Creating a Remote Mailbox in an Exchange Hybrid Environment

If you operate an Exchange hybrid environment you will eventually want to create Exchange Online mailboxes for new users without creating them on-premises and migrating them. The easiest way to do this is to create the new user object and remote mailbox from the on-prem Exchange Admin Center (EAC).

  • Logon to the on-premises Exchange Admin Center.
  • On the Recipients > Mailboxes panel, click the drop-down to add an Office 365 Mailbox.
  • Fill out the webpage to create the new user object in AD and click Save. This will also create a mail-enabled user in Exchange on-prem with a remote delivery address (targetAddress) configured for the tenant address (user@domain.mail.onmicrosoft.com). This will configure the mailbox for coexistence with Office 365.
  • Allow synchronization to occur between Active Directory and Azure Active Directory. By default this happens every 30 minutes by default with AAD Connect.
  • Sign in to the Office 365 portal and assign a license to the user for Exchange Online. At this point the mailbox is created and the user is allowed to sign in to Office 365.
Easy enough, but things can get messy if these steps are done out of order. For example, an admin may create the user in AD Users and Computers rather than the EAC. If this happens, the mail-enabled user object is not created in Exchange on-prem. If the admin then licenses the user in Office 365 for Exchange Online, there will be no connection between the on-prem user and cloud mailbox. Here’s how you fix that:
  • Open a remote PowerShell connection to Office 365 and run the following cmdlet:

Get-Mailbox user | fl ExchangeGuid

  • Copy the displayed GUID of the Exchange Online mailbox.
  • Open the Exchange Management Shell on-prem and run the following cmdlets:

Enable-RemoteMailbox user -RemoteRoutingAddress user@domain.mail.onmicrosoft.com

Set-RemoteMailbox user -ExchangeGuid <the ExchangeGuid you copied above>

The first cmdlet will create a mail-enabled object in Exchange on-prem and configure the targetAddress for remote routing and coexistence. The second cmdlet sets the on-prem ExchangeGuid so it matches Office 365. This will allow you to move the mailbox from Office 365 to on-prem (offboarding), if you ever want or need to do that.
The next time AAD Connect runs a synchronization, the on-prem and cloud objects will soft-match and mail flow will work properly.
Category: Exchange Server 2016