Office 365: Licensing mail users results in mailbox objects.

  • Article

In Office 365 we allow administrators to create mail user objects.  A mail user object is a security principal in the local active directory that also has an external email address assigned.  The user will appear in the global address list as a recipient and when selected the messages sent to the external email address assigned to the user.

 

In recent weeks I have worked with customers that have begun the process of implementing automated license assignment or implementing group based licensing.  In the process of doing so their mail user objects were included within the licensing scope applied.  When the Exchange Online license was applied – the mail user objects were converted to mailbox objects causing interruptions in mail flow.

 

Here is an example of a mail user created on premises.

 

[PS] C:\>Get-MailUser TestAssigned

Name RecipientType
---- -------------
Test Assigned MailUser

 

When Azure AD Connect has replicated the object it will be represented in Exchange Online as a mail user object.

 

PS C:\> Get-MailUser TestAssigned

Name RecipientType
---- -------------
Test Assigned MailUser

 

When the mail user account is initially provisioned the account is not licensed.

 

PS C:\> Get-MsolUser -UserPrincipalName testassigned@domain.com

UserPrincipalName DisplayName isLicensed
----------------- ----------- ----------
TestAssigned@domain.com Test Assigned False

 

Using the Office 365 Portal an Exchange Online license can be assigned to the mail user account.

 

PS C:\> Get-MsolUser -UserPrincipalName testassigned@domain.com

UserPrincipalName DisplayName isLicensed
----------------- ----------- ----------
TestAssigned@domain.com Test Assigned True

 

Post license assigned the object is converted to a mailbox object within Exchange Online.

 

PS C:\> Get-Mailbox testassigned

Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
Test Assigned TestAssigned cy1pr0601mb1626 49.5 GB (53,150,220,288 bytes)

 

The external email address property of the mail user is not preserved – all email will now be delivered to the mailbox that was provisioned.

 

This is considered by design.  In Exchange Online the only objects that will not provision a mailbox when a license is assigned is an on premises mailbox.  This is denoted in Exchange Online by a user object that is replicated with an Exchange Guid.  (Note:  There is one exception to this – information can be found here:  https://blogs.technet.microsoft.com/timmcmic/2017/09/10/office-365-users-have-both-a-cloud-and-on-premises-mailbox/)

 

To correct the condition the license can be removed through the Office 365 Portal (or though any means that can remove the Exchange Online sku).

 

PS C:\> Get-MsolUser -UserPrincipalName testassigned@domain.com

UserPrincipalName DisplayName isLicensed
----------------- ----------- ----------
TestAssigned@domain.com Test Assigned False

 

This will result in the object converting back to a mail user object and the external email address being applicable again.

 

PS C:\> Get-MailUser testassigned

Name RecipientType
---- -------------
Test Assigned MailUser

 

In order to preserve mail user functionality Exchange Plans should not be assigned when licenses are assigned to these recipient objects.