Do you like to know how to get Office 365 activity alerts when a user…
Create Office 365 shared mailbox in Exchange Hybrid
It’s good to go through the Exchange Hybrid test plan checklist and test all the scenarios before you start to migrate any mailboxes. The second task is to create an Office 365 shared mailbox in Exchange Hybrid configuration. In this article, we will look at the only option on how to create Office 365 shared mailbox in Exchange Hybrid.
Table of contents
Information
In this article, we will:
- Create Office 365 shared mailbox
- Test hybrid mail flow in both organizations
- Test GAL visibility in both organizations
There is no option to create Office 365 shared mailbox from on-premises Exchange Admin Center. Also, don’t create the shared mailbox in Office 365 Exchange admin center. If you do that, mail flow will not work as expected.
Note: The only way to create an Office 365 shared mailbox in Exchange Hybrid is through Exchange Management Shell on-premises.
Create Office 365 shared mailbox
There are two options to create an Office 365 shared mailbox in Exchange Management Shell. You can use the cmdlets:
- New-RemoteMailbox
- Enable-RemoteMailbox
Note: To use the New-RemoteMailbox and Enable-RemoteMailbox cmdlets with the -Shared switch, you need to have Exchange 2013 CU21 or later, Exchange 2016 CU10 or later, or Exchange 2019.
Important: Keep the Exchange Server up to date with the latest Exchange Server Cumulative Update and Exchange Server Security Update.
New-RemoteMailbox
The New-RemoteMailbox cmdlet is excellent when you don’t have an AD object in Active Directory. It will create the AD object in Active Directory and the Office 365 mailbox.
Run Exchange Management Shell as administrator. Make use of the New-RemoteMailbox cmdlet and the -Shared switch.
[PS] C:\>New-RemoteMailbox -Shared -Name "Test SharedMailbox1" -Firstname "Test" -LastName "SharedMailbox1" -UserPrincipalName "Test.SharedMailbox1@exoip.com" -OnPremisesOrganizationalUnit "OU=Shared,OU=Company,DC=exoip,DC=local" -RemoteRoutingAddress "Test.SharedMailbox1@exoip365.mail.onmicrosoft.com"
Name RecipientTypeDetails RemoteRecipientType
---- -------------------- -------------------
Test SharedMailbox1 RemoteSharedMailbox ProvisionMailbox, SharedMailboxEnable-RemoteMailbox
The Enable-RemoteMailbox cmdlet is excellent when you already have an AD object in Active Directory. For example, you did a copy of another AD object, and now you want to create a shared mailbox for that AD object in Office 365.
Use the Enable-RemoteMailbox cmdlet and the -Shared switch.
[PS] C:\>Enable-RemoteMailbox -Shared "Test SharedMailbox1" -RemoteRoutingAddress "Test.SharedMailbox1@exoip365.mail.onmicrosoft.com"
Name RecipientTypeDetails RemoteRecipientType
---- -------------------- -------------------
Test SharedMailbox1 RemoteSharedMailbox ProvisionMailbox, SharedMailboxSign in to the Azure AD Connect server and force sync Azure AD connect with PowerShell.
PS C:\> Start-ADSyncSyncCycle -PolicyType DeltaIt can take some time before the shared mailbox appears in Office 365 Exchange admin center. I have seen it may take around 10 minutes.
Verify Office 365 shared mailbox
After you create the Office 365 shared mailbox, it’s good to verify that you can see the shared mailbox in both organizations.
Check user account in Active Directory Users and Computers
There are no mailboxes in Active Directory Users and Computers. The user account in AD is linked with Exchange attributes to the mailbox. Because it’s a shared mailbox, it’s disabled. That’s why you didn’t need to provide a password when creating the shared mailbox.
Double-click on the AD object. Check the information in the General tab.
Verify the information in the Account tab.
Everything looks great. In the next steps, you will verify the Office 365 shared mailbox in Exchange on-premises and Exchange Online (Office 365).
Check shared mailbox in on-premises Exchange admin center
Sign in to Exchange Admin Center (EAC) with admin privileges. This is on the Exchange on-premises server and NOT Office 365. Go to recipients > shared. Select the shared mailbox and click the edit icon in the toolbar.
Click general in the menu and verify the mailbox details.
Click email address in the menu. Verify that you see the following:
- smtp:@tenant.mail.onmicrosoft.com
- Remote routing address
Check shared mailbox in Microsoft 365 Exchange admin center
Sign in to the Exchange admin center with your Microsoft 365 admin credentials.
