Permanently Clear Previous Mailbox Info
Published Jan 17 2018 12:11 PM 308K Views

We are introducing a new parameter that can be called by using the Set-User cmdlet in Exchange Online PowerShell. The feature is focused for customers doing migration of on-premises mailboxes to the cloud and you will be able to use it within three weeks or so (Edit 1/19: we updated this due to slower than expected rollout): Customers who have Hybrid or on-premises environments with AAD Connect / Dir Sync may have faced the following scenario:

  1. User Jon@contoso.com has a mailbox on-premises. Jon is represented as a Mail User in the cloud.
  2. You are synchronizing the on-premises directory to the cloud in preparation to migrate to Exchange Online.
  3. Due to issues with the on-premises sync or due to a configuration problem, the user Jon@contoso.com does not get the ExchangeGUID synchronized from on-premises to the cloud.
  4. If the Exchange GUID is missing from the object in the cloud, assigning an Exchange license to Jon@contoso.com will cause Exchange Online to give the user a mailbox, converting the object from a Mail User to a User Mailbox. (Adding the license is a step required for the migration of the mailbox from on-premises to the cloud.)
  5. The end result is the user that has 2 mailboxes: one on-premises and one in the cloud. This is not good. Mail flow issues will follow.

Those doing these types of migrations will know that the ExchangeGUID value is very important as it helps Exchange Online identify that the user has a mailbox on-premises, and if an Exchange license is assigned in the cloud, a new mailbox should not be created. The immediate fix for this situation is to remove the Exchange License from Jon@contoso.com. This will convert the cloud object for Jon back to a Mail User. Mail flow should be restored at this point. The problem now is that you have an “unclean” cloud object for Jon. This is because Exchange online keeps pointers that indicate that there used to be a mailbox in the cloud for this user:

PS C:\WINDOWS\system32> Get-User Jon@contoso.com | Select name,*Recipient*
Name PreviousRecipientTypeDetails RecipientType RecipientTypeDetails
---- ---------------------------- ------------- --------------------
Jon UserMailbox MailUser MailUser

Re-assigning the license after that will always err on the side of caution and Exchange Online will try to re-connect the (duplicate, temporary) mailbox in the cloud (and mailboxes can be reconnected for 30 days). Therefore Jon’s account in the cloud can’t be licensed in preparation for migration. Up to now, one of the few options to fix this problem was to delete *only in the cloud* Jon’s object and re-sync it from on-premises. This would delete jon@contoso.com from the cloud – but from all workloads, not only Exchange. This is problematic because Jon could have his OneDrive or SharePoint data in the cloud only and deleting his account means that this will be deleted too. If the account is then re-created, Jon and the tenant admin would have to work to recover to his new account all the data he used to have in OneDrive or SharePoint just because Exchange data needed to be “cleaned up”. The new parameter in the user cmdlet will allow tenant admin to clean up Exchange Online Jon’s object without having to delete it. To clean the object, you can run the following command:

PS C:\> Set-User Jon@contoso.com -PermanentlyClearPreviousMailboxInfo
Confirm
Are you sure you want to perform this action?
Delete all existing information about user “Jon@contoso.com"?. This operation will clear existing values from Previous home MDB and Previous Mailbox GUID of the user. After deletion, reconnecting to the previous mailbox that existed in the cloud will not be possible and any content it had will be unrecoverable PERMANENTLY. Do you want to continue?
Yes  Yes to All  No  No to All  [?] Help (default is "Y"): Y

Executing this leaves you with a clean object that can be re-licensed without causing the 2-mailbox problem. Now you can on-board Jon’s on-premises mailbox following the usual steps. An alternative – a call to support to do the clean-up for you - is also not needed. Remember, cleaning up the user means that the older associated disconnected (duplicate) cloud mailbox is not recoverable. If you want to keep it or be able to check it’s content, we recommend using Soft Deletion or Inactive Mailboxes to keep the mailbox.

