With a hybrid Exchange Online deployment, where you have Exchange Server on-premises and Exchange Online configured in the cloud, and utilising AADConnect to synchronize the directories, you should never find that a synced user object is configured as both a mailbox in Exchange Online and a mailbox on-premises. When Active Directory is synced to Azure Active Directory, the ExchangeGUID attribute for the on-premises user is synced to the cloud assuming that you have not done a limited attribute sync and excluded the Exchange attributes from syncing to AAD — as syncing the attributes is required for Exchange Online hybrid.
Exchange Online though does not read attributes from Azure Active Directory. When a user is given an Exchange Online licence, it becomes the job of Exchange Online to provision a mailbox for this user.
The existence of this attribute tells the provisioning process that the mailbox already exists on-premises and may be migrated here later and so not to create a conflicting mailbox.
Cannot migrate on-premises archive mailboxes to Office 365 in a hybrid migration
A cloud user who does not have an ExchangeGUID attribute synced from on-premises will get a mailbox created by the Exchange Online provisioning process upon a licence being assigned, and on-premises users that do not have a mailbox on-premises who also have no ExchangeGUID attribute will also find that granting them an Exchange Online licence will trigger the creation of a mailbox for them. Note that this last option will create a mailbox in the cloud — but all the attribute management of this mailbox must be done on-premises, as the object syncs from on-premises and so that is the source of the object.
The above is what happens in most cases — the user on-premises has a ExchangeGUID value, that is synced to the cloud, and then the user is licenced and a second mailbox is not created. But there is an edge case where an on-premises user with a mailbox and therefore has the ExchangeGUID attribute populated will also get a mailbox in Exchange Online.
This happens where the organization manually created cloud mailboxes before enabling AADConnect to sync the directories, and these cloud users match the on-premises user by UserPrincipalName or primary SMTP address.
In this above case, because they are cloud users with an Exchange Online licence they get a mailbox.Create an Office 365 Shared Mailbox and Add to Outlook
Deleting the cloud user and then enabling sync will cause the original cloud mailbox to be restored to the user account as the UserPrincipalName matches. The user is granted a full Office E3 licence, so this means the user has an Exchange Online mailbox. This is because there are two seperate mailboxes. Get-User in the cloud will also report something useful. For completion we also show the licence state:.
Now in preparation for the sync of the Active Directory to Azure Active Directory, the user accounts in the cloud are either left in place and so sync will do a soft-match for those users or they are deleted and the on-premises user account syncs to the cloud. In the first case, the clash on the sync will result in the cloud mailbox being merged into the settings from the on-premises mailbox on-premises values overwrite cloud values unless on-premises value is null or does not exist.
In the second case, cloud object deleted before sync, there is no user account to merge into, but there is a mailbox to restore against this user. The impact of this is minor to massive.
In the scenario where MX points to on-premises and you have not yet moved any mailboxes to the cloud, this cloud mailbox will only get email from other cloud mailboxes in your tenant there are none in this scenario or internal alerts in Office and these are reducing over time, as they start to follow correct routing.
As there is now a mailbox in the cloud for a user on-premises, inbound internet sourced email for your on-premises user will get delivered to the cloud mailbox and not appear on-premises! The other problems are that where there is a duplicate mailbox, move requests for those users for onboarding to Exchange Online will fail:. This occurs where the user was not licenced and so there was not a duplicate mailbox in the cloud, but the user was later licenced before the migration completed.
Where the invalid duplicate mailbox exists in the cloud and is getting valid emails delivered to it, the recovery work described below additionally will involve exporting email from this invalid mailbox and then removing the mailbox as part of the fix.
And if that is the case, you need to do some additional adjustments. If you hit the roadblock during the synchronization it is most probable that the problem will be related to user synchronization between local Active Directory and Azure AD. Common causes for this are:. You can encounter these problems when you run the synchronization from on-premises AD to Office But this can also happen the other way round when you run the synchronization from Office to on-premises AD or in both directions.
Look at the most common scenarios here:. In this article, I will show you how to manage these situations in an environment with hybrid configuration and Centralized Mail Transport enabled.
In this scenario, a user account is created in Office in a hybrid setup. It is worth mentioning that this scenario is correct and supported by Microsoft. However, it causes problems for an Office user when he or she wants to access public folders being on the on-premises Exchange.
