Troubleshooting GALSYNC: Exchange 2010 Provisioning Updating 'mail' Attribute error exported-change-not-reimported

​Issue

We want to rename the mail attribute givenName.maidensn@contoso.com to givenName.marriedsn@contoso.com for a cross forest mail contact. We successfully export the change to AD, but on the confirming delta import we see "exported-change-not-reimported."

Cause

In this case we are provisioning for Exchange 2010, so update-recipient is applying the highest priority non-excluded Exchange policy.

Troubleshooting

It is possible this could have been resolved by flowing the policy GUID to 'msExchPoliciesExcluded' attribute. The problem with this is we had custom policies that needed to be applied, and could not be excluded indefinitely.

Solution

It was discovered upon analyzing the Exchange Policy that the 'mail' attribute could not be modified. Instead the policy uses the 'targetAddress' to write the 'mail' attribute. We resolved the issue by creating a rules extension for the target management agent. Simply, we concatenate "SMTP" with the value of the 'mail' attribute. Since the MV value for 'mail' is givenName.marriedsn@contoso.com, we will need to use this for updating the csentry for 'targetaddress' to achieve the desired result.

Configuring Export Attribute Flow using the above extension via Advanced mapping resolved the issue. Update-recipient fired and applied the Exchange policy to set the mail attribute to include the new married name.