An Azure Active Directory Call Was Made

An Azure Active Directory Call Was Made ...

When trying to edit user or mailbox properties in Office 365, you may receive the following error message:

An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration. RequestId : 65d18140-0329-49a6-a95a-7587016d6f0a The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information.

The underlying problem is that you’re trying to modify properties in Office 365 for which your local Active Directory is authoritative.

Properties synchronized from your Active Directory to your Office 365 must be maintained in your Active Directory.

This not only includes properties like given name and surname. Also, various mail properties like mail address and hide from address lists are authoritative in Active Directory even though your mailbox is hosted in Office 365!

What’s Causing This Confusion?

Many admins are confused by the integration between their local Active Directory and Azure/Office 365  – and with good reason!

Consider the following examples:

  • To configure user name and phone number, you must use Active Directory
  • To configure email addresses, you must use the On-Premises Exchange Admin Center
  • To assign an Exchange license/mailbox, you must use the Microsoft 365 Admin Center (or the Azure Portal)
  • To configure mailbox delegation, you must use the Office 365 Exchange Admin Center
  • To configure mailbox quotas, you must use Exchange Online PowerShell

That’s right! We’re configuring a single user/mailbox – but each of these five changes is done via five different tools/interfaces!

How to Solve This Error Once and for All

To greatly simplify your admin life, install Easy365Manager – a small, lightweight snap-in for Active Directory Users & Computers.

Using Easy365Manager, you can configure all of the above properties in one place:

  • Email addresses are now available in user properties
  • Office 365 licenses (all of them) are now available in user properties
  • Office 365 mailbox delegation is now available in user properties
  • Office 365 mailbox quotas are now available in user properties

Check out the following screenshots to see how Easy365Manager integrates all this information in AD user and group properties:

Easy365Manager Office 365 user properties
User properties - Office 365 tab
Easy365Manager user properties, Office 365 mailbox management inside Active Directory
User properties - Mailbox tab

If you install Easy365Manager, you will be managing all daily tasks related to AD users and Office 365 mailboxes and licenses in one place: AD Users & Computers (well-known by all admins).

In the below example an Office 365 license is assigned to enable an Office 365 mailbox – directly from user properties:

Create an Office 365 mailbox using Easy365Manager

The benefits are obvious:

  • You no longer need to worry if AD or Office 365 is authoritative
  • You don’t need to switch between multiple admin tools constantly

And as an added bonus:

Watch how you can download, install and configure Easy365Manager in a few minutes:

To try out Easy365Manager download your fully functional 30-day trial here.

Did you like this post? Maybe your friends will too!