Not able to set primary SMTP address for exchange

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

From ISC, I am able to create a user’s Exchange account by passing the following attributes. However, I’ve noticed that in Exchange, the primary SMTP address is automatically switched to the default domain (abc.org) instead of the one provided during provisioning.

Attribute set passed by AD connector:
mailNickname: sb666310
mail: Exchange110.Test@pqr.org
proxyAddresses: SMTP:Exchange110.Test@pqr.org
userPrincipalName: sb666310@abc.org

Here we want to set “Exchange110.Test@pqr.org” primary SMTP address.
Value on Exchange :

email : Exchange110.Test@abc.org
proxyAddresses : SMTP:Exchange110.Test@abc.org, smtp:Exchange110.Test@pqr.org,smtp:sb666310@abc.org

Could you please advise why this change occurs and if there is a way to retain the intended primary address?

2

My gut is saying this change is being done by a setting in AD/Exchange, not by ISC. You might want to check your Email Addresses Policy.

3

@Ankit_002 -

This is a known Exchange behavior and not a SailPoint-specific issue.
Let’s unpack what’s happening and how you can retain the intended primary SMTP address (@pqr.org) instead of it defaulting to @abc.org.

:magnifying_glass_tilted_left: Root Cause

In your setup:

Attribute Value
mailNickname sb666310
mail Exchange110.Test@pqr.org
proxyAddresses SMTP:Exchange110.Test@pqr.org
userPrincipalName sb666310@abc.org

When the user is mail-enabled or mailbox-enabled in Exchange Online / On-prem Exchange hybrid, the Email Address Policy (EAP) applies automatically after mailbox creation.

By default, Exchange enforces an email policy that sets:

Primary SMTP = <alias>@defaultAcceptedDomain

That’s why even though you provisioned Exchange110.Test@pqr.org, Exchange rewrote it to:

Primary: Exchange110.Test@abc.org
Aliases: Exchange110.Test@pqr.org, sb666310@abc.org

:gear: Why It Happens

Exchange automatically applies its default email address policy to every new mailbox, unless:

  1. The “Automatically update email addresses based on the email address policy applied to this recipient” flag is unchecked.

  2. The domain pqr.org is not set as the default accepted domain in Exchange.

  3. The provisioning system (like SailPoint) doesn’t override the default behavior post-creation.

:white_check_mark: Recommended Fix Options

Option 1 — Disable automatic EAP update

In Exchange Admin Center or PowerShell, uncheck:

Automatically update email addresses based on email address policy

Or via PowerShell:

Set-Mailbox sb666310 -EmailAddressPolicyEnabled $false

Then set your intended primary SMTP:

Set-Mailbox sb666310 -PrimarySmtpAddress Exchange110.Test@pqr.org

You can also include this as a post-provisioning PowerShell or API call triggered from SailPoint.

Option 2 — Update the Email Address Policy

If all users in your organization need non-default domains:

  1. Go to Exchange Admin Center → Mail Flow → Email Address Policies

  2. Edit or create a policy to include both domains, and set the proper domain (pqr.org) as the primary for applicable users (using filters like OU or CustomAttribute).

:brain: Summary

Step Action Responsible System
1 User created in AD with UPN = abc.org SailPoint / AD Connector
2 Mailbox enabled → Exchange applies default EAP Exchange
3 Exchange overwrites primary SMTP Exchange
4 Fix: Disable EAP auto-update or set primary SMTP post-creation Exchange / SailPoint Post-Op Rule

:magic_wand: Recommendation for SailPoint Integration

Implement a “Post-Mailbox-Creation Fix” either via:

  • PowerShell provisioning step (if hybrid)

  • Manual or automated policy exclusion for certain OUs/domains

Cheers!!!

1 Like
4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.