Exchange Mailbox Exists In Both Exchange Online And On-Premises

I ran into strange situation today. I had an IT Manager call up stating an account was not receiving email, but he could log into the account and send mail. He shared his screen over teams sand I discovered that the account was connected to Exchange online, not the Local Exchange Server. I also discovered that user had an email account provisioned in Exchange Online and Exchange On-Premises.

It took me a bit of Google Fu to figure out the answer the problem.

Since the M5 license is what most users are allocated, we have a group that syncs from the on-premise Active Directory to Azure Active Directory. AD connect performs the sync every 30 minutes. My best guess is the account was syncing to Azure AD and during that time the mailbox was created onsite.  Exchange Online looks for an ExchangeGUID, if the GUID does not exist and they have a license that allows for Exchange Online, the account gets created in Exchange Online.

The only way to fix this is to remove the O365 license for the person with the duplicate mailbox and let the account resync to Azure AD. You can force the issue by forcing AD connect to sync using the following command, Start-ADSyncSyncCycle.

Once that has completed, and you wait about 5 mins, you can then go to the users object in Azure AD and run reprocess, this will force the license to be removed.

Once that has been completed, you can check the Exchange Online control panel to ensure it has been removed.

You will also more than likely want to follow this article to permanently clear any metadata the exists for the user.

Permanently Clear Previous Mailbox Info
We are introducing a new parameter that can be called by using the Set-User cmdlet in Exchange Online PowerShell. The feature is focused for customers doing migration of on-premises mailboxes to the cloud and you will be able to use it within three weeks or so (Edit 1/19: we updated this due to slow…

You can also reference this article, but I feel it is poorly written. It does not describe the fact that to rid yourself of the online account, you need to remove the Exchange online license.

How to recover when a mailbox exists in both Exchange Online and on-premises - Exchange
This article describes an issue in which a mailbox that exists in both Exchange Online and on-premises. Provides two solutions.

I am going to state that Microsoft's AD Connect tool is old clunky and kind of sucks. I wish they would come up with a better tool to sync on-premises Active Directory with Azure Active Directory.  They sync delay is crazy in this day and age and some of the options to replicate passwords are less than idea.

If anyone from Microsoft happens to read this post, improve AD Connect.

I hope this saves you time if you happen to run into this issue. I ran into some roadblocks until I found this article. It confirmed what I had a suspicion about, I needed to remove the Office 365 license to ultimately fix this issue and let AD connect do it's thing and correct sync the ExchangeGUID.

TBJ Consulting

TBJ Consulting