In a hybrid Exchange environment, linking an existing on-premises Active Directory (AD) account with an Office 365 Exchange Online mailbox is a common task. This process ensures that users can access their cloud-based mailboxes while maintaining a single identity across both on-premises and cloud environments.
One critical step in this process is ensuring that the ExchangeGUID of the cloud mailbox matches the on-premises AD account. In this blog post, we’ll walk you through the steps to link an existing on-premises AD account with an Exchange Online mailbox, including the necessary PowerShell commands.
Prerequisites
Before you begin, ensure the following.
- Azure AD Connect is installed and configured to synchronize your on-premises AD with Azure AD.
- The on-premises AD account already exists and is synchronized with Azure AD.
- You have the necessary permissions to manage Exchange Online and on-premises AD.
- You have the Exchange Online PowerShell module installed.
Step 1. Verify the On-Premises AD Account.
First, confirm that the on-premises AD account exists. Use the following PowerShell command to check the AD account.
![AD account]()
- Replace <Username> with the SAMAccountName of the user.
- Replace <YourDomainController> with the name of your domain controller.
This command retrieves the user’s details, including the msExchMailboxGUID attribute, which is the on-premises ExchangeGUID.
Step 2. Check Azure AD Synchronization.
Next, verify that the on-premises AD account has been synchronized to Azure AD. Run the following command in Azure AD PowerShell.
![Azure AD PowerShell]()
Replace <UserPrincipalName> with the user’s UPN (e.g., [email protected]). If the user is synchronized, you’ll see their details in the output.
Step 3. Enable Remote Mailbox in On-Premises Exchange.
To link the on-premises AD account with an Exchange Online mailbox, you need to enable a remote mailbox for the user in your on-premises Exchange environment. Run the following command in your on-premises Exchange Management Shell.
![Exchange Management Shell]()
- Replace <Username> with the SAMAccountName of the user.
- Replace <UserPrincipalName> with the user’s UPN (e.g., [email protected]).
This command creates a remote mailbox in Exchange Online and links it to the on-premises AD account.
Step 4. Match the ExchangeGUID.
The ExchangeGUID of the cloud mailbox must match the msExchMailboxGUID of the on-premises AD account. Follow these steps to ensure they match.
Step 4.1. Retrieve the ExchangeGUID from Exchange Online
Run the following command in Exchange Online PowerShell to retrieve the ExchangeGUID of the cloud mailbox.
![Exchange Online PowerShell]()
Replace <UserPrincipalName> with the user’s UPN (e.g., [email protected]). Note down the ExchangeGUID value.
Step 4.2. Update the On-Premises AD Account with the ExchangeGUID
If the msExchMailboxGUID of the on-premises AD account does not match the ExchangeGUID from Exchange Online, update it using the following PowerShell command.
![ExchangeGUID]()
- Replace <Username> with the SAMAccountName of the user.
- Replace <ExchangeGUID> with the ExchangeGUID value retrieved from Exchange Online.
Step 5. Force Azure AD Connect Synchronization.
After updating the msExchMailboxGUID, force a synchronization between your on-premises AD and Azure AD. Run the following command on the server where Azure AD Connect is installed.
![Azure AD Connect]()
This command initiates a delta synchronization, which propagates the changes to Azure AD and Exchange Online.
Step 6. Verify the Mailbox in Exchange Online.
Finally, verify that the mailbox has been successfully linked in Exchange Online. Connect to Exchange Online PowerShell and run the following command.
![Mailbox]()
Replace <UserPrincipalName> with the user’s UPN. Ensure that the ExchangeGUID matches the value you set in Step 4.2 and that the RemoteRoutingAddress is correctly populated.
Troubleshooting Tips
- Issue: ExchangeGUID mismatch
- Double-check the msExchMailboxGUID in the on-premises AD account and the ExchangeGUID in Exchange Online. Ensure they match exactly.
- Issue: Synchronization delays
- If changes are not syncing immediately, force a delta sync as shown in Step 5.
- Issue: Licensing
- Ensure the user has an appropriate Exchange Online license assigned in the Microsoft 365 admin center.
Conclusion
Linking an existing on-premises AD account with an Office 365 Exchange Online mailbox is a straightforward process when you follow the right steps. By enabling a remote mailbox, matching the ExchangeGUID, and ensuring proper synchronization, you can provide a seamless experience for your users across hybrid environments.
If you have any questions or run into issues, feel free to leave a comment below.
Happy scripting!