This means that the user will not be able to access local public folders legacy public folders and any attempt of connection will throw an error:. Cannot expand the folder. The set of folders cannot be opened. Network problems are preventing connection to Microsoft Exchange. To solve the problem you need to run SMTP matching. Once the synchronization is finished, an Office user should have access to on-premises public folders. Sometimes a company uses both environments to have access to different services offered by these two platforms.
For example, the company decides to use Office to have access to SharePoint Online and Skype for Business services. At the same time, the company maintains the on-premises Exchange Server.
However, when you set up a hybrid environment and synchronize directories via Azure AD Connect, this may duplicate user accounts or cause other sync issues. A single user can end up having two accounts — one in Office and one in local Active Directory. If the company uses Skype for Business Lync in an on-premises environment, the synchronization can be even more complicated.
If that is the case, you should carefully plan the synchronization before using Azure AD Connect for the first time. For example, you may decide to migrate to Skype for Business Online and stop using the on-premises solution. Generally speaking, if any problems appear in this scenario, you can run SMTP matching as well.
If there are duplicates of user accounts, you need to remove them from Office using the following cmdlet in Azure Active Directory Module for Windows PowerShell:.
For a user who has a duplicated account, you should check and correct attributes either in Office or in local AD. In Azure AD Connect, you can find more details on fixing synchronization problems. It is one of those weird situations when a single user has one AD account but is connected to two mailboxes — one mailbox is in Office and the second one is on on-premises Exchange practically, it will be connected to on-premises via Autodiscover.
This situation is very similar to the one described in the second scenario above, with the only difference that an Office user has the Office license assigned including a license for Exchange Online.
As you can imagine having two mailboxes in hybrid settings causes complications in email flow for that user. Unfortunately, in this case, SMTP matching will not help.It's a very long story, but I have a Hybrid O setup with Exchangeand I have a user who ended up with basically an on-prem mailbox and a cloud mailbox that are not the same.
I unlicensed the user in question, but when I go into Exchange online admin, her mailbox is still there. Is that ok? Can I still go ahead and do the remote move from the EMC on prem? I don't want to screw anything up worse than it already is. Thanks in advance! I'd back the cloud mailbox up, delete the cloud mailbox and merge it all into one mailbox on prem and then migrate it online. Then I would migrate them back to on premise. Then migrate them back to O and this time leave the move request in place.
See if the migration back and forth is enough to resolve the issue, but if not at least we have the move request to get more details. If it fails again, use the below article to retrieve the full XML so we can get error details. I have used office before. It was a good program and enjoyed a lot. Though that time it was my first experience. Stop AAD sync, remove the cloud mailbox, remove the cloud user, then re-start AAD sync, let it recreate the user in the cloud with no mailbox, then do the move.
Brand Representative for Microsoft. Wait a bit for a few Azure AD syncs to finish and then start a remote move batch to sync it up online and then complete the batch and license the user.
Oh you might have to either stop syncing, or move that account in an OU that does not sync that's what we do. Once it does no longer sync id gets moved in the trash in the cloud and then you can force delete it. And I figured it out. The propagation of the disable is not yet complete.
So I wait. To continue this discussion, please ask a new question. Adam CodeTwo. Get answers from your peers along with millions of IT pros who visit Spiceworks.
MicrosoftFollowers Follow. Best Answer. Neally This person is a verified professional. Verify your account to enable IT peers to see that you are a professional. We found 7 helpful replies in similar discussions:. Fast Answers! Jay Mar 07, Was this helpful? See all 7 answers. Popular Topics in Microsoft Office Spiceworks Help Desk.You have setup a hybrid between on-premises Microsoft Exchange and Office Exchange Onlinebut when you try and move a mailbox from on-premises to Office it tells you that the mailbox already exists.
What it is telling you is that the user has a mailbox on-premises and one in Office Exchange Online. Most commonly, when a mailbox has been created for a user in Exchange Online before Directory Synchronization between on-premises AD and Office has been setup. You now have a situation where the AD account has a mailbox on-premises and in Exchange Online. Even if you attempt to delete the mailbox in Exchange Online by removing the Exchange Online licenses from the useras soon as you assign the license back to the user, the mailbox is re-created, so you still cannot move the mailbox from on-premises to Exchange Online.
