Forum Discussion
Keep user account but provision new empty mailbox
i did ask in another forum but thought i would ask here as it seems impossible...
we are hybrid exchange. We have litigation hold and purview retention policies in place. We have a scenario where an existing user is moving to a new role and her existing mailbox needs to be dissociated from her AD account and a new clean mailbox provisioned. The original mailbox needs to stay as inactive and searchable via ediscovery.
Is it possible? I have asked AI and its said:
- Make sure all the holds and retention policies are in place
- Move the AD account to a non-syncing OU and run a delta sync
- The mailbox should show as inactive in exchange online
- Then it tells me to run Set-User <UserUPN> -PermanentlyClearPreviousMailboxInfo but ONLY if the recipient type shows as MailUser or User
This is where i am stuck as it is still UserMailbox. It told me to restore the cloud only object which i did. But it still shows as RecipientType = UserMailbox when i check. Its now just a cloud only account, it has no license. The mailbox is inactive but its still a UserMailbox
Is what i am trying to do possible? Would now just changing the cloud only account to have a new email address be the only way to retain it and then sync back the on-prem account?
2 Replies
Recipient Type is usually defined by your Users attributes. If the user is synced, those attributes reside in local AD and are managed by Exchange Hybrid server.
while
Set-User <UserUPN> -PermanentlyClearPreviousMailboxInfo
is usually run in EXO to wipe a users mailbox after detaching his license, it should not have an impact on the attributes that define your recipient type. this could be changed by converting a mailbox via Exchange or by a hard overwrite of the property.. but I don`t think that is what you want to achieve
Running
Set-User <UserUPN> -PermanentlyClearPreviousMailboxInfo
for a cloud mailbox in EXO shell might kill the entire mailbox.
usually, such mailboxes are exported (e.g. as PST) and parked. other common way of dealing with this is archiving the mailbox (by mailbox archiving solution). but this doesn`t fully separate old from new mailbox data, as long as the user still has the same mailboxGUID, which you might want to recreate afterwards (also be careful with self service archives where user could restore by himself)
keeping an existing cloud mailbox and disconnecting it from the user object that you want to keep (in AD and M365) is only possible, if you fully split your M365 synced user from your local AD user (cloud synced mailbox => this requires you to change proxyaddresses & UPN in cloud after doing so. Also all permissions in SharePoint, Teams are then still bound to the separated cloud only user, as well as all his calendar data and contacts.
IMHO it is always recommended, to create a new ADUser in such cases if your plan is to separate things from another. if you are separating (mailbox) data from old and new user, you usually also want to ensure he has new & clean permissions, proper GPOs and doesn't have access to all files he had in the past
to do so, old User needs different properties (UPN, Mailaddresses), so that they can be attached to a new user.
Also if you create a new mailbox, you might still need to "migrate" contacts and calendar. User could also export those by himself if he was warned and informed how to do so.