Go to Recipients > Mailboxes and click on the Office 365 shared mailbox. Select General and click on Manage email address types.
Note: You will only see Office 365 mailboxes in Microsoft 365 Exchange admin center. The on-premises mailboxes are not shown on Microsoft’s cloud servers.
There is no remote routing address option in the cloud, and you will see two smtp onmicrosoft.com email addresses:
- smtp:@tenant.mail.onmicrosoft.com
- smtp:@tenant.onmicrosoft.com
Get shared mailbox with Exchange Management Shell
In Exchange Management Shell, verify that the Office 365 shared mailbox is created.
[PS] C:\>Get-RemoteMailbox "Test SharedMailbox1" | ft Name,PrimarySmtpAddress,RecipientType,Remote*
Name PrimarySmtpAddress RecipientType RemoteRoutingAddress RemoteRecipientType
---- ------------------ ------------- -------------------- -------------------
Test SharedMailbox1 Test.SharedMailbox1@exoip.com MailUser SMTP:Test.SharedMailbox1@exoip365.mail.onmicrosoft.com ProvisionMailbox, SharedMailboxDo you need more information? Use the Format-List cmdlet at the end of the command. The Format-List cmdlet formats the output of a command as a list of properties in which each property is displayed on a separate line.
[PS] C:\>Get-RemoteMailbox "Test SharedMailbox1" | flGet shared mailbox with Exchange Online PowerShell
Connect to Exchange Online PowerShell and verify the shared mailbox.
PS C:\> Get-Mailbox "Test SharedMailbox1" | ft Name,PrimarySmtpAddress,RecipientType,RemoteRecipientType,Database
Name PrimarySmtpAddress RecipientType RemoteRecipientType Database
---- ------------------ ------------- ------------------- --------
Test SharedMailbox1 Test.SharedMailbox1@exoip.com UserMailbox ProvisionMailbox, SharedMailbox EURP195DG038-db087You can always use the Format-List, to get more information.
PS C:\> Get-Mailbox "Test SharedMailbox1" | flTest hybrid mail flow in both organizations
We did create the Office 365 test shared mailbox. Let’s test the mail from both organizations by sending an email to the Office 365 shared mailbox.
Send email from Office 365 mailbox to Office 365 shared mailbox
Start Outlook and sign in with an Office 365 mailbox. Create a new message and select the Test SharedMailbox1 mailbox you created in the earlier step. Enable Request a Delivery Receipt and click Send.
An email shows up in your inbox that your message has been delivered to the recipient. The mail flow from Office 365 user mailbox to Office 365 shared mailbox works.
Send email from Exchange on-premises to Office 365 shared mailbox
Sign in to Amanda’s on-premises mailbox. Create a new message and select the Test SharedMailbox1 mailbox you created in the earlier step. Enable Request a Delivery Receipt and click Send.
An email shows up in your inbox that your message has been delivered to the recipient. The mail flow from Exchange on-premises user mailbox to Office 365 shared mailbox works.
Test GAL visibility in both organizations
It’s good to test the Global Address List (GAL) visibility in Exchange Online (Office 365) and Exchange on-premises.
Office 365 Global Address List visibility
From Test Mailbox1 Outlook client, click on Address book. Select the address book All Users. Verify that you see both on-premises and Office 365 mailboxes.
Exchange on-premises Global Address List visibility
From Amanda’s Outlook client, click on Address Book. Select the address book All Users. Verify that the on-premises and Office 365 mailboxes show up.
The next time, we will look at how to create Office 365 resource mailbox in Exchange Hybrid configuration.
Conclusion
You learned how to create Office 365 shared mailbox in Exchange Hybrid. The only way to create Office 365 shared mailbox in Exchange Hybrid is from Exchange Management Shell on-premises. Always verify your work when you are done.
You don’t have to create a shared mailbox on-premises and move to Exchange Online. Doing that will take more time, and there is no point if there is a PowerShell command.
Did you enjoy this article? You may also like the course Exchange Hybrid. Don’t forget to follow us and share this article.
What Others Are Reading
Does anyone know if the onPrem user needs to be properly licensed in O365 before the enable-remotemailbox cmd is run? I wouldn’t expect the remote mailbox to be created in EXO unless the user is appropriately licensed.
We have been creating users in a hybrid exchange for the last 4 years using the On Prem Exchange Admin center.
For us in the “Mailbox” menu, clicking the arrow next the the “+” New user button gives us the option of Office 365 Mailbox. Creates the on prem user in Exchange and AD, as well as a 365 remote mailbox.
