Creating Office 365 Mailboxes in a Hybrid Setup

In this article I will show you how to create Exchange Online mailboxes in a hybrid environment such that the maiboxes also show up on the on-premises Exchange server management console.

The most logical way of creating an Exchange Online mailbox (you’d think) is to let AD users DirSync across to 365, assign them licenses and be done with it. However doing it this way doesn’t create a link between Exchange Online and your On-Premises Exchange server which means you can’t do things like manage the user’s mailbox from EMC or┬ámigrate the mailbox between on-premises and Exchange Online.


Remove Old ActiveSync Devices on Exchange Using PowerShell

This will be a quick how-to guide on removing old/stale ActiveSync devices from Microsoft Exchange.

Note 1: I have only run this on an on-premises Exchange 2007 server so I am not sure if it will work in 2010, 2013 or Office 365 but hopefully the script will come in handy anyway

Note 2: This is my first ever PowerShell script so I am sure there are better ways of doing this but it does the job!

Okay so if you want to run a report on old devices (I have defined old as no successful sync in the past 30 days but you can change this to whatever you want) before you go ahead and remove them, run the following command:

Get-Mailbox | ForEach {Get-ActiveSyncDeviceStatistics -Mailbox:$_.Identity} | where {$_.LastSuccessSync -lt ((Get-Date).AddDays(-30))}

To actually remove these devices (this command removes the relationship between the device and Exchange – it will NOT wipe the device) run this command:

# Assign the full identity string for each of the old devices to the $staleDevices variable - this identity string is required for the Remove-ActiveSyncDevice cmdlet
$staleDevices = Get-Mailbox | ForEach {Get-ActiveSyncDeviceStatistics -Mailbox:$_.Identity} | where {$_.LastSuccessSync -lt ((Get-Date).AddDays(-30))} | select -expand Identity
# Loop through the identities and pass them in to Remove-ActiveSyncDevice. The -confirm at the end forces the command to go through. Remove it if you want to manually confirm each removal
foreach ($device in $staleDevices) {Remove-ActiveSyncDevice -Identity $device -confirm:$false}

Add E-mail Aliases to Your Office 365 Distribution Groups

If you’ve set up distribution groups on Office 365, you will notice a section in the DG ‘details’ page titled ‘E-Mail Options’… under this title is the following text:
“The group can receive messages sent to the following addresses.”

From this, you can safely assume that it is possible to add e-mail aliases to the group so that the group can receive e-mails sent to several different e-mails.
Sadly, there is no easy way of actually doing this via the UI so it must be done via a PowerShell command…


Using Adsiedit to Add or Remove E-mail Aliases on On-Premises Active Directory – Office 365

If you are synchronising your Office 365 account with your on-premises exchange/Active Directory, you will know that you cannot edit exchange user properties using the Office 365 administrator portal.
If you try, you will come across this error or a similar one:

The operation on mailbox “X” failed because it’s out of the current user’s write scope. The action ‘Set-Mailbox’, ‘EmailAddresses’, can’t be performed on the object ‘X’ because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

The reason for this is due to the fact that the AD and O365 are synchronised. Office 365 knows this and does not allow you to make any changes on O365 if there is a corresponding attribute that links up with your Active Directory.


Grant and Revoke Access to Mailboxes – Office 365

There may be times where you may need to grant an IT administrator or other employees access to another user’s mailbox.
Below I will demonstrate how to:

  • Grant an Admin access to a single mailbox
  • Grant an Admin access to all mailboxes
  • Revoke the above permissions (recommended cause of action after the Administrator has finished his/her tasks)