Introduction
For one of my clients, the following problem occured.
We have a distribution group setup in Active Directory that contains all members and is automatically added when we create a new user.
The distribution group is synced to Office365 and the client uses it to send emails to all users. The client wants to prevent people from outside of the company to email this distribution group. In Office365, the distribution group is set to allow both local and external emails, but the setting cannot be changed because the group is managed from AD through sync.
I did my research and the Attribute msExchRequireAuthToSendTo needs to be set to TRUE in Active Directory, then synched to Office365 to alter the setting in Office365.
I went to the distribution list in Active Directory, went to the attribute editor (tried ADSI too) but the setting was missing. Research lead me that a basic Exchange installation is required. My boss did not want to perform an exchange install, but manually added the files required to get the exchange attributes in ADSI.
He used the method described in this link, 2nd solution, but skipped the exchange install part, and did the manual part as described further in that article.
The Problem
I have the settings now in Active Directory, and I altered it as it should work, but Azure AD Connect does not sync these specific properties. It does not throw me any error either.
If I open the Azure AD Connect settings tool, I see that the settings are indeed checked to be synchronized. I have refreshed the directory scheme too, but no avail.
ldap shows that the setting is indeed set to TRUE, so everything indicates that the attributes are really there.
When I go to the Azure AD Synchronization Service, and I go to the Multiverse Search, and I open the distribution list, I can see exactly what it syncs, but the msExchRequireAuthToSendTo is not listed here.
I tried it with msExchHideFromAddressList but that doesn't work either.
I created a new distribution list with no members in it, set the msExchRequireAuthToSendTo to TRUE and synchronized, and in the Metaverse Search, the object is synchronised but again, without the msExchRequireAuthToSendTo setting.
This image is from the original group
I tried IdFix, but that only lists members, not distribution lists.
What am I missing here? Any tips of what I can try?
When you make changes to the Active Directory schema (such as extending it for Exchange), you need to run the AD Connect configuration wizard and select the option to refresh the AD Schema, which exists precisely for this purpose.