Friday, February 19, 2016

Convert a user mailbox to shared in a hybrid environment.

In a hybrid environment it’s not supported to convert user mailboxes to regular, even there is a link in EAC to do this. It seems to work, but the changes that are made in Exchange Online won’t properly sync back to on-premises. I wrote about this in an earlier post: Do not convert synced mailboxes to shared in a hybrid environment.

After that I kept working with Microsoft to obtain a better understanding of the issue and ultimately develop a process to do this conversion.

Disclaimer: This process was developed in a lab environment under the guidance of Microsoft Premier Support. Before doing this in your environment, make sure you check with your Microsoft contact if they support this procedure until any official guidance has been published.

To convert a mailbox to shared, we need to perform three steps:

  • Convert the mailbox to shared in Exchange Online
  • Modify the on-premises AD attributes accordingly
  • Revoke the Exchange Online license

In Exchange Online simply convert the mailbox to the correct type:

Set-Mailbox MyMailbox -Type Shared

Now in Active Directory Users and Computers, make sure you enabled Advanced Features under the View menu option. Next navigate to the AD object (mail user), open it’s properties and go to the Attribute Editor tab.

Tip: Write down the values before making any changes. Or even better, dump all AD attributes and their values to a text file:
Get-ADUser MyMailbox -Properties * > before.txt.

Now update the following attributes with these values:

  • msExchRemoteRecipientType: 100
  • msExchRecipientTypeDetails: 34359738368


Last step is to revoke the Exchange Online license. This is optional but in most cases something you want to do as a shared mailbox does not require a license. Simply use the Office 365 portal and find the user under Active Users. Remove the Exchange Online license.

After we revoked the license it’s important to validate the license status in Azure AD:

Get-MSOLUser -UserPrincipalName | fl *lic*


Pay attention to the LicenseReconciliationNeeded attribute, this should be False. If LicenseReconciliationNeeded returns True Exchange Online thinks this mailbox requires a license and entered the 30 day grace period. A fix


Unknown said...

Do you know how to convert a mail user to a remote user mailbox

Jetze Mellema said...

Hi Juan,

Check this out:

Unknown said...

After setting msExchRemoteRecipientType and msExchRecipientTypeDetails, we see the shared mailbox appear correctly. However, LicenseReconciliationNeeded is still set to True (though the mailbox doesn't get deleted).

The only way I can get LicenseReconciliationNeeded to go false (without migrating the mailbox) is to assign and remove a license - have you come across this, and if so is there a workaround?

Jetze Mellema said...

Try adding and removing the license again, this usually does the trick.

Unknown said...

Great article. Exactly what I needed.

Unknown said...

Hello, how can we convert a Migrated RemoteRecipienttype to none for a User that is on prem?

Kevin P said...

Is it possible to give read only access to a shared mailbox?

We dont want users deleting email in a leavers mailbox.


Unknown said...

It worked like magic. Thank you soo much. :)

exrookie said...

Excellent work Jetze!

Unknown said...

Worked like a charm. Thank you!