How to create users and shared mailboxes in a Hybrid Exchange environment.
If you are running a hybrid environment, with Active Directory and Exchange on-premises together with Office 365 and Exchange Online, you should already know that you need to keep your Exchange Server(s) in order to be able to correctly manage your mailboxes as per https://docs.microsoft.com/en-gb/exchange/decommission-on-premises-exchange:
‘The Exchange Management Console, the Exchange Administration Center (EAC), and the Exchange Management Shell are the only supported tools that are available to manage Exchange recipients and objects.’
So, whilst you could just sync users to Azure AD and license them for an Exchange Online license which will create a mailbox, it will be difficult to manage the accounts, they will not appear in your on-premises EAC, and you will have to resort to the AD attribute editor or another tool in order to configure additional SMTP addresses etc, which is not supported. Not only that, if you are still routing mail via your on-premises servers, since the accounts will have no target address they won’t be able to receive email, and any non-migrated user will be unable to email them.
So, with this in mind, what is the correct way of creating users and shared mailboxes?
Using the EAC
Whilst you could use the good old EAC, this has significant drawbacks:
- You cannot create a mailbox for a pre-existing user in AD
- You can’t create an online archive at the same time, you would have to enable this later
- You cannot create an online shared mailbox at all using EAC
You shouldn’t have to modify your whole joiners and leavers process to work around these limitations, so you should do this the right (and easy) way, using PowerShell. Then you can always view the properties and modify them later if you are die hard GUI fan.
Using PowerShell
I accommodate the following commands into PowerShell scripts, typically importing CSV files in order to create multiple accounts at the same time. But here are the commands to get you started. These will create a user account in the OU specified, along with all the correct attributes. The mailbox will be created once the account has synced up to Azure AD.
Connect to your on-premises Exchange PowerShell first (note that the -shared switch requires 2013 or later).
Creating Users
New-RemoteMailbox -Alias auser-Name "Alex User" -FirstName Alex -LastName User -OnPremisesOrganizationalUnit "OU=MyOrg,DC=domain,DC=com" -SamAccountName auser -UserPrincipalName [email protected] -ResetPasswordOnNextLogon:$falsetest_shared,Test Shared,Test,Shared,[email protected]
$securePass = (ConvertTo-SecureString -String $newUser.Password -AsPlainText -Force)
Very useful, thanks
Hi, Very useful indeed. Thank you.
When i use the New-RemoteMailbox command with the -shared parameter (like in your example) the shared mailbox does not show up in Exchange online.
In Azure AD i can see that the AD account is synced, but it doesn’t show up in Exchange until i assign a license (which should not be needed for a shared mailbox).
Any ideas?
No a license is not required, are you looking on Recipients – shared tab in exchange admin?
Hi,
The mailbox didn’t show up in the shared tab also. But i deleted the AD account and made a new one (with new-RemoteMailbox -shared again). After the AD Connect sync it took about 15 minutes, but the new shared mailbox is now available.
Thank you
Pingback:Exchange hybrid - fixing shared mailboxes that were created as user mailboxes - Cloudrun