An Azure Active Directory call was made to keep object in sync

Adding an alias to a mailbox shows the error: Error executing request. An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration. DualWrite (Graph) RequestId: 21a9bbca-d90a-4bff-b759-9a4c826c639c The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information.

In this article, you will learn why this happens and the solution for an Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online.

Table of contents

Introduction

Let’s look at when the error shows up: Error executing request. An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed.

  1. Sign in to Exchange admin center
  2. Expand Recipients and click on Mailboxes
  3. Select the Mailbox
  4. Click on Add email address type
  5. Fill in the Email address
  6. Click on Save

In our example, we did add the alias address: K.Grant@exoip.com.

An Azure Active Directory call was made to keep object in sync add alias

The email address type update failed, and the error shows:

Error
Error executing request. An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration. DualWrite (Graph) RequestId: 21a9bbca-d90a-4bff-b759-9a4c826c639c The issue may be transient and please retry a couple of minutes later. If issue persists, please see exception members for more information.

An Azure Active Directory call was made to keep object in sync error

User is synchronized with your local Active Directory

Let’s have a look at the user in Microsoft 365 admin center, follow these steps:

  1. Sign in to Microsoft 365 admin center
  2. Expand Users and click on Active users
  3. Select the User
  4. Click on Manage username and email

You can’t add an alias address, and the Add button is greyed out. That’s because the user is synchronized with your local Active Directory, and you have to add the aliases on-premises and not in the cloud.

This user is synchronized with your local ‎Active Directory‎. Some details can be edited only through your local ‎Active Directory‎.

Solution for an Azure Active Directory call was made to keep object in sync

The solution is to add the alias address in Exchange Admin Center on-premises. After that, sync with Azure AD Connect, and it will show the alias address in the cloud. Suppose you don’t see the mailbox on-premises; there are couple more steps involved. Let’s look at that below.

Office 365 mailbox not showing on-premises

Read more in the article Office 365 mailbox not showing in Exchange Hybrid on-premises.

Run Exchange Management Shell as administrator and run the following three cmdlets.

Step 1. Run Enable-MailUser cmdlet to mail-enable the user that isn’t already mail-enabled.

[PS] C:\>Enable-MailUser -Identity "Kevin.Grant@exoip.com" –ExternalEmailAddress "Kevin.Grant@exoip365.mail.onmicrosoft.com"

Name            RecipientType
----            -------------
Kevin Grant     MailUser

Do you get an error after running the above cmdlet? Read the article ExchangeGuid is mandatory on UserMailbox.

Step 2. Run Enable-RemoteMailbox cmdlet to link the cloud mailbox in the cloud-based service for the existing user in the on-premises Active Directory.

[PS] C:\>Enable-RemoteMailbox "Kevin.Grant@exoip.com"

Name            RecipientTypeDetails     RemoteRecipientType
----            --------------------     -------------------
Kevin Grant     RemoteUserMailbox        ProvisionMailbox

Step 3. Force sync Azure AD Connect with PowerShell.

PS C:\> Start-ADSyncSyncCycle -PolicyType Delta

Add email address in Exchange admin center

Add the email address to the mailbox in Exchange on-premises:

  • Sign in to on-premises Exchange Admin Center
  • Double-click the mailbox to open properties
  • Click on email address
  • Add the email address
  • Uncheck the box Automatically update email addresses based on the email address policy applied to this recipient
  • Click on Save
An Azure Active Directory call was made to keep object in sync add alias on-premises

After adding the alias address, Force sync Azure AD Connect with PowerShell.

PS C:\> Start-ADSyncSyncCycle -PolicyType Delta

The alias address shows up in the Microsoft 365 admin center.

An Azure Active Directory call was made to keep object in sync alias added

Everything looks great!

Read more: Send from Alias in Office 365 »

Conclusion

You learned why the error An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online shows up. The solution to this problem is to add the alias address from on-premises Exchange Server.

If the mailbox isn’t shown on-premises, run both the Enable-MailUser and Enable-RemoteMailbox cmdlets against the on-premises Active Directory user. After that, the Office 365 mailbox shows up in the on-premises Exchange Server. As of last, add the alias address to the mailbox from Exchange on-premises.

Did you enjoy this article? You may also like Send from Alias in Office 365. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

TwitterLinkedIn

What Others Are Reading

This Post Has 4 Comments

  1. I have got the same error but my setup differs. There is no on premise Exchange only Active Directory with users synced to Azure AD through Azure AD Connect. I have added the proxy addresses to the on-premise user but these did not show up in Azure or in EAC after triggering a sync. The domains are owned and registered in azure ad as well as in EAC. I am out of ideas right now…

    Reply

    1. My fault: you have to add the prefix smtp: to the email addresses. Capital letters SMTP: for the primary email address.

      Reply

  2. ALI TAJRAN,
    I found your post and I thought I finally found the answer ive been looking for. However. I do not have an on-premise Exchange. In fact I do not use Exchange but I still get the same exact error you get when I try to edit the proxyaddress. I have a student whose name changed 5 years ago but the “initial domain” email address still has the old username (oldname@ourdomain.org.onmicrosoft.com). Any idea how I can edit this email?
    Thank you

    Reply

    1. I believe you should open Exchange Online at admin.exchange.microsoft.com, find and select the mailbox in question. In the General tab for the selected mailbox, look for ’email addresses’ and click the ‘manage email address types’. Click ‘Add email address type’ and enter the email address you want to be users default primary email address, e.g. John. In the dropdown list to the right, chose the domain you want to use, e.g. contoso.com Now you have John@contoso.com
      Check ‘make this the reply address’ check box and click OK. All done.

      If the drop down list for domains does not show the domain you want to use, you need to add and verify this domain at https://admin.microsoft.com/Adminportal/Home#/Domains

      Reply

Leave a Reply

Your email address will not be published.