Note: This command is expected to be executed when you have an on-premises mailbox and a mailbox in the cloud for the same object due to bad AAD Connect configuration, to clean the object that can be re-licensed. The procedure allows you get out of the dual mailbox state and enable you to re-try on-boarding the mailbox immediately.
If you execute this for a user whose mailbox is cloud only after delicensing the user (and intend to later re-license the same user and expect to have a new clean mailbox for the user) - then this will not happen immediately. To avoid potential loss of mailbox data due to unintended/mistaken execution of the command, we retain the mailbox data for 30 days so that you may recover it. If your intention is to clean-up cloud only mailbox then you may hard delete the user account to re-create a clean mailbox.

Mario Trigueros Solorio

32 Comments
Not applicable
I have been in this scenario where a directory sync misconfiguration allowed Exchange Online to provision mailboxes instead of mail users and I can confirm, it was pretty hard to recover from this situation. This new feature is definitely an improvement. Implementing the feature as a switch for Set-User does not feel very intuitive though, but I like the clear warning text that's presented before asking confirmation.
Not applicable
I could have used this in my last migration project! It would have made things a lot easier. Thanks for adding this new switch.
Not applicable
Welcome addition to the service. I run into this a fair amount with clients; this will save a ton of time/effort.
Not applicable
I'm currently in this scenario, but moreso because the guy before me, decided to create Exchange accounts in O365 prior to Azure AD Connect setup. I've had to script the clean up and yes, it's not good as you lose so much more than just the mailbox. This new command will be very useful, shame it's not out earlier, as I could have tested it, this week.

Thanks and nice work!

Not applicable
This is a welcome addition, but the mailbox that was provisioned prematurely might now have stuff in it. it would be great if there was a way to restore the content from the smaller mailbox and merge it with the larger, with minimal code. Also, I've found that many of the times mailboxes are provisioned prematurely are related to the wrong immudableID flowing in a linked mailbox scenario. In that case, we're still required to hard-delete the cloud user.

Honestly, a better fix would be to allow us to disconnect the SPO workloads from the aAD object. We have several tools with Exchange, but those guys don't seem to acknowledge the problem.

Copper Contributor

I was hopeful that this was the answer to my problem, but I get "Command completed successfully, but no user settings were changed." Still can't sync due to "Target user already has a primary mailbox". Users have significant OneDrive and Sharepoint content, so account delete is not a great option. Any insight would be appreciated.

Copper Contributor

@tguarriello we are in exactly the same boat and get the same "no user settings were changed". Did you or anyone else ever resolve this satisfactorily to be able to keep the previous OneDrive etc. account data? Any help would be much appreciated. Thanks

Copper Contributor

@tguarriello @TOPIT : Did either of you find a solution to this?

 

I have tried many ways to remove the users Exchange license, but it doesn't actually seem to do anything. All the cmdlets claim the licence is still there, yet the Admin panel says it is gone. I am unable to use PermanentlyClearPreviousMailboxInfo or even Disable-Mailbox.

 

Is there a delay between removing the license and the decommissioning workflow? Or should it be fairly immediate?

 

The only way I seem to be able to resolve this is to completely remove the MSOL user. Does anyone have any current info on this? Thanks.

Copper Contributor

@Brad_Reeve 

 

You need to remove the Exchange Online license, then in Exchange Online Powershell enter the cmdlet.

 

Set-User Jon@contoso.com -PermanentlyClearPreviousMailboxInfo

 

Reassign Exchange Online license

Copper Contributor

@mmomyI have tried to remove Exchange Online licence, after that I ran the command:

 

Set-User Jon@contoso.com -PermanentlyClearPreviousMailboxInfo

But still getting "WARNING: The command completed successfully but no settings of 'Jon' have been modified"

 

Is there a delay between removing the license and the decommissioning workflow? Or should it be fairly immediate?

 

Because - After i re-assigned the Exchange Online licence, the mailbox is still not visible in EAC.

