When a company has implemented Exchange hybrid and has moved some or all their users to Office 365, the question “How do I create a mailbox in Office 365?” frequently comes up.
In this article, we explore how to create a mailbox in Exchange Online when directory synchronization is in place. For this article, we will explore this process using Exchange 2016. We will look at how to complete this task with the GUI and PowerShell. Note that these steps are identical for Exchange 2013.
Using the Exchange Admin Center
This is the simplest and quickest way to create a mailbox in Office 365. The drawback of this solution is that it only allows you to create an entirely new Active Directory user. A preexisting user without a mailbox cannot be enabled for an Office 365 mailbox using the GUI. To grant an existing user an Office 365 mailbox you will need to use PowerShell. Alternatively, that user could be given an on-prem mailbox and then move that mailbox to Office 365.
If your current process is to create a new account in Active Directory first and then enable the mailbox in Exchange second, I would recommend reversing these steps. Using the method below allows you to create a basic user in Active Directory with a mailbox in Office 365. Then you can go back into Active Directory to make any additional changes to the new account, such as group memberships.
For our example, we are going to create a new user called Wilfred Mott who will have a mailbox in Office 365. Wilfred does not currently have a user account in Active Directory so we can use this method. Wilfred’s email will be wilfred.mott@exchangeservergeek.com.
From your on-premises Exchange 2016 server, log into the Exchange Admin Center. Select the Recipients tab and Mailboxes sub-tab. Click the New (plus sign) and select Office 365 mailbox.
Note: If you do not see this option you may be missing the required RBAC permissions, or, there is an issue with your hybrid configuration.
Selecting this option walks you through the process of creating a remote mailbox in Office 365. The benefit here is that you do not need to migrate the mailbox after it is created as it already exists as an object in the cloud. Keep in mind that you will not see this mailbox in the Office 365 tenant until directory synchronization has run.
On the New Office 365 Mailbox window type the First name and Last name of the user. As you complete these fields you will notice that the Name field populates combining these values. The name field corresponds to the display name field for the user object in Active Directory. You can alter this field to be a different value than what was suggested.
Click Browse in the Organizational Unit section. This brings up the Select an Organization Unit dialog. From here you can select which Organization Unit (OU) you want the new user account to be created under.
Under User logon name specify a new username for the user. From the drop-down to the right of the @ symbol pick the domain suffix for the user. This builds a User Principal Name (UPN) for the user. Note that the domain name you pick here must be a domain you have validated in Office 365.
Under Mailbox type, pick the type of mailbox you want to create in Office 365. In our example, we are creating a mailbox for user Wilfred Mott so we will pick User Mailbox. Room and Equipment mailboxes are also available if you want to create a resource mailbox in Office 365.
Specify and confirm a password in the New Password and Confirm Password fields. You can also check the box to Require password change on next logon to force the user to create a new password.
By selecting Create an archive mailbox we can also instruct Office 365 to create an archive mailbox for the user in the cloud.
Unlike on-premises mailbox creation, we do not get an option to pick a primary or archive database for our user. In Office 365 we cannot manage databases or servers. In turn, this negates our ability to choose how those users are assigned or distributed across databases. