Our community of experts have been thoroughly vetted for their expertise and industry experience.
Published:
Updated:
Browse All Articles > Provision New Office 365 User and Mailbox from Exchange Hybrid via PowerShell
In this article, we create a user in the on premise AD with a remote mailbox from the on premise Exchange hybrid server, make sure the user is synchronized from on premise to O365, and finally assign a location and license in O365 to give the user the ability to use their new resources.
There are many cases in which I receive queries on how to go about provisioning users and mailboxes for an Exchange hybrid deployment with Office 365 (O365). I receive just about as many requests for a script to perform the task. Well, I don’t write scripts but I do know the process to create users and mailboxes that will sync to O365 from on premise Active Directory (AD).
To begin with, let’s assume a couple things.
We have a Windows 2012 R2 member server with Azure AD Connect (AAD Connect) version 1.1.105.00 (or newer) and the Azure AD Module for PowerShell installed; and
We have an Exchange 2013 CU11 (or newer) server configured for hybrid with an active O365 tenant.
Now that we’ve established a baseline, there are a couple of options to perform the task of provisioning an AD user, creating a mailbox, and assigning an Office 365 license.
The first option would be to create an AD user, create an on premise mailbox, migrate the mailbox to Office 365, and assign a license; or
The second option would be to create an AD user, create a remote (or Office 365) mailbox, and assign a license.
In this article, I will cover the second option simply because it includes fewer steps and attempts to avoid confusion around where the mailbox should be created.
IMPORTANT: Do not create an AD user and then go to the Office 365 portal to create a new user and associated mailbox. This method will not properly create ;a synchronized O365 user and mailbox.
STEP 1: CREATE USER & MAILBOX
From the Exchange server, I first create the AD user with remote mailbox using one command via Exchange Management Shell (EMS or Exchange PowerShell).
In the command above, I created the AD user in an OU named “Office 365 Users”, set the password to “EnterPasswordHere”, and will require the user to change their password at next logon. However, I did not assign an SMTP address or remote routing address assuming that the email address policies are configured to be applied as new mailboxes are created.
STEP 2: SYNCHRONIZE USER
Once the AD user and mailbox are created, the AD object must to be synchronized to O365 in order to add the user with associated mailbox in the tenant. With the new version of AAD Connect, the scheduled sync time occurs every 30 minutes. In my case, I’m not that patient and will manually force a sync to O365.
From the server with AAD Connect installed, via an elevated PowerShell console, run the following command to perform the sync to O365.
The AccountSkuId will look something similar to “tenantname:ENTERPRISEPACK“; where “ENTERPRISEPACK” represents my Office 365 Enterprise E3 subscription. Other subscriptions will have different representations.
Before I can assign any licenses to my new user, the user must be assigned a location (or country code). Since I’m am located in the United States, I use “US” as the two letter country code for the user, using this command:
Set-MsolUser -UserPrincipalName User1Test@domainname.com -UsageLocation US
Finally, the user can access their assigned mailbox in Exchange Online.
CONCLUSION
In this article, we created a user in the on premise AD with a remote mailbox from the on premise Exchange hybrid server, made sure the user was synchronized from on premise to O365, and finally assigned a location and license to give the user the ability to use their new O365 resources.
Comments (0)