Hey everyone,
I'm facing a bit of a head-scratcher while trying to clean up some old domains from my company. I've successfully removed a domain suffix as a proxy address for around 5000 objects, but I'm stuck with a couple of issues concerning cloud-based distribution groups.
Here's the deal: I've noticed that there are two distribution groups that show the proxy address in the Azure Active Directory (AAD) object, but it's nowhere to be found in their Exchange objects. Since these groups are fully cloud-native with no AAD sync involved, I thought I could just tidy things up via PowerShell commands.
When I run `Get-DistributionGroup -Identity | Select -ExpandProperty EmailAddresses`, it doesn't list the proxy address I want to remove. However, when I check using `Connect-MgGraph`, I can see the proxy address in the related output. When I attempt to remove it with the `Update-MgGroup` command, I keep hitting a wall with an "Insufficient privileges" error, despite being a global and Exchange admin.
I've tried getting guidance from various sources, including ChatGPT, but it's been a frustrating back and forth without resolution. Has anyone else encountered this issue and found a solution?
3 Answers
I remember reading about a similar issue where people had to temporarily add back the old domain in Azure to remove any lingering attributes after a name change. Unfortunately, I don’t have more details, but it's something worth looking into. Let me know if I can help further!
When I've dealt with stubborn proxy addresses, I've manually added the old address back as the primary SMTP address, swapped it around, and synced a few times. It usually gets rid of the phantom entries in the end, but it does take some patience, especially with non-synced objects like yours.
That's an interesting approach! I gave it a shot, but I encountered an error that the email is still in use, even though it doesn’t show up in Exchange Online.
Just a heads-up about the ProxyAddresses property in mggraph – it’s actually read-only. That's probably why you're having a tough time updating it. It's frustrating to have an 'update' command with read-only values, but that seems to be the reality with the current tools.
Thanks for clarifying! Now it makes sense why I'm stuck, but I still need a workaround to fix this.
Thanks mate. The old domain is still active in O365/Azure, so I haven't deleted it yet.