MMSSPP does not synchronize Exchange mailbox and mail-enabled objects to the dedicated managed Office 365 environment

Article translations Article translations
Article ID: 2615447 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Microsoft Managed Services Service Provisioning Provider (MMSSPP) does not synchronize the mailbox and mail-enabled objects to the dedicated managed Microsoft Office 365 environment.

Cause

This issue occurs for one of the following reasons:
  • An error in the MMSSPP synchronization report causes mailbox provisioning to fail.
  • The mailNickname, target address, homeMDB or mail attribute has a problem that prevents MMSSPP from synchronizing the object. Or, the problem creates the wrong type of the object.
  • The object is in an organizational unit (OU) that is not within the scope of MMSSPP.
  • The object is filtered out by a custom MMSSPP filter.

Resolution

To resolve this issue, follow these steps:
  1. The configuration of MMSSPP varies for each customer based on the attributes, the automatic provisioning features (such as a New Hire rule), the filtering rules, the Lync services, the included OUs, and the included Simple Mail Transfer Protocol (SMTP) domains that the customer uses. This customization may affect the expected behavior when you change the OU, mail, targetAddress, and other Active Directory attributes. See the appropriate configuration sources for detailed information.
  2. A sync error report is generated and sent to customer contacts each day. The report describes any provisioning or sync errors.
    • Check this report for errors and then take any necessary actions. 
      For more information about MMSSPP synchronization error, click the following article number to view the article in the Microsoft Knowledge Base:  
      2590119 How to troubleshoot MMSSPP synchronization error messages
  3. If the sync error report contains no errors or if the error is not available, see the following table to make sure that the attributes are configured correctly.
    Note In the following table, references to a null value in an attribute signify that the attribute has no value, not that the literal value "null" is present in the attribute.
    Collapse this tableExpand this table
    AttributeMailboxMail enabled user
    MailNicknameRFC 821 defines the following characters as valid for prefixing mailNickname attributes:
    • Strings formed with characters from a to z (uppercase or lowercase)
    • Digits from 0 to 9, !, #, $, %, &, ', *, +, -, /, =, ?, ^, _, `, {, |, } or ~
    • One or more periods may be embedded in an alias. However, each period should be preceded and followed by at least one other valid character.
    • Unicode characters from U+00A1 to U+00FF are also valid in an alias. However, they will be mapped to a best-fit US-ASCII string in the email address that is generated from such an alias.
    • Spaces are not valid in a mailNickname attribute.
    RFC 821 defines the following characters as valid for prefixing mailNickname attributes:
    • Strings formed with characters from a to z (uppercase or lowercase)
    • Digits from 0 to 9, !, #, $, %, &, ', *, +, -, /, =, ?, ^, _, `, {, |, } or ~
    • One or more periods may be embedded in an alias. However, each period should be preceded and followed by at least one other valid character.
    • Unicode characters from U+00A1 to U+00FF are also valid in an alias. However, they will be mapped to a best-fit US-ASCII string in the email address that is generated from such an alias.
    • Spaces are not valid in a mailNickname attribute.
    MailThe mail attribute must be present and the suffix must be in your company’s inclusion list.The mail attribute must be present and the suffix can be either in or not in your company’s inclusion list.
    If the mail attribute suffix is in the company’s inclusion list, either the homeMDB or the targetAddress attribute must be present.
    If the mail attribute suffix is not in the company’s inclusion list, the homeMDB attribute must be null.
    Target addressIf the New Hire feature (see note following this table) is turned off, the source object must have a target address that has the suffix @mgd.customerdomain.com.

    If the New Hire feature is turned on, the source object’s targetAddress should be null.
    The targetAddress attribute should not contain @mgd.customerdomain.com.

    If the mail attribute suffix is in the company’s inclusion list, either the homeMDB or the targetAddress attribute must be present.

    If the mail attribute suffix is not in the company’s inclusion list, the target can be either present or null.
    Home MDBThe homeMDB and homeMTA attributes of the source object must be null. These values should exist only in the managed environment.The homeMDB attribute can be present or null.

    The homeMDB and targetAddress attributes are mutually exclusive, and one or the other must exist. If the homeMDB attribute is present, the targetAddress attribute must be null. If the homeMDB attribute is null, the targetAddress attribute must be present.
    Deprovisioning ruleVerify that the object does not have an explicit deprovisioning rule set, such as extensionAttributeX=removeMSOMailboxVerify that the object does not have an explicit deprovisioning rule set, such as extensionAttributeX=removeMSOMailbox
    OUVerify that the user object exists in an OU that is in your company’s OU inclusion list. Verify that the user object exists in an OU that is in your company’s OU inclusion list. 
    Custom filterVerify that the object does not have a custom filter value set, such as extensionAttributeX=nosync or nobpos.Verify that the object does not have a custom filter value set, such as extensionAttributeX=nosync or nobpos.
  4. If any changes are made, please wait two sync cycles for the mailbox to be provisioned.
  5. If the mailbox is not provisioned after two sync cycles or if no misconfiguration is found, escalate the issue to Microsoft for additional investigation.

Note MMSSPP includes a feature known as New Hire Rule. This feature automatically creates an O365 d/ITAR mailbox if the mailbox provisioning rules criteria are met. The default values for these rules are defined in detail in the O365 d/ITAR Provisioning Interfaces Guide. By default, this feature is disabled. However, customers can enable or disable the feature. 
  • If the feature is disabled, the targetAddress attribute suffix must be the same as the managed routing address suffix to create a new hire mailbox. 
  • When the feature is enabled, the targetAddress attribute does not have to be present to create a managed mailbox.  

More information

The steps that are listed in Resolution section assume that the reader is familiar with the following Active Directory tools to view user account attributes: 
  • Active Directory Service Interfaces Editor (ADSI Edit) tool
  • LDP tool (Ldp.exe)
For more information about the ADSI Edit tool, visit the following Microsoft TechNet website: 
http://technet.microsoft.com/en-us/library/cc773354(WS.10).aspx

For more information about the LDP tool, visit the following Microsoft TechNet website:
http://technet.microsoft.com/en-us/library/cc772839(WS.10).aspx

Properties

Article ID: 2615447 - Last Review: August 23, 2012 - Revision: 6.0
Applies to
  • Microsoft Business Productivity Online Dedicated
  • Microsoft Business Productivity Online Suite Federal
  • Microsoft Exchange Online
Keywords: 
vkbportal226 KB2615447

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com