very much appreciated.
king daddyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian MurphySenior Information Technology ConsultantCommented:
In a hybrid mode scenario where you still have on-prem Exchange you would need to make all changes on-prem - for example, using AD Users and Computers/Exchange.

Also, you "might" have synchronization issues that are brought on when the 1. UPN, 2. Primary SMTP Address and 3: ProxyAddresses attribute do not match.  This would actually lead to "duplicates" showing up in O365 or inability to make changes that replicate properly.  With each object having a unique targetdeliveryaddress using format:

That message you are getting is specifically stating that you need to make changes on-prem side only.
king daddyAuthor Commented:
Thanks, Brian (again). I have not yet seen any duplicates. There is only one dirsync error showing on O365 admin portal and it is some random email address.

Not really sure how to get it so that I can, for example, see my account on prem when editing objects (like adding myself to a group or as a moderator as mentioned above).
Brian MurphySenior Information Technology ConsultantCommented:
Well.... Just to make sure and when you say "see my account".... was your account created on-prem or does it only exist in O365?

You would have to create an on-prem account first and grant it local admin rights, sync, then make changes on-prem, sync.
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

king daddyAuthor Commented:
Not sure where it was created. I replaced an admin and someone else created my account and they are now gone as well.

In EAC O365 my mailbox type is "user". My account is not listed in EAC Enterprise. I am thinking O365 based on  my observations below.

One thing I notice is that one user I am working on in EAC O365 has mailbox type of "user" but when listed in EAC Enterprise (you know, on prem) he has a mailbox type of "Office 365".

Another user in only listed in EAC O365 and has a mailbox type of "user". Again, not listed in EAC Enterprise.
king daddyAuthor Commented:
I ended up doing this which solved the issue almost instantaneously.

To be clear, in EAC Office 365, I saw my user account and the mailbox type was "user". In EAC Enterprise (so my on-prem Exchange 2013 server), I DID NOT see my user account but expected to see it with a mailbox type of "Office 365". Because I was not listed on-prem, I was not able to add myself to groups or in the case of this particular task I was unable to add myself as a moderator to approve emails sent to an All Employees distribution list. I ran the following PowerShell command in the Exchange Management Shell on my on-prem Exchange 2013 server and as soon as I went to the EAC Enterprise portal, my user account was there with a mailbox type of "Office 365" and I was able to add myself to the distribution list as a moderator. Previously, my account did not even show up as a choice to add as a moderator from the on-prem EAC and when I was on the EAC Office 365, I would get the error "the action can't be performed on the object because the object is being synchronized...".  

enable-remotemailbox -identity “your name”-remoteroutingaddress

I followed option 2 from this webpage.
king daddyAuthor Commented:
Please see my longer comment about this solution.

enable-remotemailbox -identity “your name”-remoteroutingaddress
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.