Double Mailbox – Not Good
Scope: User or help desk says a user is getting email on their on premise mailbox just fine from users on Exchange, but anyone from the internet that emails this person, they are not getting the message.
If all settings on the on premise mailbox check out with no obvious issues, here is how to verify that the mailbox exists in the cloud and on premise.
Login to Office 365 administrator console and search for the user.Check to see if the user has an Exchange Online license. If they do, in the user’s properties, check the mailbox status. If it doesn’t say “user has an on premise mailbox and can’t be managed by Exchange Online” and it shows stats of the mailbox, then the user has a mailbox in the cloud and on Exchange 2016. Here is how to fix it.
- On Exchange online, give your management account full rights to this mailbox in the cloud. This account has to have a mailbox in the cloud and also be a global admin in O365.
- Wait 15 minutes for cloud replication. After this find a Windows 7 VM with Office 2010 installed. Login to the machine with the local admin, not a domain account.
- Change the IP configuration on this VM’s NIC. Leave the IP, subnet, and gateway and remove the DNS settings. If DHCP is applying the DNS, then turn on only the manual DNS settings. Just enter 18.104.22.168 for DNS server setting. Next flush DNS and ping Google or browse to a site to verify the DNS change is working.
- Open the profile editor in control panel for Outlook. Create a new profile for Outlook but choose to do it manually. Do not let Auto Discover create the profile.
- Use the users email address and first and last name for the setting, but for the Exchange server you must use Outlook.Office365.com. DO NOT CLICK CHECK NAME.
- Choose the MORE SETTINGS button.
- Click the tab that says SECURITY and uncheck the “encrypt data…” option and change the drop down for logon network security to “Anonymous Authentication”.
- Next click the tab that says CONNECTION. Check the box for Connect to Microsoft Exchange using HTTP and then click the “Exchange Proxy Settings”
- For the URL type “outlook.office365.com” and beneath that check mark the box for “Connect using SSL only” and then the check box for “Only connect to proxy servers…”. In the box beneath this type “msstd:outlook.com”.
- Next click the check boxes for both “On fast networks…” and “On slow networks…”. At the bottom for Proxy Authentication Settings, choose “Basic Authentication”. Click OK to exit.
- Click OK again and then back at the server settings click the “check name” box.
- A logon box should appear next and use the account u selected to give full rights to this mailbox back on step A.
- If you did all the steps right, then the server name should populate as well as the user name get underlined with a full email address. Next uncheck the “Use cached Exchange Mode” option so it is disabled. Click NEXT to finish this step.
- Now that the mailbox will open in Outlook, launch Outlook, connect with your account from step A then once the mailbox has loaded and Outlook opens, you should see all the messages for this user that came from the outside internet and they should all be unread. Use Outlook to export this folder to a PST file.
- Once PST export has finished, exit Outlook.
- Next use PowerShell to connect to Exchange Online. Each line below should be run independently one at a time. You can copy and paste the lines below line by line.
- $UserCredential = Get-Credential (use your O365 global admin account here)
- $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
- Import-PSSession $Session
- After the module loads. Run this command:
- Use your O365 global admin account to login when the login screen appears.
- Once back at the PowerShell prompt without any errors means you are ready to continue.
- Next we need to remove the user from Azure AD. To do this type the following in PowerShell:
- Remove-MSOLUser -UniversalPrincipleName “firstname.lastname@example.org” (Press enter and then YES to continue) If no error then run the next command.
- Remove-MSOLUser -UniversalPrincipleName “email@example.com” -RemoveFromRecycleBin -Force (this will purge the user from Azure)
- Next go to the Azure AD Connect server and run a full sync with the following PowerShell command.
- Start-ADSyncSyncCycle -PolicyType Initial (This can take up to 10 minutes to run. Just wait for completion by watching the log in Synchronization Service Manager)
- In Azure or Office 365 admin console, search for your user. The user should not show up until after the sync has completed. If the user is still there then you missed something and didn’t delete the user correctly on step R.
- Once sync has completed, search for the user in Office 365 users.Once you find the user, open the properties for this user and go to the license manager. Select United States for the country and only enable Skype for Business for the license and save it.
- Connect to the user’s mailbox on Exchange 2016. the master domain account should have full access.Use Outlook to connect to the mailbox from Exchange. Once the mailbox opens and you can see the inbox, use your Google account or 3rd party account to email this user from the outside. Verify the message arrives in the users inbox. This will prove you have fixed the problem.
- Finally, import the PST you exported from step N into the users inbox.This will complete the mailbox load of merging the two mailboxes messages.
- Locate user, have the user test this as well and explain in a short form that you had to fix this account.
- If the user says all is working as expected and that they are getting mail from the internet, then you are done with this fix. Congrats!