Jun 26 2020 10:10 AM
Hi,
So I currently have a hybrid Exchange setup. As a test I deleted an on-prem user which in turn deleted the mailbox in exchange online.
I then created a new account in Azure/O365 and tried to reconnect the old mailbox to this new account with the following:
PS C:\Users\mark> New-MailboxRestoreRequest -SourceMailbox b432c9c9-c162-4788-8d01-492aa5a35bbc -TargetMailbox 9dcd79ba-
b5eb-4a56-8b01-9c5c8fb55dd1
However I received the following message:
Source mailbox's legacyExchangeDN '/o=ExchangeLabs/ou=Exchange Administrative Goup
(FYDIBOHF23SPDLT)/cn=Recipients/cn=e833cbc5ffed497397c623443b8425ef-Johnny Five' doesn't match the legacyExchangeDN or
X500 proxy for target mailbox 'Johnny Five'. Use the 'AllowLegacyDNMismatch' switch if you want to allow this
operation.
+ CategoryInfo : InvalidArgument: (9dcd79ba-b5eb-4a56-8b01-9c5c8fb55dd1:MailboxLocationIdParameter) [New-
MailboxRestoreRequest], NonMatchingLega...SwitchException
+ FullyQualifiedErrorId : [Server=LO3P123MB3034,RequestId=4f8b4fbf-8d4f-4ef5-a994-53d691807686,TimeStamp=23/06/202
0 12:32:15] [FailureCategory=Cmdlet-NonMatchingLegacyDNPermanentUseSwitchException] A90C5DD1,Microsoft.Exchange.Ma
nagement.Migration.MailboxReplication.MailboxRestoreRequest.NewMailboxRestoreRequest
+ PSComputerName : outlook.office365.com
Is it safe to use the AllowLegacyDNMismatch switch or will this cause me issues. I want to do this process so I can move to be completely cloud based and not require my on-prem accounts if that make sense.
Any help is appreciated
Thanks
Mark.
Jun 26 2020 10:47 AM - edited Jun 26 2020 10:50 AM
Solution
Easiest way to go completely cloud only is to disable directory sync tenant wide using PowerShell as per the following link;
https://docs.microsoft.com/en-us/office365/enterprise/turn-off-directory-synchronization
This is only suitable if you are completely prepared for cloud only identity for all of your O365 objects however.
If you needed to do this on a per user basis, then the simplest way is to do what you did and delete the on-prem account, then wait for the sync. The O365 account will move from Active Users to Deleted Users. You may then choose the option to restore the user which will recreate it as a cloud only object.
If you have Exchange Hybrid, be careful of your mail flow though. Make sure you take this into consideration too.
Jun 26 2020 11:40 AM
Thanks for your reply. If I do that won't that mean the accounts will still show as Windows Server Accounts in Azure and then also mean I'm restricted on what I can edit for those users and mailboxes?
I may be using the incorrect term with Hybrid as all my mail routing is already directly to O365 the only thing I have left is an SBS box with the users that are sync'd with AD Connect and the Exchange which is only use to administer the Exchange properties of those users.
Is that error I received something I need to be concerned with or can I go though the process and use
AllowLegacyDNMismatch switch to proceed?
As far as I'm aware I believe I have everything in place to be fully cloud, like I said the on-prem SBS box isn't really doing anything now and I'm keen to remove it from my setup gracefully than have to try and unpick something if it fails on me at some point.
Thanks for your time and reply.
Mark
Jun 26 2020 01:13 PM
No, the opposite would be true. The accounts would be cloud only and completely manageable from the O365 portal / Azure AD with no reliance to on-premises.
I've never done what you are trying to achieve using your method so I can't comment to that. However, you could test the experience with a test account to check what the impact would be.
Jun 26 2020 02:05 PM
Oh right ok, so if I understand correctly if I follow that article you have referenced the account that have sync'd into Azure from my On-Prem will automatically change and the source in Azure Active Directory will change from Windows Server AD to Azure Active Directory and then I can decommission the on-prem server simple as that?
I'd rather do this the correct way rather than the way I discovered.
Thanks
Mark
Jun 27 2020 01:21 AM
Absolutely correct yes. Done it many times this way and it works great! If your mailflow is already pointed to Exchange Online too then you are good to go with this.
Jun 26 2020 10:47 AM - edited Jun 26 2020 10:50 AM
Solution
Easiest way to go completely cloud only is to disable directory sync tenant wide using PowerShell as per the following link;
https://docs.microsoft.com/en-us/office365/enterprise/turn-off-directory-synchronization
This is only suitable if you are completely prepared for cloud only identity for all of your O365 objects however.
If you needed to do this on a per user basis, then the simplest way is to do what you did and delete the on-prem account, then wait for the sync. The O365 account will move from Active Users to Deleted Users. You may then choose the option to restore the user which will recreate it as a cloud only object.
If you have Exchange Hybrid, be careful of your mail flow though. Make sure you take this into consideration too.