Tag Archives: DirSync

Exchange Hybrid

create Shared Mailbox in Exchange Hybrid

9 Comments

Every now and then I get a question regarding creation of Room- or Shared Mailboxes in Office 365 when Exchange Hybrid is in place.There are multiple solutions available, but at the same time there are some restrictions as well. In this blog post I’ll discuss Room Mailboxes, Equipment Mailboxes and Shared Mailboxes.

Room Mailbox

To create a room Mailbox in your hybrid environment create a user account for this room mailbox first. In this example I’m going to create a Room Mailbox called ‘conference room 1st floor’ and have it created directly in Office 365 (for your information, I’ve tested this with Exchange 2010 hybrid as well as Exchange 2016 hybrid).

image

To create the Mailbox in Exchange Online, you can use the Enable-RemoteMailbox cmdlet in Exchange PowerShell. This will mail-enable the account in your on-premises environment and will automatically create a mailbox in Exchange Online the next time Azure AD Connect runs. For the Enable-RemoteMailbox cmdlet you need to use the -RemoteRoutingAddress (which should point to the Mailbox in Exchange Online) and for a Room Mailbox you have to use the -Room option. If you want to create a Shared Mailbox you can use the -Shared option, the result will be the same.

To create the Room Mailbox in Exchange Online we can use the following command:

Get-User -Identity Conference1 | Enable-RemoteMailbox -Room -RemoteRoutingAddress conference1@inframan.mail.onmicrosoft.com

image

When Azure AD Connect has run, the account has been provisioned in Azure AD and the Room Mailbox has been created. It is visible in Exchange Online EAC and permissions can be granted to other users can manage the Room Mailbox.

image

Resource (Equipment) Mailbox

To create a Resource (aka Equipment) Mailbox the process is very similar. First create a user account for the Equipment Mailbox in Active Directory and fill the appropriate attributes, like this:

av

To create the Equipment Mailbox directly in Exchange Online, execute the following in PowerShell (on your on-premises Exchange server):

Get-User -Identity AVEquipment | Enable-RemoteMailbox -Equipment
-RemoteRoutingAddress avequipment@inframan.mail.onmicrosoft.com

equipment

Again, when Azure AD Connect has run, the account is provisioned in Azure AD and the Mailbox is created in Exchange Online:

mbx

Shared Mailboxes

Createing Shared Mailboxes is a bit problematic, after all these years there’s still no option like -Shared when using the Enable-RemoteMailbox cmdlet in Exchange PowerShell so we have to figure out another way to create a Shared Mailbox in Exchange Online when using Azure AD Connect and a Hybrid environment.

<more to come soon>

 

Exchange, Office365

Office 365 Directory Synchronization without Exchange server Part III

50 Comments

In my previous blog post I explained how to manage your Email attributes in Office 365 by directly editing the Exchange attributes in your on-premises Active Directory. This works fine, but it is not recommended nor is it supported by Microsoft.

In this blogpost I’ll discuss how to add an Exchange server on-premises (or keep the last Exchange server when you’ve moved all Mailboxes to Office 365 for that matter) and manage your Exchange Online environment properly.

Exchange Server on-premises

So, what options do you have? Add an Exchange server on-premises, or keep one of the existing (hybrid) Exchange servers for management purposes. Since this is a green field Active Directory, and there’s no Exchange server on-premises you can use the free Microsoft Hybrid License to for this management server. For additional details on this free Exchange license you can check the Microsoft knowledgebase article KB2939261: https://support.microsoft.com/en-us/kb/2939261.

Continue reading Office 365 Directory Synchronization without Exchange server Part III

Office365

Upgrade Azure Active Directory Synchronization to AADConnect

1 Comment

The Microsoft Directory Synchronization has been available in a variety of versions and names:

  • DirSync (the original).
  • Azure Active Directory Sync (AADSync).
  • Azure Active Directory Connect (AADConnect).

Each version of the tool had a number of releases, for the original DirSync for example there were 14 different releases as can be seen here. Similar information for AADSync (5 releases) can be found here, and for AADConnect (12 releases) you can find it here.

In my test environment (Exchange hybrid) I’m currently running AADSync 1.0.491.413. Since the current (as of March 2016) version is AADConnect 1.1.110.0 it’s time to upgrade J

When upgrading from a previous version there are two options:

  • In-place upgrade – this is the recommended way if the upgrade time takes less than three hours.
  • Parallel upgrade – This is the recommended way if the upgrade time takes more than three hours.

Why three hours? The Directory Synchronization runs every three hours. It is also estimated that if you have more than 50,000 objects to synchronize, the upgrade will take more than 3 hours.

Continue reading Upgrade Azure Active Directory Synchronization to AADConnect

Office365

User cannot logon to Office 365 after moving user account in Active Directory

Leave a comment

When you have implemented Directory Synchronization between your on-premises Active Directory and Office 365, and you move a user in Active Directory out of the DirSync scope (for example to an Organizational Unit that’s not synchronized) the user is removed from Office 365.

However, when you move the user back to an Organizational Unit that’s synchronized (i.e. in-scope) the password is no longer synchronized. So, when this user tries to logon to Office 365 services, the logon attempt fails. Only when you change the password in Active Directory, the new password is synchronized to Office 365, and the user is able to logon again to the service.

Very similar to this, when a disabled user in the on-premises Active Directory is enabled, the password is not synchronized to Office 365.

This is a known issue with DirSync or Azure AD Connect (up to November 2015). On November 4, 2015 Microsoft released a new version of Azure AD Connect that fixes this particular issue (together with a number of other fixes of course).

You can find more information regarding the updated version of Azure AD Connect on Sander Berkouwer’s blog A new version of Azure AD Connect was released today. You can download the new version of Azure AD Connect on the Microsoft Download Site.