Copper Contributor

When I try to set-user xx@example.com -PermanentlyClearPreviousMailboxInfo there is an error:

 

A parameter cannot be found that matches parameter name 'PermanentlyClearPreviousMailboxInfo'.
+ CategoryInfo : InvalidArgument: (:) [Set-User], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Set-User
+ PSComputerName : outlook.office365.com

 

Just using set-user xx@example.com gives a warning that no setting has been changed. When I use get-user I can see the user has an UserMailbox in PreviousRecipientTypeDetails.

 

How can I get rid of this old mailbox. The User is still On-Premises and everytime I try to setup outlook the user gets connected to the empty online mailbox :sad:

 

Copper Contributor

Found a solution... set-user with  -PermanentlyClearPreviousMailboxInfo works when using the Exchange Online PowerShell V2 module.

Copper Contributor

This procedure does nothing for me:

 

  1. Remove the user's license.
  2. Run Get-Mailbox <user> until it returns an error indicating the mailbox doesn't exist. This is my proxy for knowing that the back-end replication has completed.
  3. Run Set-User -PermanentlyClearPreviousMailboxInfo. This completes with no errors or warnings.
  4. Add the user's license.
  5. Run Get-Mailbox <user> until it returns the mailbox object. As with Step 2, this is just a proxy.
  6. Log in as <user>. The mailbox is the same one I started with.

My expectation is that at Step 6, I log into a fresh mailbox. Is that expectation wrong?

Copper Contributor

Hi,

i tried this for two days now. i create new users with on premise mailboxes and online mailboxes.
this cmd is not working, the user mailbox data is not cleared at all.

 

I read on several other sites, that i need to remove the Exchange Online (Plan 2) license.

I tried this in the Office 365 Admin center / Users / licenses and i tried this with powershell.

 

It seems, that it´s not possible to remove a assigned Exchange Online (Plan 2) without removing Offce 365 E3 license and loose all data...

can you verifiy ? 

Brass Contributor

I had this issue ... Tech support had no idea how to fix it.

I found this article and they even told me not to do it. As they couldn't give a reason I tried it with a "less important" account.

 

It was simple, easy and worked.

 

The steps from support were:

As the users which are having mailboxes both in cloud as well as in on premises was due to assigning the license to those users before syncing it to Exchange on premises and then after syncing the exchange on premises with cloud it resulted in soft match which in turn resulted in two mailboxes. The steps that should be done to avoid it are:

  • Remove the license of the users who have two mailboxes (both in cloud and in on prem)
  • Then move those users in non sync OU in Active directory
  • Then hard delete those users from the cloud
  • Then move the users back to syncing OU in Active directory and then run delta sync
  • This will remove the mailbox from the cloud

Happy to supply Case number off-line if you want it. @The_Exchange_Team 

Brass Contributor

@chad512 

If the mb is on-premises, it's still there.

Go here - https://admin.microsoft.com/AdminPortal/Home#/users

Select the user > then the mail tab

Should say something like:

This user's on-premises mailbox hasn't been migrated to ‎Exchange Online‎. The ‎Exchange Online‎ mailbox will be available after migration is completed

@JuergenB 

Removing the E3 license shouldn't remove data for 30 days (if your grace period is set correctly) ... You re-add the license after killing the mailbox.

Probably a good idea to backup OneDDrive and Sharepoint data first ... I did, but they weren't touched

Copper Contributor

Hi all,

great article has helped me out,

 

is there a way to pipe to a list of csv users to this ?

like   import-user C;/ cc.csv | set-user -PermanentlyClearPreviousMailboxInfo

 

Paul

Copper Contributor

The command worked really fine, I could do the mailbox migration of a test user.

But know I'm having the error 550 5.1.10 RESOLVER.ADR.RecipientNotFound when I want to send an email to an on-premise user. I'do not know if may be there is an issue because this situation that originally there are mailboxes in both places, on-premise and cloud. 

