Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. MMSSPP doesn't synchronize Exchange mailbox and mail-enabled objects with the dedicated managed Office 365 environment

MMSSPP doesn't synchronize Exchange mailbox and mail-enabled objects with the dedicated managed Office 365 environment

View products that this article applies to.

Symptoms

Microsoft Managed Services Service Provisioning Provider (MMSSPP) does not synchronize the Microsoft Exchange mailbox and mail-enabled objects with the dedicated managed Microsoft Office 365 environment.

↑ Back to the top

Cause

This issue occurs for one of the following reasons:
  • An error in the MMSSPP synchronization report causes mailbox provisioning to fail.
  • The mailNickname, target address, homeMDB, or mail attribute has a problem that prevents MMSSPP from synchronizing the object. Or, the problem creates the wrong kind of object.
  • The object is in an organizational unit (OU) that is not within the scope of MMSSPP.
  • The object is filtered out by a custom MMSSPP filter.

↑ Back to the top

Resolution

To resolve this issue, follow these steps:

↑ Back to the top

  1. The configuration of MMSSPP varies for each customer based on the attributes, the automatic provisioning features (such as a New Hire rule), the filtering rules, the Lync services, the included OUs, and the included Simple Mail Transfer Protocol (SMTP) domains that the customer uses. This customization may affect the expected behavior when you change the OU, mail, or targetAddress attribute or other Active Directory attributes. See the appropriate configuration sources for detailed information.
  2. A sync error report is generated and sent to customer contacts each day. The report describes any provisioning or sync errors. Check this report for errors, and then take any necessary actions.

    For more information about MMSSPP synchronization errors, click the following article number to view the article in the Microsoft Knowledge Base:
    2590119 How to troubleshoot MMSSPP synchronization error messages
  3. If the sync error report contains no errors, or if the error is not available, see the following table to make sure that the attributes are configured correctly.

    Note In the following table, references to a null value in an attribute signify that the attribute has no value, and not that the literal value "null" is present in the attribute.
    AttributeMailboxMail-enabled user
    MailNicknameRFC 821 defines the following characters as valid for prefixing mailNickname attributes:
    • Strings that are formed by using characters from a to z (uppercase or lowercase)
    • Digits from 0 to 9, !, #, $, %, &, ', *, +, -, /, =, ?, ^, _, `, {, |, }, or ~
    • One or more periods may be embedded in an alias. However, each period should be preceded and followed by at least one other valid character.
    • Unicode characters from U+00A1 to U+00FF are also valid in an alias. However, they will be mapped to a best-fit US-ASCII string in the email address that is generated from such an alias.
    • Spaces are not valid in a mailNickname attribute.
    		RFC 821 defines the following characters as valid for prefixing mailNickname attributes:
    • Strings that are formed by using characters from a to z (uppercase or lowercase)
    • Digits from 0 to 9, !, #, $, %, &, ', *, +, -, /, =, ?, ^, _, `, {, |, }, or ~
    • One or more periods may be embedded in an alias. However, each period should be preceded and followed by at least one other valid character.
    • Unicode characters from U+00A1 to U+00FF are also valid in an alias. However, they will be mapped to a best-fit US-ASCII string in the email address that is generated from such an alias.
    • Spaces are not valid in a mailNickname attribute.
    MailThe mail attribute must be present, and the suffix must be in your company’s inclusion list.The mail attribute must be present and the suffix can be either in or not in your company’s inclusion list.
    If the mail attribute suffix is in the company’s inclusion list, either the homeMDB or the targetAddress attribute must be present.
    If the mail attribute suffix is not in the company’s inclusion list, the homeMDB attribute must be null.
    Target addressIf the New Hire feature is turned off, the source object must have a target address that has the suffix @mgd.customerdomain.com. (For the New Hire feature, see the note that follows this table.) 

    If the New Hire feature is turned on, the source object’s targetAddress attribute should be null.    		The targetAddress attribute should not contain @mgd.customerdomain.com.

    If the mail attribute suffix is in the company’s inclusion list, either the homeMDB or the targetAddress attribute must be present.

    If the mail attribute suffix is not in the company’s inclusion list, the target can be either present or null.
    Home MDBThe homeMDB and homeMTA attributes of the source object must be null. These values should exist only in the managed environment.The homeMDB attribute can be present or null.

    The homeMDB and targetAddress attributes are mutually exclusive, and one or the other must exist. If the homeMDB attribute is present, the targetAddress attribute must be null. If the homeMDB attribute is null, the targetAddress attribute must be present.
    Deprovisioning ruleVerify that the object does not have an explicit deprovisioning rule set, such as extensionAttributeX=removeMSOMailbox.Verify that the object does not have an explicit deprovisioning rule set, such as extensionAttributeX=removeMSOMailbox.
    OUVerify that the user object exists in an OU that is in your company’s OU inclusion list. Verify that the user object exists in an OU that is in your company’s OU inclusion list.
    Custom filterVerify that the object does not have a custom filter value set, such as extensionAttributeX=nosync or nobpos.Verify that the object does not have a custom filter value set, such as extensionAttributeX=nosync or nobpos.
  4. If any changes are made, wait two sync cycles for the mailbox to be provisioned.
  5. If the mailbox is not provisioned after two sync cycles, or if no misconfiguration is found, escalate the issue to Microsoft for additional investigation. You can provide or may be asked to provide an Active Directory dump file for the affected objects. For more information about Active Directory tools, see the More Information section.

Note MMSSPP includes a feature known as New Hire Rule. This feature automatically creates an Office 365 dedicated/ITAR mailbox if the mailbox provisioning rules criteria are met. The default values for these rules are defined in detail in the Office 365 dedicated/ITAR Provisioning Interfaces Guide. By default, this feature is disabled. However, customers can enable or disable the feature. 
  • If the feature is disabled, the targetAddress attribute suffix must be the same as the managed routing address suffix to create a new hire mailbox.
  • When the feature is enabled, the targetAddress attribute does not have to be present to create a managed mailbox.

↑ Back to the top

More Information

The steps in the "Resolution" section assume that the reader is familiar with the following Active Directory tools.

View object attributes: Export object attributes:For example:
$FormatEnumerationLimit=-1
csvde -d "DN OF Account" -f accountname.csv 
csvde -d "DN OF Account" -f accountname.txt

↑ Back to the top

Keywords: kb, pscommand, uacrossref, kbcrossrefol, vkbportal250, vkbportal226

↑ Back to the top

Article Info
Article ID : 2615447
Revision : 2
Created on : 11/22/2019
Published on : 11/22/2019
Exists online : False
Views : 316