Office 365: Unable to locate an Azure Active Directory user for an Exchange Online Mailbox

In order for an Exchange Online mailbox to exist in Office 365 it must be attached to an Azure Active Directory object.  In Exchange Online we record the object ID for the Azure Active Directory account as the external directory object id of the mailbox.

PS C:\> Get-Mailbox tmcmichael | fl name,externalDirectoryObjectID

Name : Timothy McMichael

ExternalDirectoryObjectId : 61425db0-7812-49dd-b6aa-1a732bdec569

Using the external directory object ID we can locate the Azure Active Directory account that the mailbox is linked to.

PS C:\> Get-MsolUser -ObjectId 61425db0-7812-49dd-b6aa-1a732bdec569

UserPrincipalName DisplayName isLicensed

----------------- ----------- ----------
tmcmichael@domain.org      Timothy McMichael True

I recently had a customer that presented with the inability to locate the Azure Active Directory Object for an associated mailbox. 

Using get-mailbox the mailbox object was successfully located:

PS C:\> Get-Mailbox contact | fl name,externalDirectoryObjectID

Name : Contact Mailbox

ExternalDirectoryObjectId : 3959607e-8c53-4413-9d39-1af548b00819

When using get-msolUser the Azure Active Directory account could not be successfully located.

PS C:\> Get-MsolUser -ObjectId 3959607e-8c53-4413-9d39-1af548b00819

Get-MsolUser : User Not Found. User: 3959607e-8c53-4413-9d39-1af548b00819.

At line:1 char:1

+ Get-MsolUser -ObjectId 3959607e-8c53-4413-9d39-1af548b00818

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Get-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UserNotFoundException,Microsoft.Online.Administration.Automation.GetUser

If the mailbox object was a valid object – why can an Azure Active Directory account not be located.

In this particular instance we discovered that the mailbox was set as the JournalingReportNDRTo.

PS C:\> Get-TransportConfig | fl JournalingReportNdrTo

JournalingReportNdrTo : contact@domain.com

When a mailbox is specified as the journalingReportNDRTo recipient the mailbox cannot be deprovisioned.  In this particular instance we suspect that the Azure Active Directory Account was removed and subsequently purged.  When the object is purged from Azure Active Directory the associated Exchange Online Mailbox should enter a soft deleted state.  In this instance the mailbox was not soft deleted because of an external dependency.