Subsequently you have created a user in AD with a local mailbox and then synced the user account across into Office You very soon after sync example; under 1 minuteyou assign the synced user in Office an Exchange Online Plan license, which in turn creates a mailbox for the user in Exchange Online.
Yes, this shouldn't happen, in theory, if a user has a mailbox on-premises, and you sync the account into Officewhen you assign a license it shouldn't create a mailbox, it should know that the user has a mailbox on-premises.
If you assign the license through the Office Admin Portal, it should give you a dialog box saying that a mailbox wont be created for the user as the mailbox exists on-premises.
Duplicate Exchange Online and Exchange Server Mailboxes
What you want, is for Dirsync to set a flag on the user object in Officeto indicate that the object has a mailbox on-premises, and therefore not to create one when you assign an Exchange Online license. If you have DirSync in place, and the user does have a mailbox on-premises it will be this, except in the 2 scenarios described above. Sometimes, you are just so quick, that the msExchangeReceipientType hasn't been set correctly for the user object, and you assign the license, or when you don't have AD sync, then it obviously wont be that value.
What you could do to prevent the behavior seen in the scenarios above, is check the value before assigning a license e. What happens if I have a user where the issue has already occurred, and now they have a mailbox in Office and on-premises. The problem is you cannot easily change the msExchangeReceipientType value manually e. You need to get DirSync to set the value.
So if you have an account where this is an issue, the best thing is to remove the account from being synchronized, remove the account from Officeand then re-sync the account.
Note: by removing the account in Office Azure ADyou will be deleting content associated to this account too e. On a similar note. I have seen a situation where an organization wants to move resource mailboxes from Exchange on-premises to Exchange Online, but when they attempt the move request they get an error saying they need to assign a license first. As you know you don't need to licenses resource mailboxes in Exchange Online, if they are created as a resource mailbox i.
What has often happened in this case, is that their on-premises resource mailboxes were actually created as user mailboxes and therefore need a license assigned.
What you need to do, is check this value for your synced accounts to ensure that this is not what is set on resources like rooms etc. As a reference to what the values of msExchangeReceipientType mean and for example should be for a resource mailbox, check out this blog post.
Skip to main content. Exit focus mode. There are two scenarios where I have seen this happen Most commonly, when a mailbox has been created for a user in Exchange Online before Directory Synchronization between on-premises AD and Office has been setup. Why does this happen, and how to prevent this?
It only takes a minute to sign up. We are in the middle of hybrid coexistence migration from Exchange on-premise to Office Today we discovered that one of our users has both an on-premise and an Office mailbox linked to his one AD account.
That means that if he opens Outlook on a domain-joined computer and goes through the initial configuration, it uses autodiscover to connect him to his on-premise mailbox, but if he logs on to the Office portal, it shows his cloud mailbox. Even worse, when a user whose mailbox is in the cloud sends him an e-mail, it goes only to his cloud mailbox, and when a user whose mailbox is still on-premise, it goes only to his on-premise mailbox.
So he can't see all his mail all in one place. How can we "merge" his mail data final destination: Office and make sure his Outlook "autodiscovers" the Office mailbox and all mail is routed to that mailbox? I've the same problem in my domain. Someone manually create the o mailbox for users who already have an on-premise mailbox.
I think is more simple and straightforward. You can also re-migrate your mailbox on-prem offboarding if you need it.
Office365 Hybrid - User has 2 mailboxes
I decided I didn't want to export all the mail from the cloud mailbox using Outlook, remove the Office license or just the EOL license from the user, then use Powershell to permanently delete the mailbox, then migrate the on-premise mailbox to the cloud, and then re-import the exported data to the new cloud mailbox.
I knew that would work but seemed to roundabout. What I ended up doing might have been more so, but here's another way:. An anonymous user suggested the following, instead of using the GUID converter. This also would allow Powershell automation of the process.
Thanks Mauro! It worked for me, U had to add -UserPrincipalName to your command and it worked for me! To get rid of the cloud mailbox I simply changed from one subscription to another so IE I was on E5, I changed my account to Business Premium but removed Exchange Online option, I then migrated my mailbox to the cloud before changing back to E5 subscription.
Sign up to join this community. The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered. How to reconcile user with both on-premise and cloud mailboxes?Exchange and later hybrid deployments are supported for organizations with multiple on-premises Exchange forests and a single Office tenant. For hybrid deployment features and considerations, multi-forest organizations are defined as organizations having Exchange servers deployed in multiple forests.
