Wednesday, November 27, 2013

Converting a Mail User to a Remote User Mailbox

I have an client with an existing Office 365 implementation and a separate on-premises Exchange organization. As part of linking these two together into hybrid mode, the local AD account became a Mail User.

A Mail User is a local AD account with an external SMTP address configured. This allows the user to have an email address in the GAL, but is not a local Exchange mailbox.

To move mailboxes, this Mail User needs to be configured as a Remote User Mailbox. A Remote User Mailbox also has a proper remote routing address property configured.

I couldn't find any documentation on performing this process. However, I did find a script that indicates it fixes up user accounts when a mailbox move to Office 365 does not complete properly. I used this script to identify the changes that needed to be made.

The script is here:
The changes that need to be made are:
  1. Configure the user attribute targetaddress to contain the remote routing address for the mailbox. This should be in the format of userid@domain.mail.onmicrosoft.com. In my case it would have been testmailbox@byronwright.mail.onmicrosoft.com.
  2. Set the msExchRemoteRecipientType attribute for the user account to equal 4.
  3. Set the msExchRecipientDisplayType attribute for the user account to equal -2147483642. (yes, this is a negative value)
  4. Set the msExchRecipientTypeDetails attribute for the user account to equal 2147483648.
Those steps changed the Mail User to a Remote User Mailbox. However, I was still unable to move the mailbox from Office 365 to the on-premises Exchange. This was due to the ExchangeGUID attribute not being set properly on the local user account. To fix this, I performed the following:
  1. In Office 365: get-mailbox testmailbox | fl ExchangeGUID
  2. In on-premises Exchange: set-remotemailbox testmailbox -ExchangeGUID 12345678-1234-1234-1234-123456789abc (note GUID is from step 1)
After setting the ExchangeGUID moves to the on-premises Exchange worked properly.

UPDATE: See a similar procedure for room mailboxes at: http://byronwright.blogspot.ca/2014/06/putting-office-365-room-mailboxes-in.html 

UPDATE: While the above seemed like a good procedure at the time. I've since become aware that you can use Enable-RemoteMailbox in this same scenario to fix up the local mail users to remote user mailboxes. For a script to do it on a whole OU, see here: http://byronwright.blogspot.ca/2014/10/script-to-resolve-error-when-running.html

8 comments:

  1. Thank you. This was very helpful!

    ReplyDelete
  2. Thanks for the info. Be aware that if you are in hybrid mode then the enable-remotemailbox must be used along with the set-remotemailbox with the ExchangeGUId of the cloud mailbox being the parameter

    ReplyDelete
    Replies
    1. Under normal circumstances the Exchange GUID should be synced back from Azure AD to on-premises AD by Azure AD Connect. We should only need to manually set the Exchange GUID if sync is broken somehow or we forgot to enable the Exchange hybrid option in Azure AD Connect.

      Delete
  3. Thanks man, doing steps A1-A4 also solved an issue for me where it was not possible to send a user mails from an external domain.

    ReplyDelete
  4. @Byron Wright. Your statement from above, "We should only need to manually set the Exchange GUID if sync is broken somehow or we forgot to enable the Exchange hybrid option in Azure AD Connect". I completed a migration from On-Prem 2013 to O365 with plans of decommissioning exchange on-prem as to not have a hybrid setup. We used MigrationWiz to migrate mailboxes. Once migrated, all looked good. I ran powershell to enable archive for all users in the cloud. This "broke" 7 users that had exchange on-prem archive enabled. I have found instructions to change the on-prem archive GUID to match O365. All instructions point to update the msExchRemoteMailbox attributes in AD. However, all my users are UserMailboxes in exchange as hybrid wasn't setup. I need to get these users GUID's changed and allow or re-run migration? So that the archive will migrate? Or maybe have them save their archive PST and then once the GUID's match on both on-prem and O365, then add the archive PST back in Outlook and it will "upload" to their cloud archive space? May try what you have above on a test account and see what happens. Any and all recommendations and suggestions welcome as I'm not finding a clear cut answer to my situation, which I'm guessing has been an issue for some before me. Thanks in advance.

    ReplyDelete
    Replies
    1. Adding my account so I can be notified if I get a response. Thanks again.

      Delete
    2. Are you using Azure AD Connect to sync your local AD to Azure AD? If so, there is a GUID used for the archive mailbox that's in your local AD that will sync up to Azure AD. It will cause issues when you attempt to enable the Archive Mailbox in Exchange Online because the GUID in the Azure AD user won't match the GUID in Exchange Online.

      Even if you don't have hybrid, the instructions you found for the archive mailbox GUID should work. It's really about syncing AD to O365 rather than hybrid. It's just that hybrid aways has syncing.

      Delete