Exchange hybrid – fixing shared mailboxes that were created as user mailboxes

Exchange logo

This is a common issue I’ve seen with help desk users not following established processes, or just not having the knowledge to create shared mailboxes properly.

As detailed in our post Creating users and shared mailboxes in an Exchange hybrid environment – Cloudrun, shared mailboxes are best created using on-prem Exchange PowerShell, with the New-Remotemailbox -Shared command. You could also create them as shared mailboxes in Exchange on-prem and migrate them, but that is unnecessary.

Issues can occur when something like this is done:

  • Create the mailbox as an Office 365 mailbox in Exchange on-prem EAC. This will be a normal user mailbox.
  • Disable the user account in AD
  • Wait until it syncs, convert the mailbox to shared in Exchange online.

This causes a problem, because Exchange on-prem thinks that it is still a user mailbox, and it will be listed under mailboxes in the on-prem EAC, rather than under shared mailboxes, because the AD attributes have been set incorrectly. I have seen this cause licensing and permissions errors. There is no simple way to fix this error, since it the Exchange on-prem EAC has no way to convert from remote user to remote shared mailbox. There is no PowerShell command either.

The only supported Microsoft way to fix this is to migrate the mailbox back to on-prem, convert it to shared, and then migrate to Exchange Online again. This is pretty ridiculous, so fortunately there is an easy way of fixing it by modifying the AD attributes. Obviously this is unsupported so use at your own risk.

First, make sure Advanced Features are enabled in ADUC, find a shared mailbox which has been created correctly, open it and open the attributes tab. Then do the same with the incorrectly created mailbox which is showing on the mailboxes section of the EAC. Check the attribute values which will probably be as below:

AD Attribute valueShared mailboxUser mailbox
msExchRecipientDisplayType343597383682147483648
msExchRecipientTypeDetails1001

So, update the user mailbox which should really be a shared mailbox, to match the values on the shared mailbox on the left. The two attributes are highlighted below:

User_shared_mailbox_attributes

Note: for a complete of all the recipient type attribute values in AD, see Exchange Recipient Type Values in Active Directory – Cloudrun.

Once you have done that, return to the on-prem EAC, refresh the view on the mailboxes tab, then refresh on the shared tab, and they should now appear correctly. Once AD Connect sync has run, any issues should be resolved.

Posted in Office 365

Related Posts

2 Comments

  1. Pingback:Exchange Recipient Type Attribute Values in Active Directory - Cloudrun

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.