Iron Contributor

I think important to mention the impacts of In-Place Hold. You must first remove any holds before complete this procedure. I found that if you have a mailbox hold the mailbox will not be soft deleted and the Set-User -PermanentlyClearPreviousMailboxInfo CMDlet will fail with "A parameter cannot be found that matches parameter name 'PermanentlyClearPreviousMailboxInfo'"which is not so intuitive. 

 

Procedure as I see it: 

  1. Backup data in mailbox! if you need it...
  2. Remove all Hold's from the mailbox. Test by trying 
    1. Disable-Mailbox <> -PermanentlyDisable 
    2. In EXO this will provide you with the Inplace policy GUID and blackarts will guide you from there ;)  (See links below) 
  3. Check DelayHoldApplied
    1. Get-Mailbox <> |fl compl*,delay*,inplace*
      These values should be set to false if not Set-Mailbox -Identity <> -RemoveDelayHoldApplied 
  4. Remove the user's license.
  5. Run Get-User RecipientType should -eq MailUser not Usermailbox
  6. Run Set-User -PermanentlyClearPreviousMailboxInfo. 
  7. Add the user's license.

If your at this point... Good luck! 

JB

 

Other helps: 

https://docs.microsoft.com/en-us/microsoft-365/compliance/identify-a-hold-on-an-exchange-online-mail...

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_exchon-mso_o365b/exchange-... 

Copper Contributor

Hint for all: You have to remove also the Teams Exploratory license.

 

Copper Contributor

I'd like to add that there is a bit of a delay between unassigning the Exchange Online license and the mailbox being deactivated.  You may need to wait a while for the user to no longer appear in the Exchange Online management page (or run get-mailbox against the user to see if the mailbox still exists in an active state). 

 

This delay ended up being why I was receiving the "no changes were made" message after running the set-user commandlet with the tag PermanentlyClearPreviousMailboxInfo.  After waiting a while for the mailbox to disappear from Exchange Online, the command worked. 

Copper Contributor

Hello Author,

 

I am putting this on behalf of my client : 

 

A number of our old mail user accounts have incorrectly received a status where their previousrecipienttypedetails attribute states that they used to be mailboxes.

This seems to be the case with older accounts and something may have caused this in IDAM in the past.PS C:\Program Files\PowerShell\7> (get-user -filter "previousrecipienttypedetails -eq 'UserMailbox'").count930

The problem is that giving a license to one of these accounts creates a cloud mailbox even if they are on-premises and have a mailbox.

 

where appropriate clear the previousrecipienttypedetails.? why this occurs?

Copper Contributor

The above command completes but doesnt actually purge the mail data :(

 

I remove the licence, wait for it to disappear from get-mailbox and run the command, its runs successfully I then wati a few mins, apply licence to the user and log back into the mailbox and all data is still there!

 

Anyone had the same?

Brass Contributor

@Theonenonly  I had same problem, the user 's Exchange Online license feature was disabled, but his mailbox is still there, and run the command didn't do anything.

 

I opened support ticket with Microsoft, and late saw the mailbox was hold by Litigation.

 

The fix is turn off LitigationHoldEnabled  first:

set-mailbox -identity $u -LitigationHoldEnabled $false

## might need to wait for a bit.


Set-User $u -PermanentlyClearPreviousMailboxInfo -confirm $false

 

Copper Contributor

This process doesn't work if the online mailbox is being used as the archive for Teams chats (the online mailbox is hidden for an on-prem Exchange, except in this silly case) AND you have a Teams retention policy enabled.

Copper Contributor

Case

Users have mailbox on-prem and in EXO(not used). In order to migrate user, the EXO mailbox needs to be removed.

Mailbox didn't go away; I was running command Set-User xxxxx-PermanentlyClearPreviousMailboxInfo.
Nothing happends.

Solution

It all worked out after I removed the "Information Protection for O365 – Standard and Exchange Online license”. Then mailbox disappeared immediately, and users could be migrated from on prem to EXO.

