Managing Distribution Lists on-premises in hybrid Office 365

A simple way for your users to manage distribution list membership with hybrid Office 365 environments with Active Directory on-premises, Azure AD Connect synced to Azure AD and Exchange Online.

With Exchange on-premises, users may be used to managing Distribution Lists (DLs), using Outlook to open the DL and edit the group membership that they are the owners of. However, once you move to Exchange Online, these can no longer be managed using Outlook, since the DL is synced from your on-premises AD, and cannot be edited in Azure AD. So, the DL has to be managed in your on-premises AD. Your help desk can do this with Exchange Admin tools, however, it is not very convenient for users to have to call the help desk every time that they want to edit DL membership.

The issue is documented here: https://support.microsoft.com/en-gb/help/2417592/owners-of-an-on-premises-distribution-group-that-s-synced-to-office-36, however, Microsoft do not offer any solutions. This is a workaround we use to enable your users to manage DL membership with no special tools, in a manner which is easy to use.

Edit your DLs to make them manageable

First, you need to make sure that your DLs are editable by the owners. Check the box below, or do this using PowerShell e.g. https://blogs.technet.microsoft.com/blur-lines_-powershell_-author_shirleym/2013/10/07/manager-can-update-membership-list-part-1/

Create a shortcut to Search Active Directory

This works on any Windows machine, and you do not need any AD tools installed.

  • Right click on your desktop or in a folder
  • Choose Create new shortcut
  • Enter rundll32.exe dsquery,OpenQueryWindow as the location

Now just run your shortcut, and if you are the owner you can edit the DL membership. You could also deploy the shortcut via SCCM or GPO to make this easy for users. You can also find this via the

Note that you can also do this as follows, but this is less than ideal and will usually result in an error when selecting the Network in Windows Explorer:

· Open Windows Explorer.
· Click Network in the bottom left, and press OK to the error message that pops up
· Click Search Active Directory at the top

Recipient Type Values in Active Directory

Recipient Type Values

Technical Level : Intermediate

Summary

Both mailbox creation and deletion failure scenarios heavily involve verifying the current recipient type values across all directories – especially in a directory synchronised environment. For example; if a user is listed on-prem as a remote mailbox with a cloud archive, then you should expect EXO to have a primary and an archive mailbox for this user. If it doesn’t, then troubleshoot for a synchronisation failure somewhere between on-prem and EXO.

The three attributes you will be dealing with are the following, and there are many possible values for each:

  1. msExchRemoteRecipientType
  2. msExchRecipientDisplayType
  3. msExchRecipientTypeDetails

Details

  • msExchRemoteRecipientType
RemoteRecipientType (in PowerShell)

Note: You should only see the above value populated if the customer has a directory sync’d environment, and they either migrated a mailbox to the cloud or if they used new-remotemailbox to provision a cloud mailbox.

1 ProvisionMailbox
2 ProvisionArchive (On-Prem Mailbox)
3 ProvisionMailbox, ProvisionArchive
4 Migrated (UserMailbox)
6 ProvisionArchive, Migrated
8 DeprovisionMailbox
10 ProvisionArchive, DeprovisionMailbox
16 DeprovisionArchive (On-Prem Mailbox)
17 ProvisionMailbox, DeprovisionArchive
20 Migrated, DeprovisionArchive
24 DeprovisionMailbox, DeprovisionArchive
33 ProvisionMailbox, RoomMailbox
35 ProvisionMailbox, ProvisionArchive, RoomMailbox
36 Migrated, RoomMailbox
38 ProvisionArchive, Migrated, RoomMailbox
49 ProvisionMailbox, DeprovisionArchive, RoomMailbox
52 Migrated, DeprovisionArchive, RoomMailbox
65 ProvisionMailbox, EquipmentMailbox
67 ProvisionMailbox, ProvisionArchive, EquipmentMailbox
68 Migrated, EquipmentMailbox
70 ProvisionArchive, Migrated, EquipmentMailbox
81 ProvisionMailbox, DeprovisionArchive, EquipmentMailbox
84 Migrated, DeprovisionArchive, EquipmentMailbox
100 Migrated, SharedMailbox
102 ProvisionArchive, Migrated, SharedMailbox
116 Migrated, DeprovisionArchive, SharedMailbox
  • msExchRecipientDisplayType
RecipientType (In PowerShell)
-2147483642 MailUser (RemoteUserMailbox)
-2147481850 MailUser (RemoteRoomMailbox)
-2147481594 MailUser (RemoteEquipmentMailbox)
0 UserMailbox (shared)
1 MailUniversalDistributionGroup
6 MailContact
7 UserMailbox (room)
8 UserMailbox (equipment)
1073741824 UserMailbox
1073741833 MailUniversalSecurityGroup
  • msExchRecipientTypeDetails
RecipientTypeDetails (In PowerShell)
1 UserMailbox
2 LinkedMailbox
4 SharedMailbox
16 RoomMailbox
32 EquipmentMailbox
128 MailUser
2147483648 RemoteUserMailbox
8589934592 RemoteRoomMailbox
17179869184 RemoteEquipmentMailbox
34359738368 RemoteSharedMailbox

