Many times, once a customer has migrated from Exchange on-premises to Exchange Online, they want to completely decommission ALL on-premises Exchange servers. The issue this presents is that on-prem AD is authoritative for all objects, and then synced to Azure using AAD Sync.
There are 2 options –
- You can maintain a single Exchange server as a “management node” however in the case of Exchange 2013 and later, this means a CAS \ HUB and Mailbox role.
- You can configure your on-premises identity management solution to handle the necessary attributes needed to provision the proper Exchange Online remote object type.
I won’t go into option 1, that’s pretty much an installation of Exchange.
If you go with option 2, you’ll need to be aware of all the following values required for each object so that it provisions to Exchange Online via AAD Sync as the proper object type.
*also, be aware, it’s not possible to create remote shared objects with Exchange powershell, the ability has never been there, so it’s a 3 step process for remote shared
User :
mailNickName = SamAccountName
msExchRecipientTypeDetails = “2147483648”
msExchRecipientDisplayType = “-2147483642”
msExchRemoteRecipientType = “1”
TargetAddress = [email protected]”
ProxyAddresses= UserPrincipalName
ProxyAddresses= [email protected]”
mail=UserPrincipalName
Room :
mailNickName = SamAccountName
msExchRecipientTypeDetails = “8589934592”
msExchRecipientDisplayType = “-2147481850”
msExchRemoteRecipientType = “33”
TargetAddress = [email protected]”
ProxyAddresses= UserPrincipalName
ProxyAddresses= [email protected]”
mail=UserPrincipalName
Equipment :
mailNickName = SamAccountName
msExchRecipientTypeDetails = “17179869184”
msExchRecipientDisplayType = “-2147481594”
msExchRemoteRecipientType = “65”
TargetAddress = [email protected]”
ProxyAddresses= UserPrincipalName
ProxyAddresses= [email protected]”
mail=UserPrincipalName
Shared ( step 1 ) – Create a remote User mailbox :
mailNickName = SamAccountName
msExchRecipientTypeDetails = “2147483648”
msExchRecipientDisplayType = “-2147483642”
msExchRemoteRecipientType = “1”
TargetAddress = [email protected]”
ProxyAddresses= UserPrincipalName
ProxyAddresses= [email protected]”
mail=UserPrincipalName
Shared ( step 2 ) – Convert cloud User mailbox to Shared mailbox :
Using powershell you would need to connect to Exchange Online and issue the command :
Set-Mailbox -Identity $PrimarySMTP -Type Shared
Shared ( step 3 ) – Change On-Premises AD attributes to look like shared :
msExchRecipientTypeDetails = “34359738368”
msExchRecipientDisplayType = “-2147483642”
msExchRemoteRecipientType = “100”
For any of these objects, if a LegacyExchangeDN is desired in the on-premises Active Directory to completely emulate the results of the Enable-RemoteMailbox, I do that as follows :
/o=DOMAIN_NETBIOSNAME/ou=External (FYDIBOHF25SPDLT)/cn=Recipients/cn=RANDOM_GUID+SAMAccountName
Hi,
Is setting msExchRemoteRecipientType to 100 absolutely correct? The MS documentation on this attribute indicates that 100 is a ‘Migrated Shared Mailbox’ whereas a new cloud Shared Mailbox should be 96, so I just wanted to validate what we are setting is correct. Here’s my references:
https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/recipient-filters/recipientfilter-properties?view=exchange-ps (refer to the ‘RemoteRecipientType values)
https://github.com/felsokning/CSharp/blob/master/Public.CSharp.Research/Public.Exchange.Research/Objects/TypeEnums.cs