Hold

Mailbox may have some lock on it.

Get-mailbox xxxxx | select UserPrincipalName, name, RecipientType, *Hold*

Set-Mailbox xxxx@xxx -RemoveDelayHoldApplied

Copper Contributor

I know this was originally meant to aid in migrating Exchange on premise users to Exchange Online; however, the same use case exists today for migrating Google Workspace to Exchange online.

 

If anyone from the @The_Exchange_Team is reading, is it possible to accomplish the same result (i.e.-PermanentlyClearPreviousMailboxInfo) during a Google Workspace to Exchange Online migration?

 

I suspect there might be quite a few customers who:

 

  • Use Googe Workspace for Mail and Calendar
  • Use Microsoft Teams, and therefore have cloud licenses for Exchange online for all or most users
  • Use M365 apps like Word, Powerpoint, and Excel online
  • Likely have Sharepoint and maybe even OneDrive content that can't be deleted
  • Later decide to migrate from Google Workspace to Exchange for mail and calendar
  • Are now stuck wondering if the migration tool will work or not, as all users already have mailboxes

 

 

Iron Contributor

There is a few variables here but if the users already have a mailbox setup that shouldn't prevent you from doing a Gsuite migration to Exchange Online. In fact giving them a license and setting up mailbox/forwarding is the first step. 

 

reading the tea leaves... if you need to sync local AD users to Azure AD use hard match to match your existing cloud only objects. 

 

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/hybrid-identity-getting-user...

Copper Contributor

Thanks for the reply, but is that really the first step? Or I might have missed it?

 

I'm referring to this migration guide which gives the following pre-requisites:

The provision users section says:

 

Before proceeding with either method, make sure that Mail Users have been provisioned for every user in the organization who will be migrated (either now or eventually). If any users aren't provisioned, provision them using the instructions in Manage mail users.

What's interesting is the paragraph that follows that one.

 

For more advanced scenarios, you may be able to deploy Azure Active Directory (Azure AD) Connect to provision your Mail Users. See Deploy Microsoft 365 Directory Synchronization in Microsoft Azurefor an overview, and Set up directory synchronization for Microsoft 365 for setup instructions. Then, you need to deploy an Exchange server in your on-premises environment for user management, and mail-enable your users using this server. For more information, see How and when to decommission your on-premises Exchange servers in a hybrid deployment and Manage mail users. Once the Mail Users have been created in Microsoft 365, the Azure AD Connect may need to be disabled in order to allow the migration process to convert these users into mailboxes - see Turn off directory synchronization for Microsoft 365.

I hadn't thought of it before, but connecting the above paragraph with the scenario I mentioned and this blog post almost seems to suggest that the workaround is setup an Exchange on premise server! It would be nice if there was a better way of course; that's a lot of rigaramole.

Copper Contributor

The command  Set-User email address removed for privacy reasons -PermanentlyClearPreviousMailboxInfo does not clear the "MailboxLocations" from the EXO.

 

I had problem when migrating an on prem mailbox to EXO (hybrid). User A was offboarded and disabled on the on-prem. The disabled user A's mailbox is connected to user B. Now, user B has the ExchangeGUID of user A which is correct.

After the delta sync, when I run the migration of user B to EXO I get the below error.

Error: RecipientGuidMismatchPermanentException: Recipient's GUID '00000000-0000-0000-0000-000000000000' does not match the expected value 'xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx'. This issue could occur if mailbox guid 'xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx' is stamped on multiple recipients. Check for the potential mailbox guid conflict, eliminate it and try again.

 

So to identify which recipient has the same mailbox GUID I ran get-recipient 'xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx' and the result gave me only user B.

But when I run get-user 'xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx' then it showed me both user A (mailuser) and user B (mailuser). 

I deleted User A from Azure AD and then started the migration for user B and it went ok.

User A MailboxLocations has a stamp of mailboxGUID 'xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx' which was casuing the conflict. 

