Hybrid Management - Part 09 - Creating Office 365 Shared Mailboxes via PowerShell

Welcome to my tutorials on Hybrid Exchange - Office 365 Administration -

All Hybrid Administration Tutorials
- How to configure your desktop PC for Hybrid Exchange - Office 365 - Azure Administration - Link
- How to connect to Hybrid Exchange - Office 365 - Azure AD and Local AD via PowerShell - Link
- Hybrid Management - Part 01 - Creating local User mailboxes - Link
- Hybrid Management - Part 02 - Creating local Exchange Shared Mailboxes - Link
- Hybrid Management - Part 03 - Creating local Exchange Room and Equipment Mailboxes - Link
- Hybrid Management - Part 04 - Configure the Hybrid Connection Wizard - Link
- Hybrid Management - Part 05 - Individual mailbox moves via the EAC - Link
- Hybrid Management - Part 06 - Bulk mailbox moves via the EAC - Link
- Hybrid Management - Part 07 - Moving bulk mailboxes with PowerShell - Link
- Hybrid Management - Part 08 - Creating Office 365 User Mailboxes via PowerShell - Link
- Hybrid Management - Part 09 - Creating Office 365 Shared Mailboxes via PowerShell - Link
- Hybrid Management - Part 10 - Creating Office 365 Room and Equipment Mailboxes via PowerShell - Link

---------------------------------------------------------------------------------------------------

Hybrid Management - Part 09 - Creating Office 365 Shared Mailboxes via PowerShell 

This tutorial will walk you through creating Office 365 Shared Mailboxes.
The script is available as part of my Hybrid Office 365 Administration Pack - Download Link

It is critical that you follow the pre-requisites below as my Hybrid connection script is needed to run these Hybrid Management scripts successfully.

----------------------------------------------------------------------------------------------------

Pre-requisites

Preparation Guides
- Follow the guides below to ensure your PC should is configured for Hybrid Administration - 
How to configure your desktop PC for Hybrid Exchange - Office 365 - Azure Administration - Link
How to connect to Hybrid Exchange - Office 365 - Azure AD and Local AD via PowerShell - Link

Downloads -
My Hybrid Office 365 Administration Pack - Download Link
My Hybrid Connection Script - Download Link

----------------------------------------------------------------------------------------------------

Introduction -

From a technical perspective, there is a big difference between creating a remote mailbox that is a user or room type, and creating a remote mailbox that is a Shared type. In fact, there is no supported process for creating a remote mailbox that is Shared. The supported Microsoft process is to create a Local Exchange User mailbox and then move the mailbox to Office 365. Once the user mailbox is in Office 365, the mailbox will be converted to a Shared mailbox.

The spreadsheets for creating Office 365 mailboxes are all very similar, apart from a few small differences.

All spreadsheets, for all Office 365 mailbox creations have three permissions columns -
- Full Access
- Send As
- Send on Behalf.




This is also the same for both Local Exchange and Office 365 mailboxes.

---------------------------------------------------------------------------------------------

Editing the csv file with your Office 365 Shared Mailbox details

To start creating Office 365 Shared Mailboxes, ensure you have already downloaded the following scripts and csv folders mentioned earlier in the pre-requisites section.
--- Hybrid Connection Script - Download Link
--- Hybrid Office 365 Administration Pack - Download Link

Extract the folders in the Hybrid Office 365 Administration Pack zip file to the folder of your choice. Copy the appropriate ps1 and csv files to the root of c:\scripts.
Edit the RemoteSharedMailboxes.csv with your data.
See the example below for guidance.



Note that as Shared mailboxes do not need to be licensed, we do not need to get the SKU-ID for the csv file like we needed when creating Office 365 User mailboxes.


*** Notes for editing the RemoteSharedMailboxes.csv file ***
The following fields MUST contain data to create a valid mailbox -
- Name                         ( This becomes the Display Name )
- UPN                           ( This becomes the login ID which matches the email address )
- Alias                          ( This must match the start of the email address / UPN)
- OU                             ( This is the Organizational Unit of where you are creating the user)
- Password                   ( This is a temporary password only and needed for Local mailbox creation)



Although that is the minimum that is needed to actually create a mailbox, you would in normal practice use FirstName and LastName for ease of management.

Things to be aware of when updating the spreadsheet for Office 365 User mailboxes.
Name
- This becomes the Display Name of the user's mailbox

UPN
- This becomes the login ID which needs to match the Primary SMTP address

Alias
- Ensure this matches the start for the email address / UPN

OU
- Ensure the Organisational Unit is correct

Password
- The script needs a password to create the Local Exchange mailbox. Once the mailbox is migrated to Office 365, it will then be converted to a Shared mailbox. As Shared mailboxes are disabled, the password is irrelevant, but still needed for initial creation. You will still need to abide by your password policy in local AD.

CustomAttribute1
- This can be used to simplify Enterprise Management - Link

SendAs
- Enter the UPN of the user (or email address of group) that needs Send As permission to the mailbox

FullAccess
- As this will be ultimately be converted to a Shared mailbox, you will need to have a user assigned the Full Access permission for it to be accessible.
- Enter the UPN of the user (or email address of group) that needs Full Access permission to the mailbox

SendOnBehalf
- Enter the UPN of the user (or email address of group) that needs SendOnBehalf permission to the mailbox

Manager
- Enter the Alias of the Manager (this is usually the UPN without the domain name.
- - Example
- UPN / Email address of the Manager - user.101@teamterry365.com
- Alias of the Manager - user.101

Country
- Note that you must use the two character code for the Country - Link
- - Example -
- AU - Australia
- US - United States

The other fields are plain text fields which are self explanatory
- FirstName
- LastName
- City
- Company
- Department
- HomePhone
- MobilePhone
- Office
- OfficePhone
- StreetAddress
- State
- PostalCode
- HomePage
- Fax

Once you have finished creating your csv file, save as C:\Scripts\RemoteSharedMailboxes.csv









Note that if you would like to save the script in a different location - you can easily edit the script variable as below.

Original script

Updated script with new csv location.

-------------------------------------------------------------------------------------------

Updating the script variables with your Migration Endpoint and Tenant details

The script needs your migration endpoint details to enable a successful migration.
The Migration endpoint was discussed in Part 05 of the Hybrid Management tutorials - Link
The migration endpoint is usually the external FQDN of your on-premises Exchange.
Please see below for the migration endpoint I used in the earlier tutorial









I have previously determined that my migration endpoint matches the FQDN of my on-premises Exchange and is - mail.teamterry365.com

The second variable that is needed to be updated is your Tenant.

The third variable is the time delay in seconds to allow for the migration of the mailboxes to Office 365. I have created the script with a 600 seconds (10 minutes) delay, and this works perfectly in my test environment with my Internet. If you need to increase the delay time, edit this variable.

Note the red highlighted areas which contain the three variables that need to be edited and saved.












Now update the highlighted fields below with your environment details
$MigrationEndpoint = "mail.domain.com"
$Tenant = "tenant"
$Delay = "600"








Example updated details for my test environment
$MigrationEndpoint = "mail.teamterry365.com"
$Tenant = "hybrid0617"
$Delay = "600"

Save your updated script - New-RemoteSharedMailbox-v-1-xx.ps1

-------------------------------------------------------------------------------------------

Running the scripts for Remote (Office 365) Shared Mailbox creation

Connect to your local Exchange, AD and Azure AD Connect server using this tutorial -
- How to connect to Hybrid Exchange - Office 365 - Azure AD and Local AD via PowerShell - Link

Run the script -
Open PowerShell ISE and connect using my Hybrid Connection script (above).
Open the folder - and drag the script - New-RemoteSharedMailbox-v-x to PowerShell ISE








Once you have updated your csv (as previous), you can simply run the script by clicking the Play arrow.

When the script runs, you will see that it has created the mailboxes.
There will be a delay while it sets delegate permissions if specified.
After the delegates are assigned, the script will continue and synchronize the account to Office 365 and also create a mailbox in Office 365.












The text with 'RunspaceID and Result  : Success' is displayed after Azure AD Connect (DirSync) has successfully synched the objects to Office 365.





The script will now sleep for five minutes to allow for Office 365 to update the objects.

After the five minute delay, the script will begin to migrate the newly created Local Exchange mailboxes to Office 365.

The mailbox move configuration will appear on the screen (there is a large amount of text for each mailbox)








After the move configuration text, you will see the text -
"Mailboxes are now migrating. Please be patient while they move."







After 10 minutes (or the configured 'delay' time you set), the message will appear -
"Please wait while I change the mailbox type to Shared".



After that the following message will appear -




Please note that I have not built error checking into my script, so it is important to confirm the mailboxes have created successfully.

-----------------------------------------------------------------------------------------------------

Confirming creation of mailboxes
Log in to the Office 365 - Exchange Online EAC and confirm that Shared mailboxes have been created that correspond to the Remote Shared Mailboxes in the spreadsheet.

You can also confirm the successful setting of delegated permissions by checking the mailboxes.












Check Local Exchange -
As this mailbox was migrated from local Exchange to Office 365, it will appear as an Office 365 mailbox under the Mailboxes section.









Confirm delegates with Full Access can access the Office 365 Shared mailbox
To confirm that the mailbox has created successfully in Office 365, log in to the Office 365 Portal with the credentials and password that were in the spreadsheet.

In this tutorial, the user - User.105 has Full Access to the Office 365 Shared mailbox - CloudShared.401 . To test access, we will log into the Office 365 portal as User.105 and then access the mailbox via OWA.










Once logged in to OWA, the delegate with Full Access can access the Shared mailbox by clicking their user icon. Once the 'blade opens, the delegate can then click 'Open another mailbox'.










In the 'Open another mailbox' dialog box, enter the email address of the Shared mailbox that the delegate has access to. Then select the Shared mailbox. Click 'Open'












A new tab will appear in the browser. You can then switch between the User mailbox and the Shared mailbox by selecting the appropriate tab.








----------------------------------------------------------------------------------------------------------

Congratulations -
You have successfully created Office 365 Shared Mailboxes via PowerShell

------------------------------------------------------------------------------------------------------------

Troubleshooting - 

Error -
Something went wrong.
We couldn't find a mailbox for this recipient. Either they don't have a mailbox or don't have a license assigned.

Issue -
I experienced this error when the delegate with Full Access was still on the local Exchange servers (not yet migrated).

Resolution -
The issue was resolved once I migrated the delegate with Full Access to Office 365.

No comments:

Post a Comment