When you want to change an email address on a Mailbox in Office 365 you get the following error message:
The operation on mailbox “<mailbox>” failed because it’s out of the current user’s write scope. The action ‘Set-Mailbox’, ‘EmailAddresses’, can’t be performed on the object ‘Stacey Brown’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.
This issue is caused by the fact you’re synchronizing user objects from a local Active Directory using DirSync or WAADSync, and you want to change properties in Office 365. This is not possible since the Source of Authority is your local Active Directory, and not Windows Azure Active Directory. This means you have to change all the user’s properties in Active Directory, including his email address.
The only proper way to do this is by changing the attributes in your local Exchange environment, preferably in a hybrid scenario, although a regular Exchange server will do as well.
However, you can do this (and a lot of admins actually do this) using ADSIEdit or the Attribute Editor in the Active Directory Users and Computers MMC snap-in.
Some more detail regarding this can be found in the article Microsoft Technet article How and when to decommission your on-premises Exchange servers in a hybrid deployment – https://technet.microsoft.com/en-us/library/dn931280%28v=exchg.150%29.aspx
A quote from this article:
The question of whether a third-party management tool or ADSIEDIT can be used is often asked. The answer is you can use them, but they are not supported. The Exchange Management Console, the Exchange Administration Center (EAC), and the Exchange Management Shell are the only supported tools that are available to manage Exchange recipients and objects. If you decide to use third-party management tools, it would be at your own risk. Third-party management tools often work fine, but Microsoft does not validate these tools.
Fellow Exchange MVP Brian Reid has written a blogpost on how to manage this in more detail: Creating Mailboxes in Office 365 When Using DirSync – http://www.c7solutions.com/2014/07/creating-mailboxes-in-office-365-when-using-dirsync
The best solution however is to have an Exchange server on-premises for managing the accounts, and it doesn’t matter if it’s configured in a hybrid scenario or not (although the first makes life a bit easier though).