 

Copper Contributor

Hi, i have tried everything in this post and lots of other posts. But i cant change MailUser to UserMailbox

I have removed license and waited overnight before running the PermanentlyClearPreviousMailboxInfo but its still MailUser. I dont get any errors and . Users that where made in the cloud and not onprem is working. The onprem isnt available so i have run


Set-MsolDirSyncEnabled -EnableDirsync $False

and

Set-MsolDomainAuthentication -DomainName <YourO365Domain.com> -Authentication managed

 

This is a user that was made in the cloud and working

 

"

PS C:\Windows\system32> get-exorecipient email address removed for privacy reasons


ExternalDirectoryObjectId : 11111111-ab97-44e4-81ac-000000000000
Identity : Yyyyyy
Alias : Yyyyyy
EmailAddresses : {SIP:email address removed for privacy reasons, SMTP:email address removed for privacy reasons, SPO:SPO_11111111-0000-40c7-ba4c-cdf
26ac1eb49@SPO_00000000-0010-4e37-a6aa-111111111111}
DisplayName : Yyyyyy
Name : Yyyyyy
PrimarySmtpAddress : email address removed for privacy reasons
RecipientType : UserMailbox
RecipientTypeDetails : UserMailbox
ExchangeVersion : 0.20 (15.0.0.0)
DistinguishedName : CN=Yyyyyy,OU=xxxxx.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=NORP
xxxxxxx,DC=PROD,DC=OUTLOOK,DC=COM
OrganizationId : NORPxxxxxxx.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/xxxxx.onmicrosoft.com
- NORPxxxxxxx.PROD.OUTLOOK.COM/ConfigurationUnits/xxxxx.onmicrosoft.com/Configuration

"

 

This is a user that was made onprem and dont get mailbox

"

PS C:\Windows\system32> get-exorecipient email address removed for privacy reasons


ExternalDirectoryObjectId : ffffffff-0dd5-4cfd-bd03-ffffffffffff
Identity : Xxx Xxxx
Alias : xxxx
EmailAddresses : {SIP:email address removed for privacy reasons, SMTP:email address removed for privacy reasons, X500:/o=Xxxx Exchange/ou=Exchange Administrative G
roup (FYDxxxxxxxxxxxx)/cn=Recipients/cn=Xxx Xxxx13b}
DisplayName : Xxx Xxxx
Name : Xxx Xxxx
PrimarySmtpAddress : email address removed for privacy reasons
RecipientType : MailUser
RecipientTypeDetails : MailUser
ExchangeVersion : 0.20 (15.0.0.0)
DistinguishedName : CN=Xxx Xxxx,OU=xxxxx.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=N
ORPxxxxxxx,DC=PROD,DC=OUTLOOK,DC=COM
OrganizationId : NORPxxxxxxx.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/xxxxx.onmicrosoft.com
- NORPxxxxxxx.PROD.OUTLOOK.COM/ConfigurationUnits/xxxxx.onmicrosoft.com/Configuration

"

Copper Contributor

Hello,

 

I have a number of 365 accounts created prior to setting up the Hybrid with my on premise Exchange Server.  We want to keep mailboxes on the on premise server.  We set up the Hybrid configuration in an attempt to get Calendars in Teams to sync with the on premise mailbox.  This functionality works if I create a new user locally however the 80+ users that had 365 mailboxes created previously are not so lucky.

 

If I delete the online mailbox using this procedure, it works, the mailbox gets deleted online, I can confirm by going into the mail tab of the user and I get the message "This user's on-premises mailbox hasn't been migrated to ‎Exchange Online‎. The ‎Exchange Online‎ mailbox will be available after migration is completed"

 

However, for these users the Teams calendar sync does not work while it does work with newly created users.  Obviously since this functionality works with new users there must be something else that needs to be done with these users whose online mailboxes get deleted with this method.

 

Do you have any suggestions?

Co-Authors
Version history
Last update:
‎Jul 16 2021 08:08 AM
Updated by: