After completing hybrid setup with Office 365 tenant, we will change the mail routing from our existing Anti-Spam solution to Exchange Online Protection a.k.a EOP in most of the cases. Once we changed the mail routing to EOP few or many users might complain that the partner of our company or any external domain users sends an email to few addresses, they are getting the bounce back email with the following message
|Your message to firstname.lastname@example.org couldn’t be delivered.|
|alias wasn’t found at companydomain.com.
With the following error message
This might be because of few reasons
- The specified object is not synced with Office 365 through DirSync
- Domains which are added in the O365 domains are set to Authoritative
- Mail enabled Public Folders are not synced to O365
We can resolve the above mentioned issue in many ways. You can choose the appropriate one from the suggested solution below based on your requirement in the organization
If you can sync those object to O365 then this method is highly recommended since it will create a mail contact in O365. While processing the message, O365 server will route the message to our hybrid server.
- If the complete OU is not synced with Azure and you want to enable it now due to this reason, then please run a full sync again to complete the process. You can follow this article to run a manual sync – https://blogs.technet.microsoft.com/rmilne/2014/10/01/how-to-run-manual-dirsync-azure-active-directory-sync-updates/
- If you want to sync only few object from the OU then recommended way is to create a new OU with sync enabled and move those object to it. Run a full manual sync to complete it
- It is always recommended to make O365 domains set to “Internal Relay” instead of “Authoritative” until you migrate all the objects to cloud. By doing this we can ensure that if there are any new objects which got created in on-prem but yet to be synced with cloud will also able to receive emails. O365 will route those emails to hybrid even if it is not resolved in cloud by assuming that it will be available in our exchange server. Our server will then decide to deliver or generate NDR since it is an authoritative server for the transaction
- Please make sure the mail enabled public folders are synced with cloud. You can follow this article to double check the same – https://technet.microsoft.com/en-us/library/dn249373(v=exchg.150).aspx
- If you do not want to follow any of these method you can simply create a mail contact for that object in cloud however this is not recommended as we are going to move all the object to cloud in the near future anyway 🙂
So next time if you face this issue please consider any of these method as a part of your troubleshooting steps. This method will be applicable only to those mailboxes, PF, mail contacts which were receiving mails without any issues before the mail routing cut off to EOP. If you come across any other method which I left out then please let me know through comment below. Happy troubleshooting 🙂