Been working very well for us with no need to create a shared mailbox or use powershell to create
Hi Brian,
I have been creating mailboxes in an Exchange Hybrid environment since 2011.
This article covers creating an Office 365 shared mailbox in Exchange Hybrid. This can only be done using Exchange Management Shell (PowerShell).
It’s not about creating a regular (user) mailbox or resource mailbox, which you can create through the on-premises Exchange admin center and Exchange Management Shell (PowerShell).
Hopefully, this clears it up.
Hi Ali,
I created the shared mailbox following your instructions. In order to add users to the shared mailbox from both mailbox exchange on-premise and office 365 how do I need to do so that I don’t have permission issues? Currently I added users from O365 Admin Center and opening Outlook with an on-premise Exchange mailbox I have permission issues and automapping does not work.
Hi Ali
Awesome article.
Question, what if there was an existing shared mailbox on premise can i migrate it to Exchange online?
Glad to hear, Victor.
You can migrate the on-premises shared mailbox by following one of the below articles:
– Migrate mailboxes to Office 365
– Move mailbox to Exchange Online with PowerShell
Hello, I created a new shared mailbox, it is displayed in O365 and in local, but for some reason it does not automatically appear in outlook for users who are on-premises
Hi Ali,
I seem to have been able to create the shared mailbox on prem (exchange 2013 CU3)
New-RemoteMailbox -Shared -Name “Accounts Receivable” -FirstName “Accounts” -LastName
“Receivable” -UserPrincipalName “ar@our.domain -OnPremisesOrganizationalUnit “OU=Email
Users,OU=Users,OU=XX,DC=xxxxxxx,DC=local” -RemoteRoutingAddress
“ar@tenant.address”
However, when I try to enable with the Enable-RemoteMailbox -Shared command, I get this.
This task does not support recipients of this type. The specified recipient xxx.local/xx/Users/Email
Users/Accounts Receivable is of type
RemoteSharedMailbox. Please make sure that this recipient matches the required recipient type for
this task. + CategoryInfo : InvalidArgument: (xxxx.loca…unts Receivable:ADObjectId) [Enable-
RemoteMailbox], RecipientTaskException + FullyQualifiedErrorId : [Server=xxx,RequestId=485abb40-
fc0d-4cb0-bf8d-5be0806b68a0,TimeStamp=10/13/2022 4:43:43 PM] [FailureCategory=Cmdlet-
RecipientTaskException]F0E151E,Microsoft.Exchange.Management.RecipientTasks.EnableRemoteMailbox
+ PSComputerName : xxx.local
Can you help? thanks!
-jon
Hi Jon,
To use the Enable-RemoteMailbox cmdlet with the -Shared switch, you need to have Exchange 2013 CU21 or later, Exchange 2016 CU10 or later, or Exchange 2019.
You should immediately update your Exchange Server(s) for bug fixes/new features and protect against security vulnerabilities:
– Install Exchange Cumulative Update
– Install Exchange Security Update
I updated the article.
Thank you Ali! I had typo’d my previous post. I meant to say CU23, not CU3. In any case, it appears I did not even have to use the Enable-SharedMailbox command. after creating the mailbox using the command you supplied in the article, it all appears to be working correctly! Thank you again for a great post!
-jon
Ali,
I was able to use the Create-RemoteMailbox command with the -Shared switch with CU23 (June 18, 2019 15.0.1497.2 15.00.1497.002) first release*. I was unable to use the Enable-RemoteMailbox with -Shared switch on this same CU. FYI.
thanks,
-jon
Hello,
Did you know how to delete a Sared Mailbox in Hybrid mode ? I can’t do this on Office 365 side (obviously) and on On Prem side I’ve got an error message that say this not a mailbox user.
Thanks
Run the below command in Exchange Management Shell on-premises:
Hi Ali,
I’ve found a solution for my question of yesterday 🙂 Like you said on shared mailbox creation, the remove mailbox must be done in powershell. Thanks
Hi Ali,
I love the work you are putting out, as a rookie Admin, you have created an exciting world of automation, scripting in all things Exchange for me.
My problem is when I follow the process on my On-Prem Exchange Management shell the Sharedmailbox is create with the @mycompanydomain.com and I think it looks good but instead of seeing SharedMailbox in Exchange Online the mailbox appears as a mail contact with @mycompanydomain.mail.onmicrosoft.com What could be the problem in my environment settings to cause this problem? PLEASE Help!
