Permanently Clear Previous Mailbox Info


We are introducing a new parameter that can be called by using the Set-User cmdlet in Exchange Online PowerShell. The feature is focused for customers doing migration of on-premises mailboxes to the cloud and you will be able to use it within three weeks or so (Edit 1/19: we updated this due to slower than expected rollout):

Customers who have Hybrid or on-premises environments with AAD Connect / Dir Sync may have faced the following scenario:

  1. User Jon@contoso.com has a mailbox on-premises. Jon is represented as a Mail User in the cloud.
  2. You are synchronizing the on-premises directory to the cloud in preparation to migrate to Exchange Online.
  3. Due to issues with the on-premises sync or due to a configuration problem, the user Jon@contoso.com does not get the ExchangeGUID synchronized from on-premises to the cloud.
  4. If the Exchange GUID is missing from the object in the cloud, assigning an Exchange license to Jon@contoso.com will cause Exchange Online to give the user a mailbox, converting the object from a Mail User to a User Mailbox. (Adding the license is a step required for the migration of the mailbox from on-premises to the cloud.)
  5. The end result is the user that has 2 mailboxes: one on-premises and one in the cloud. This is not good. Mail flow issues will follow.

Those doing these types of migrations will know that the ExchangeGUID value is very important as it helps Exchange Online identify that the user has a mailbox on-premises, and if an Exchange license is assigned in the cloud, a new mailbox should not be created.

The immediate fix for this situation is to remove the Exchange License from Jon@contoso.com. This will convert the cloud object for Jon back to a Mail User. Mail flow should be restored at this point.

The problem now is that you have an “unclean” cloud object for Jon. This is because Exchange online keeps pointers that indicate that there used to be a mailbox in the cloud for this user:

PS C:\WINDOWS\system32> Get-User Jon@contoso.com | Select name,*Recipient*
Name PreviousRecipientTypeDetails RecipientType RecipientTypeDetails
---- ---------------------------- ------------- --------------------
Jon UserMailbox MailUser MailUser

Re-assigning the license after that will always err on the side of caution and Exchange Online will try to re-connect the (duplicate, temporary) mailbox in the cloud (and mailboxes can be reconnected for 30 days). Therefore Jon’s account in the cloud can’t be licensed in preparation for migration.

Up to now, one of the few options to fix this problem was to delete *only in the cloud* Jon’s object and re-sync it from on-premises. This would delete jon@contoso.com from the cloud – but from all workloads, not only Exchange. This is problematic because Jon could have his OneDrive or SharePoint data in the cloud only and deleting his account means that this will be deleted too. If the account is then re-created, Jon and the tenant admin would have to work to recover to his new account all the data he used to have in OneDrive or SharePoint just because Exchange data needed to be “cleaned up”.

The new parameter in the user cmdlet will allow tenant admin to clean up Exchange Online Jon’s object without having to delete it.

To clean the object, you can run the following command:

PS C:\> Set-User Jon@contoso.com -PermanentlyClearPreviousMailboxInfo
Confirm
Are you sure you want to perform this action?
Delete all existing information about user “Jon@contoso.com"?. This operation will clear existing values from Previous home MDB and Previous Mailbox GUID of the user. After deletion, reconnecting to the previous mailbox that existed in the cloud will not be possible and any content it had will be unrecoverable PERMANENTLY. Do you want to continue?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): Y

Executing this leaves you with a clean object that can be re-licensed without causing the 2-mailbox problem. Now you can on-board Jon’s on-premises mailbox following the usual steps. An alternative – a call to support to do the clean-up for you - is also not needed.

Remember, cleaning up the user means that the older associated disconnected (duplicate) cloud mailbox is not recoverable. If you want to keep it or be able to check it’s content, we recommend using Soft Deletion or Inactive Mailboxes to keep the mailbox.

Mario Trigueros Solorio

Comments (5)
  1. I have been in this scenario where a directory sync misconfiguration allowed Exchange Online to provision mailboxes instead of mail users and I can confirm, it was pretty hard to recover from this situation. This new feature is definitely an improvement. Implementing the feature as a switch for Set-User does not feel very intuitive though, but I like the clear warning text that’s presented before asking confirmation.

  2. I could have used this in my last migration project! It would have made things a lot easier. Thanks for adding this new switch.

  3. Welcome addition to the service. I run into this a fair amount with clients; this will save a ton of time/effort.

  4. Azure-Amjad says:

    I’m currently in this scenario, but moreso because the guy before me, decided to create Exchange accounts in O365 prior to Azure AD Connect setup. I’ve had to script the clean up and yes, it’s not good as you lose so much more than just the mailbox. This new command will be very useful, shame it’s not out earlier, as I could have tested it, this week.
    Thanks and nice work!

  5. Mike Crowley says:

    This is a welcome addition, but the mailbox that was provisioned prematurely might now have stuff in it. it would be great if there was a way to restore the content from the smaller mailbox and merge it with the larger, with minimal code. Also, I’ve found that many of the times mailboxes are provisioned prematurely are related to the wrong immudableID flowing in a linked mailbox scenario. In that case, we’re still required to hard-delete the cloud user.
    Honestly, a better fix would be to allow us to disconnect the SPO workloads from the aAD object. We have several tools with Exchange, but those guys don’t seem to acknowledge the problem.

Comments are closed.

Skip to main content