The following tables list what the attribute values should be across on-premises and Exchange Online for the various possible recipient types. These are taken from normal examples;

Mail Objects

Mail-Enabled User

New-MailUser 
Enable-Mailuser
Get-MailUser
Get-MailUser
objectClass: top;person;organizationalPerson; user
msExchRecipientDisplayType: 6 RecipientType: MailUser RecipientTypeDetails: MailUser
msExchRecipientTypeDetails: 128 RecipientType: MailUser RecipientTypeDetails: MailUser
Mail-Enabled Contact

New-MailContact 
Enable-MailContact
Get-MailContact
Get-MailContact
objectClass: top;person’organizationlaPerson;contact
msExchRecipientDisplayType: 6 RecipientType: MailContact RecipientTypeDetails: MailContact
RecipientType: MailContact RecipientTypeDetails: MailContact
Mail-Enabled Distribution Group

New-DistributionGroup 
Enable-DistributionGroup
Get-DistributionGroup
Get-DistributionGroup
objectClass: top;group
sAMAccountType: 268435457
groupType: 8 GroupType: Universal GroupType: Universal
msExchRecipientDisplayType: 1 RecipientType: MailUniversalDistributionGroup RecipientType: MailUniversalDistributionGroup
RecipientTypeDetails: MailUniversalDistributionGroup RecipientTypeDetails: MailUniversalDistributionGroup
Mail-Enabled Security Group

New-DistributionGroup -Type Security 
Enable-DistributionGroup
Get-DistributionGroup
Get-DistributionGroup
objectClass: top;group
sAMAccountType: 268435456
groupType: -2147483640 GroupType: Universal, SecurityEnabled GroupType: Universal, SecurityEnabled
msExchRecipientDisplayType: 1073741833 RecipientType: MailUniversalSecurityGroup RecipientType: MailUniversalSecurityGroup
RecipientTypeDetails: MailUniversalSecurityGroup RecipientTypeDetails: MailUniversalSecurityGroup

Mail Users

Mail-Enabled User

New-MailUser 
Enable-Mailuser
Get-MailUser
Get-MailUser
objectClass: top;person;organizationalPerson;user
msExchRecipientDisplayType: 6 RecipientType: MailUser RecipientTypeDetails: MailUser
msExchRecipientTypeDetails: 128 RecipientType: MailUser RecipientTypeDetails: MailUser
If Licensed

Get-Mailbox
RecipientType: MailBox
RecipientTypeDetails: MailBox

On-Premises Mailbox Objects

Mailbox (User)

New-MailBox 
Enable-MailBox
Get-MailBox
Get-MailUser
objectClass: top;person;organizationalPerson;user
RemoteRecipientType: None
msExchRecipientDisplayType: 1073741824 RecipientType: UserMailbox RecipientType: MailUser
msExchRecipientTypeDetails: 1 RecipientTypeDetails: UserMailbox RecipientTypeDetails: MailUser
Mailbox (Shared)

New-Mailbox -Shared 
Enable-Mailbox -Shared
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "SharedMailbox"}
Get-MailUser
objectClass: top;person;organizationalPerson;user
RemoteRecipientType: None
msExchRecipientDisplayType: 0 RecipientType: UserMailbox RecipientType: MailUser
msExchRecipientTypeDetails: 4 RecipientTypeDetails: SharedMailbox RecipientTypeDetails: MailUser
Mailbox (Room)

New-Mailbox -Room 
Enable-Mailbox -Room
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "RoomMailbox"}
Get-Recipient| Where {$_.ResourceType -eq "Room" -and $_.RecipientType -eq "Mailuser"}
objectClass: top;person;organizationalPerson;user
msExchResourceMetaData: ResourceType:Room ResourceType: Room ResourceType: Room
RemoteRecipientType: None
msExchRecipientDisplayType: 7 RecipientType: UserMailbox RecipientType: MailUser
msExchRecipientTypeDetails: 16 RecipientTypeDetails: RoomMailbox RecipientTypeDetails: MailUser
Mailbox (Equipment)