Organizations that utilize a resource forest for user accounts, but maintain all Exchange servers in a single forest, aren't classified as multi-forest in hybrid deployment scenarios. These types of organizations should consider themselves a single forest organization when planning and configuring a hybrid deployment.
The migration of public folders from an on-premises environment to Office is only supported from a single Active Directory forest. Similarly, accessing public folders in a hybrid state is only supported when the on-premises public folders are housed in a single Active Directory forest. For more information about hybrid deployments, see Exchange Server hybrid deployments.
For Exchange and later, hybrid deployments require the latest cumulative update CU available for the version of Exchange you have installed in your on-premises organization. For Exchangehybrid deployments require the latest update rollup RU. If you can't install the latest update, the immediately previous release is also supported.
Previous CUs and RUs are not supported. For more information, see Hybrid deployment prerequisites. Multi-forest hybrid deployment prerequisites are almost identical to the hybrid deployment prerequisites for a single-forest organization, with the following exceptions:.
If there are shared domains across multiple Exchange forests, both mail routing and Autodiscover endpoints need to be configured and working properly between the Exchange forests before configuring your multi-forest hybrid deployment.
The Office service must be able to query the Autodiscover service in each Exchange forest. For a multi-forest hybrid deployment, a single digital certificate can't be used for multiple Active Directory forests. Each forest must use a dedicated CA-issued certificate for secure mail transport to function correctly in a hybrid deployment.
The certificate used for hybrid deployment features for each forest in a multi-forest organization must differ in at least one of the following properties:. This must match the host being authenticated and is typically the external hostname for the Client Access server in the Active Directory forest. For example, mail. We recommend using the CN as the differentiating property between Active Directory certificates used in multi-forest hybrid deployments.
For example, VeriSign or Go Daddy. As an example in a multi-forest hybrid deployment, one forest would have a certificate issued by VeriSign and one forest would have a certificate issued by Go Daddy. The certificate installed on the Mailbox and Client Access and Edge Transport, if deployed servers in each Active Directory forest used for mail transport in the hybrid deployment must all be issued by the same CA and have the same common name.
On an Edge Transport server, if the certificate common name and issuer name do not match, you can manually set them in the receive connector using following commands:.
Exchange servers : At least one Exchange server with the Client Access server role, or one Exchange or later server with the Mailbox role, must be installed in each Active Directory forest configured for hybrid deployment.
In Exchangethe Client Access server is the inbound secure mail transport endpoint for the Exchange Online Protection EOP service included with the Office tenant service and enables the Hybrid Configuration wizard to run in the Active Directory forest. Additionally, at least one Exchange server with the Mailbox server role must be installed in each Active Directory forest configured for hybrid deployment.Keep in touch and stay productive with Teams and Officeeven when you're working remotely.
Learn More. Learn how to collaborate with Office Tech support scams are an industry-wide issue where scammers trick you into paying for unnecessary technical support services. You can help protect yourself from scammers by verifying that the contact is a Microsoft Agent or Microsoft Employee and that the phone number is an official Microsoft global customer service number.
We're busy setting up our hybrid environment Exchange onsite and Office Educationand we're having one problem:. When we setup the tenant in Office, I used my work email adress as initial admin account. By now we have setup AD Sync and the hybrid environment, but now I have 2 mailboxes with the same account - One on Office, and my "old" mailbox with years of mails on our Onsite Exchange server. Both Mailboxes are linked to the same useraccount which is synced via AD Sync.
How can I either "merge" the 2 maiboxes or delete the Office Mailbox in order to then migrate my existing mailbox? Did this solve your problem? Yes No. Sorry this didn't help. April 7, Keep in touch and stay productive with Teams and Officeeven when you're working remotely. Site Feedback. Tell us about your experience with our site. We're busy setting up our hybrid environment Exchange onsite and Office Educationand we're having one problem: When we setup the tenant in Office, I used my work email adress as initial admin account.
Thanks Sassan. This thread is locked. You can follow the question or vote as helpful, but you cannot reply to this thread. I have the same question Palcouk Replied on November 17, Volunteer Moderator. Thanks for marking this as the answer. How satisfied are you with this reply? Thanks for your feedback, it helps us improve the site. How satisfied are you with this response? This site in other languages x.