Request help with issues related to O365 and on prem exchange user accounts (the action can't be performed on the object because the object is being synchronized...)

king daddy
king daddy used Ask the Experts™
on
So I am constantly getting this message when working in Office 365 and On-Prem (exchange 2013) EAC
"the action can't be performed on the object because the object is being synchronized..."

Like I go to run an Exchange PS command or do something through the GUI but can't. Some users show up on both sides and some only on one or the other. Very frustrating.

For example, I went to add myself as a moderator on a Distribution Group in O365 but I got the error above so I go over to the on prem (enterprise) EAC and when the window comes up displaying user accounts, I am not there.

Any ideas very much appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior Information Technology Consultant
Commented:
In a hybrid mode scenario where you still have on-prem Exchange you would need to make all changes on-prem - for example, using AD Users and Computers/Exchange.

Also, you "might" have synchronization issues that are brought on when the 1. UPN, 2. Primary SMTP Address and 3: ProxyAddresses attribute do not match.  This would actually lead to "duplicates" showing up in O365 or inability to make changes that replicate properly.  With each object having a unique targetdeliveryaddress using format:  userA365@domain.mail.onmicrosoft.com.

That message you are getting is specifically stating that you need to make changes on-prem side only.

Author

Commented:
Thanks, Brian (again). I have not yet seen any duplicates. There is only one dirsync error showing on O365 admin portal and it is some random email address.

Not really sure how to get it so that I can, for example, see my account on prem when editing objects (like adding myself to a group or as a moderator as mentioned above).
Brian MurphySenior Information Technology Consultant

Commented:
Well.... Just to make sure and when you say "see my account".... was your account created on-prem or does it only exist in O365?

You would have to create an on-prem account first and grant it local admin rights, sync, then make changes on-prem, sync.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Not sure where it was created. I replaced an admin and someone else created my account and they are now gone as well.

In EAC O365 my mailbox type is "user". My account is not listed in EAC Enterprise. I am thinking O365 based on  my observations below.

One thing I notice is that one user I am working on in EAC O365 has mailbox type of "user" but when listed in EAC Enterprise (you know, on prem) he has a mailbox type of "Office 365".

Another user in only listed in EAC O365 and has a mailbox type of "user". Again, not listed in EAC Enterprise.

Author

Commented:
I ended up doing this which solved the issue almost instantaneously.

To be clear, in EAC Office 365, I saw my user account and the mailbox type was "user". In EAC Enterprise (so my on-prem Exchange 2013 server), I DID NOT see my user account but expected to see it with a mailbox type of "Office 365". Because I was not listed on-prem, I was not able to add myself to groups or in the case of this particular task I was unable to add myself as a moderator to approve emails sent to an All Employees distribution list. I ran the following PowerShell command in the Exchange Management Shell on my on-prem Exchange 2013 server and as soon as I went to the EAC Enterprise portal, my user account was there with a mailbox type of "Office 365" and I was able to add myself to the distribution list as a moderator. Previously, my account did not even show up as a choice to add as a moderator from the on-prem EAC and when I was on the EAC Office 365, I would get the error "the action can't be performed on the object because the object is being synchronized...".  

enable-remotemailbox -identity “your name”-remoteroutingaddress firstinitiallastname@yourmigrateddomain365.mail.onmicrosoft.com

I followed option 2 from this webpage.

https://www.agileit.com/news/office-365-mailbox-hybrid-configuration/

Author

Commented:
Please see my longer comment about this solution.

enable-remotemailbox -identity “your name”-remoteroutingaddress firstinitiallastname@yourmigrateddomain365.mail.onmicrosoft.com

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial