I recently had a problem with an Exchange Online tenant. There was an external mail contact which was previously synchronised from Active Directory to Exchange Online. So I had deleted the on-premise active directory mail contact but it still existed in Exchange Online. When I tried to delete the contact it gave the following errror message.
The action ‘Remove-MailContact’, ‘Identity’, can’t be performed on the object ‘Sean OFarrell ‘ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.
To trouble shoot this issue you can do a couple of things to ensure the external contact does not exist in your on premise Active Directory.
- Perform a custom search in ADUC: Search Syntax : proxyaddresses=SMTP:sean.ofarrell@contoso.com
- Search the WAAD Mettaverse
- Run this command on the Exchange Onpremise management shell
remove-mailcontact sean.ofarrell@contoso.com
So if after running all of the above steps you cannot find the external contact which is causing the issues. You do the following.
- In Exchange Online Run this command : get-mailcontact sean.ofarrell@contos.com | fl
- Take note of the attribute value: ExternalDirectoryObjectId
- In this example the externaldirectoryobjectid is 2cb3d9c7-cb29-439f-8174-6c80dd9fe6e8
- Then connect to Windows Azure Ad via Powershell and run this command
get-msolcontact -objectid 2cb3d9c7-cb29-439f-8174-6c80dd9fe6e8 | remove-msolcontact
Problem solved. Now run a delta sync on your WAAD server and everything will work fine.
Microsoft Information Protection 