New-Mailbox -Equipment 
Enable-Mailbox -Equipment
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "EquipmentMailbox"}
Get-Recipient| Where {$_.ResourceType -eq "Equipment" -and $_.RecipientType -eq "MailUser"}
objectClass: top;person;organizationalPerson;user
msExchResourceMetaData: ResourceType:Equipment ResourceType: Equipment ResourceType: Equipment
RemoteRecipientType: None
msExchRecipientDisplayType: 8 RecipientType: UserMailbox RecipientType: MailUser
msExchRecipientTypeDetails: 32 RecipientTypeDetails: EquipmentMailbox RecipientTypeDetails: MailUser

Remote Mailbox

Remote Mailbox (User) – Provision

New-RemoteMailbox 
Enable-RemoteMailbox
Get-RemoteMailbox
Get-Mailbox
objectClass: top;person;organizationalPerson;user
msExchRemoteRecipientType: 1 RemoteRecipientType: ProvisionMailbox
msExchRecipientDisplayType: -2147483642 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 2147483648 RecipientTypeDetails: RemoteUserMailbox RecipientTypeDetails: UserMailbox
Remote Mailbox (Shared) – Provision Not Available
RemoteMailbox (Room) – Provision

New-RemoteMailbox -Room 
Enable-RemoteMailbox -Room
Get-RemoteMailbox | Where {$_.RecipientTypeDetails -eq "RemoteRoomMailbox"}
Get-Mailbox | Where {$_.ResourceType -eq "Room"}
objectClass: top;person;organizationalPerson;user
msExchRemoteRecipientType: 33 RemoteRecipientType: ProvisionMailbox, RoomMailbox
ResourceType: Room
msExchRecipientDisplayType: -2147481850 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 8589934592 RecipientTypeDetails: RemoteRoomMailbox RecipientTypeDetails: RoomMailbox
Remote Mailbox (Equipment) – Provision

New-RemoteMailbox -Equipment 
Enable-RemoteMailbox -Equipment
Get-RemoteMailbox | Where {$_.RecipientTypeDetails -eq "RemoteEquipmentMailbox"}
Get-Mailbox | Where {$_.ResourceType -eq "Equipment"}
objectClass: top;person;organizationalPerson;user
ResourceType: Equipment
msExchRemoteRecipientType: 65 RemoteRecipientType: ProvisionMailbox, EquipmentMailbox
msExchRecipientDisplayType: -2147481594 RecipientType: MailUser RecipientTypeDetails: RemoteEquipmentMailbox
msExchRecipientTypeDetails: 17179869184 RecipientType: UserMailbox RecipientTypeDetails: EquipmentMailbox

Migrated Mailboxes

Remote Mailbox (User) – Migrated
Get-RemoteMailbox
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "UserMailbox" -and $_.RemoteRecipientType -eq "Migrated"}
objectClass: top;person;organizationalPerson;user
msExchRemoteRecipientType: 4 RemoteRecipientType: Migrated RemoteRecipientType: Migrated
msExchRecipientDisplayType: -2147483642 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 2147483648 RecipientTypeDetails: RemoteUserMailbox RecipientTypeDetails: UserMailbox
Remote Mailbox (Shared)- Migrated
Get-RemoteMailbox | Where {$_.RecipientTypeDetails -eq "RemoteSharedMailbox"}
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "SharedMailbox" -and $_.RemoteRecipientType -match "Migrated"}
objectClass: top;person;organizationalPerson;user
msExchRemoteRecipientType: 100 RemoteRecipientType: Migrated, SharedMailbox RemoteRecipientType: Migrated, SharedMailbox
msExchRecipientDisplayType: -2147483642 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 34359738368 RecipientTypeDetails: RemoteSharedMailbox RecipientTypeDetails : SharedMailbox
Remote Mailbox (Room) – Migrated
Get-RemoteMailbox | Where {$_.RecipientTypeDetails -eq "RemoteRoomMailbox"}
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "RoomMailbox" -and $_.RemoteRecipientType -match "Migrated"}
objectClass: top;person;organizationalPerson;user
ResourceType: Room
msExchRemoteRecipientType: 36 RemoteRecipientType: Migrated, RoomMailbox RemoteRecipientType: Migrated, RoomMailbox
msExchRecipientDisplayType: -2147481850 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 8589934592 RecipientTypeDetails: RemoteRoomMailbox RecipientTypeDetails: RoomMailbox
Remote Mailbox (Equipment) – Migrated
Get-RemoteMailbox | Where {$_.RecipientTypeDetails -eq "RemoteEquipmentMailbox"}
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "EquipmentMailbox" -and $_.RemoteRecipientType -match "Migrated"}
objectClass: top;person;organizationalPerson;user
ResourceType: Equipment
msExchRemoteRecipientType: 68 RemoteRecipientType: Migrated, EquipmentMailbox RemoteRecipientType: Migrated, EquipmentMailbox
msExchRecipientDisplayType: -2147481594 RecipientType: MailUser RecipientType: UserMailbox
msExchRecipientTypeDetails: 17179869184 RecipientTypeDetails: RemoteEquipmentMailbox RecipientTypeDetails: EquipmentMailbox