My current workaround solution :(too many steps 🙁
1. Create the new sharedmailbox on M365 via powershell [New-Mailbox] command ( due to when I create it thru the GUI the UPN or Username ID does not match the email address format that we desire)
2. Create the same sharedmailbox on-prem via powershell – [New-RemoteMailbox] command
3. Set the ExchangeGuid GUID of the NEW SharedMailbox On-Prem
4. Run a Delta AD sync on On-Prem AD
Hi Ali,
Created Test SharedMailbox2 onprem.
Enable-RemoteMailbox “Test SharedMailbox2” -shared -RemoteRoutingAddress “test.sharedmailbox2@tenant.mail.onmicrosoft.com”
This task does not support recipients of this type. The specified recipient domain/OU…/Test SharedMailbox2 is of type UserMailbox. Please make sure that this recipient matches the required recipient type for this task.
get-mailbox “test sharedmailbox2” |fl *type*
ResourceType :
MailboxRelationType : None
RemoteRecipientType : None
RecipientType : UserMailbox
RecipientTypeDetails : SharedMailbox
How can I get this to work?
Jim
Hi Jim,
You have created a shared mailbox, and you want to enable a remote shared mailbox. Unfortunately, that will not work, and the error is correct.
You should create a user in AD without an on-premises mailbox. After that, run the Enable-RemoteMailbox cmdlet. It will create a shared mailbox for that AD object in Office 365.
Hi, currently we have a configuration in Hybrid mode only for administration/integration processes, all our mailboxes exist in ExchangeOnline (no mailbox is on OnPremise), why it’s not recommended to create Shared Mailboxes directly in the Cloud? With this process we avoid having to create user accounts in active directory (Disabled), I would like to know your impressions and comments?.
Hi Hector,
As long as the Active Directory is on-premises, you should create and manage the mailboxes from on-premises.
If you create the mailboxes directly in the cloud, it will not sync back to on-premises. This will result in Office 365 mailbox not showing in Exchange Hybrid on-premises.
Don’t forget to convert the mailboxes from on-premises too. Otherwise, you will get a Mailbox type difference in Exchange Hybrid.
Hi Ali, understand that they will not be synchronized to ExchangeOnPremise/AD, but is this really a disadvantage if all users are in ExchangeOnline? For that reason consult:
1. The Shared Mailbox will be available in GAL and AddressBook.
2. You can send/receive internal and external emails.
3. We can edit or configure any parameter from the ExchangeOnline consoles (GUI/PowerShell).
4. All access can be delegated to User Mailbox in ExchangeOnline.
5. Users can have Outlook AutoMapping features or open the SharedMailbox directly in OWA.
The only disadvantage that see is that the object logically in the ExchangeOnPremise does not exist, but if there is no user (mailbox) in OnPremise, do not see it as a limitation or problem.
Also, if for some reason at the SMTP level, the ExchangeOnPremise servers will be used as a relay and they need to send an email to that SharedMailbox to avoid an NDR, simply add the O365 address as Contact (pointing to domain custom.onmicroosft.com).
The disadvantage or additional reason why you would be avoiding creating the SharedMailbox from OnPremise is for the security of having to create N number of user accounts (disabled by default), but that represent a risk or vulnerability in the long run for the organization.
I want to know if creating them only in the Cloud in my scenario can be a correct decision?
Thanks.
Hector Orozco.
Hi Hector,
If all the mailboxes are in the cloud, you can do that. If you have mailboxes on-premises and in the cloud, and you create a mailbox without an on-premises AD object, you will get mail flow issues.
Now that it will work in your scenario, I can’t recommend that. It’s not the correct way or the supported way when the source of authority is your on-premises AD.
Microsoft is aware and working to manage everything without an Exchange Server. So if they push an update, you might get issues in the long run because you don’t have AD on-premises objects.
How do you manage permissions for the on premises mailbox. I noticed after converting there are no options to delegate.
This article will explain it in more detail: Configure permissions in Exchange Hybrid.
So if you do this the only way to configure permissions is via PowerShell? Will the shared mailbox show up in O365 in this case? Would an environment still be considered exchange hybrid if exchange on premises is only used to add new users and not store mailboxes?
If all the mailboxes are in Office 365, you can Connect to Exchange Online PowerShell and manage the permissions with PowerShell. Another way is through the Microsoft 365 admin center/Microsoft 365 Exchange admin center.
It’s called Exchange Hybrid as long as you have a Hybrid Configuration.
In your case, the mailboxes are in Office 365, but you will only use the Exchange on-premises for creating the mailboxes. Even if you don’t do anything else, it’s called an Exchange Hybrid. After you remove the Exchange Hybrid Configuration, it’s not considered an Exchange Hybrid.
Good to know is that you can remove the Hybrid Configuration and create mailboxes in Office 365 from Exchange on-premises. The Hybrid Configuration is for moving mailboxes, configuring mailbox/calendar permissions, and mail flow between the Exchange on-premises and Exchange Online organization.
Note that you still need an Exchange on-premises as long as you have an Active Directory on-premises and sync the Exchange attributes with Azure AD Connect to Office 365/Microsoft 365.
How come when I run Get-Mailbox -identity sharedmailbox it says the object couldn’t be found?
That’s because it’s a remote mailbox (Office 365) and not an on-premises mailbox (Exchange on-premises).
Run the below command in Exchange Management Shell on-premises:
Hi,
Thanks for publishing this guide. I noticed I cannot enable in-place archives on the o365 EAC for the created remote-mailbox. Does this need to be done on the on-prem EAC?
Also, I notice that only on the O365 side there is an x500 attribute, but not for on-prem. Is that normal?
Thanks again!
You have to enable archiving for that mailbox on the on-premises Exchange Server. You can do it from EAC (Exchange Admin Center) or EMS (Exchange Management Shell).
I still see a lot of admins enabling In-Place Archive from O365, but that’s not correct as long as your AD (Authority) is on-premises. By doing that, it will create a mailbox difference between on-premises and Office 365.
For example, it will show that the mailbox on-premises does not have In-Place Archive enabled, but Office 365 will show that it’s enabled, which you don’t want.
When you create an Office 365 shared mailbox and run the New-RemoteMailbox or Enable-RemoteMailbox cmdlet, the x500 email address should show both in Office 365 and on-premises for that mailbox.
Good to know is that you don’t see the X500 email address immediately for that shared mailbox on-premises when you run the cmdlets. Instead, you will see the x500 email address show up on-premises for that shared mailbox after Azure AD Connect sync completes.
Dear Ali,
You are doing a great Job, recently i was working with customer where onprem exchange was decommissioned and they wanted to create a Shared AD sync Mailbox, we just created the mailbox and went to attribute editor and changed the msExchRecipientTypeDetail value to 2.
Once even modify the properties as well
Regards – Hasan Reza
Hi Hasan,
That will work.
Microsoft recommends keeping an Exchange Server after you migrate all the mailboxes to Office 365. This way, you can manage everything from the on-premises Exchange Server and not from the Active Directory attribute editor.
I wrote an article about converting the mailbox from user mailbox to shared mailbox in Exchange Hybrid. But, you need an Exchange Server on-premises to run the cmdlet.
Hi again,
Your first powershell code in this article has some inconsistancy! The code uses New-RemoteMailbox while the descriptive text say to run Enable-RemoteMailbox.
My understanding is that New-RemoteMailbox will only work if there is no existing AD account for the mailbox, while Enable-RemoteMailbox will only work when there is already an AD account present for the mailbox you want to create.
Either way, you most likely also want to add -RemoteRoutingAddress to both running the code, to actually set the remote routing address for the mailbox created.
Per Microsoft recomodation I have first created the AD account in ADUC, waited for AAD Connect sync to finish and then run Enable-RemoteMailbox (with -RemoteRoutingAddress) in EX on-premises shell. This works, however I see that remote routing address is only set on the remote mailbox in O365 while on-premises Exchange entry does not have a remote routing address. The on-premises Exchange may not require this since the mailbox is located in Office 365, or I need to set it manually. Either way, this is not very enterprise friendly by Microsoft…
Hi Chato,
Your understanding is correct. That’s how both of the cmdlets work. I adjusted the cmdlets in the article and added extra information. Thanks for letting me know.
Enable-RemoteMailbox cmdlet needs the -RemoteRoutingAddress parameter. The new-RemoteMailbox cmdlet does not need it, but I added it.
Hi. Greate article. I believe you can create shared mailboxes in hybrid EX environment by creating the AD account in i.e. ADUC, wait for AAD Connect to complete syncronization, then run Enable-RemoteMailbox in on-premises Exchange with the -shared flag, using the same values used for the created user. This creates an shared mailbox tied to the ADUC account, available in both on-premises EAC and O365 EAC.
Hi Chato,
Enable-RemoteMailbox cmdlet is another approach to create shared mailboxes in Exchange Hybrid.
Note: To use the Enable-RemoteMailbox cmdlet with the -Shared switch, you need to have Exchange 2013 CU21 or later, Exchange 2016 CU10 or later, or Exchange 2019.
I updated the article.