Centrify Identity Service, App Edition
After federating a domain to Office 365 with Centrify O365 provisioning app, an administrator is no longer able to hide email addresses using the O365 administrator portal. The administrator receives the following error when attempting to use the “Hide from address list” checkbox:
Error: The operation on mailbox “<username>” failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'HiddenFromAddressListsEnabled", can't be performed on the object ‘<username>’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.
When viewing the object in Active Directory Attribute Editor or ADSI there is not a msExchHidefromAddressLists attribute available.
Centrify provisioning can only provision attributes that exist in the Active Directory schema to Office 365. When an on-premise Exchange server is added, the schema is extended in Active directory to add the msExch attributes. If these attributes do not exist, then an administrator will need to extend the schema in Active Directory to include these. More information on doing this can be found here:
(Url provided as courtesy and subject to change)
Extend the Active Directory schema with the Exchange attributes. The msExchHidefromAddressLists attribute will then be available in Active Directory. After modifying the attribute Centrify will start provisioning the attributes to Office 365.
For additional information not covered in this guide or troubleshooting assistance, please review Centrify Online Help or visit the Customer Support Portal at https://www.centrify.com/support/customer-support-portal/