This is a common issue I’ve seen with help desk users not following established processes, or just not having the knowledge to create shared mailboxes properly.
As detailed in our post Creating users and shared mailboxes in an Exchange hybrid environment – Cloudrun, shared mailboxes are best created using on-prem Exchange PowerShell, with the New-Remotemailbox -Shared command. You could also create them as shared mailboxes in Exchange on-prem and migrate them, but that is unnecessary.
Issues can occur when something like this is done:
- Create the mailbox as an Office 365 mailbox in Exchange on-prem EAC. This will be a normal user mailbox.
- Disable the user account in AD
- Wait until it syncs, convert the mailbox to shared in Exchange online.
This causes a problem, because Exchange on-prem thinks that it is still a user mailbox, and it will be listed under mailboxes in the on-prem EAC, rather than under shared mailboxes, because the AD attributes have been set incorrectly. I have seen this cause licensing and permissions errors. There is no simple way to fix this error, since it the Exchange on-prem EAC has no way to convert from remote user to remote shared mailbox. There is no PowerShell command either.
The only supported Microsoft way to fix this is to migrate the mailbox back to on-prem, convert it to shared, and then migrate to Exchange Online again. This is pretty ridiculous, so fortunately there is an easy way of fixing it by modifying the AD attributes. Obviously this is unsupported so use at your own risk.
First, make sure Advanced Features are enabled in ADUC, find a shared mailbox which has been created correctly, open it and open the attributes tab. Then do the same with the incorrectly created mailbox which is showing on the mailboxes section of the EAC. Check the attribute values which will probably be as below:
AD Attribute value | Shared mailbox | User mailbox |
msExchRecipientDisplayType | 34359738368 | 2147483648 |
msExchRecipientTypeDetails | 100 | 1 |
So, update the user mailbox which should really be a shared mailbox, to match the values on the shared mailbox on the left. The two attributes are highlighted below:
Note: for a complete of all the recipient type attribute values in AD, see Exchange Recipient Type Values in Active Directory – Cloudrun.
Once you have done that, return to the on-prem EAC, refresh the view on the mailboxes tab, then refresh on the shared tab, and they should now appear correctly. Once AD Connect sync has run, any issues should be resolved.
Pingback:Exchange Recipient Type Attribute Values in Active Directory - Cloudrun
The values in the table are incorrect than what is shown in the screenshot.
I had a different issue. These were users that were some how labled as shared mailboxes on the On Prem then migrated to 365. On 365 they just showed up as user mailboxes and the email had it’s own address added to delegates. Hilarious. Going into AD and changing the attributes to the User type fixed the issue. Absolutely no issues on the users end.
THANK YOU!
That’s a strange one! Glad you got it sorted Jon. Cheers, Hal.