Active Roles does not grant some Exchange Online permissions using objectID
说明
When configuring mail forwarding for a user on Exchange Online, Active Roles is fetching the user's displayName instead of the ObjectID. Behind the scenes, it runs the following PowerShell cmdlet.
There will be some case scenarios where the user is not on-premises synced enabled and if the displayName doesn't match the object in Azure, the permission will not be granted.
原因
This issue is being tracked as Defect ID 449150.
解决办法
WORKAROUND
If possible, rename the account so that the on-prem Display Name, Common Name, and samAccountName all match.
STATUS
Waiting for fix in a future release of Active Roles.