I take no credit for this, I am just saving this for posterity since it is incredibly useful, original source here: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_exchon-mso_o365b/recipient-type-values/7c2620e5-9870-48ba-b5c2-7772c739c651

Outlook Autocomplete when migrating to Office 365

During a recent Office365 migration, one of the questions that arose was what would happen to Outlook Autocomplete entries (also known as the Nickname cache) when migrating users from on-premise Exchange, to Office365. Many users rely on this list, and a common complaint when this goes missing is ‘my contacts have disappeared’. In fact users just often don’t use contacts because it requires manual steps to save someone’s details, they just rely on the fact that once they have emailed a user, Outlook remembers the name and they just have to start typing it and Outlook completes the address for them.

The answer, as with many things in IT, is ‘it depends’. Largely it depends on the Outlook client version.

Microsoft Office Outlook 2007 and earlier versions store the AutoComplete list in a nickname (.nk2) file on the disk. This is local to the PC, so if users login to a new PC, the cache won’t be there. Luckily you just need to find the nk2 file, copy it to the new PC, and then import it into Outlook. See https://support.office.com/en-gb/article/Import-or-copy-the-Auto-Complete-List-to-another-computer-83558574-20dc-4c94-a531-25a42ec8e8f0?pid=CH100776981033&CorrelationId=f2cb4593-2782-4f5c-9928-dc0c7d5a76e3&ui=en-US&rs=en-GB&ad=GB&ocmsassetID=HA010097887 for details on how to do this.

Outlook 2010 and later store the autocomplete list in a hidden folder in the user’s mailbox. The great thing about this is that when setting up a new PC if the user opens the same mailbox then the list will be there already as soon as the mailbox is opened. So when migrated to Office365, this hidden folder is migrated along with the user’s email. When they  login to their mailbox through Outlook, it should be available.

 

Also note that Outlook Web App uses its own auto complete list, this is not the same as the one used by Outlook.

 

One final thing to note, is that if users autocomplete list is lost or accidentally deleted, one way of repopulating it is to draft an email with all of the users contacts in, and save it (but do NOT send!). This adds all of the addresses to the cache.

 

See ‘Information about the Outlook AutoComplete list’

https://support.microsoft.com/en-us/help/2199226 for more details.

Office 365 – fix shared mailboxes that are not synchronising from Exchange Online

How to fix issues synchronising and displaying emails in secondary or shared mailboxes in Exchange Online.

When migrating from Exchange on-premise to Office 365, users can experience issues displaying emails in secondary or shared mailboxes. When their mailboxes were hosted on-premise, users didn’t have this problem, since the Exchange servers were nearer to the users and Outlook could operate in online mode without experiencing the cached mode limitations.

The issue arises when users have access to multiple mailboxes, or mailboxes with many folders, which have been auto-mapped through mailbox permissions. This issue is described in the following Microsoft article, and is due to the 500 folder limit in Outlook .ost files: https://support.microsoft.com/en-gb/help/3115602/performance-and-synchronization-problems-when-you-work-with-folders-in

Microsoft recommends 3 potential fixes for this issue:

  1. Delete folders to reduce the folder count. This is often not possible since data needs to be retained, or needs to be separated into folders. Or there may just be so many additional mailboxes that it is not practical to have less than 500 folders across all of them.
  2. Turn off cached mode for shared folders as below. However. since you Exchange servers are now in the cloud, whilst changing this setting will show all of the emails, not only will you be unable to access the emails when offline, but performance will be heavily dependent on network conditions. Frequently this will cause performance problems with Outlook; whilst these shared mailboxes were hosted on an on-premise Exchange server, moving them to the internet can make it too slow to access them in Online mode.  

The solution is, therefore, the third recommendation by Microsoft. We recommend that clients skip the first 2 workarounds, and implement this from the start for any power email users who access a number of shared mailboxes. Unfortunately, this will require manual configuration by the end user, so a combination of automapping and manual configuration may be a good compromise.

  1. Disable automapping for each secondary mailbox as per 2646504 – ‘How to remove automapping for a shared mailbox in Office 365’.
  2. Add the account as a secondary account into Outlook via the Add New Account dialog box in Outlook. Simply add the email address of the account, as long as you have full access then it will allow you to add the profile.

Note that when diagnosing this issue it is very useful to use the Get-MailboxFolderStatistics cmdlet, which you can use to calculate if the user is near or over the 500 folder limit across all of their mailboxes.