none
Azure AD writeback causing issues with on premise legal hold RRS feed

  • Question

  • We are in a hybrid state with federation and have Azure AD write back enabled in AADsync.  In our on premise exchange we have several mailboxes that are in legal hold.   I have removed them from legal hold and deleted the search query but then after AAD sync runs (every 30 minutes).  The on premise mailboxes appear to be back on legal hold.  

    Digging into this I can see the AADsync is writing back the msExchUserHoldPolicies attribute so local exchange thinks those mailboxes are still on hold when this happens, even though the guid that is written back to that attribute no longer corresponds to any legal hold as I have deleted it.  

    How can we stop AADsync from writing that attribute back to our on premise AD objects?  I have tried clearing the Azure AD attribute that holds this value (InPlaceHoldsRaw) but it will not allow me to manipulate it.  This is stopping me from removing any users from legal hold status and their mailboxes keep growing because deleted items never get deleted.  Thanks.


    Rich

    Thursday, February 9, 2017 5:28 PM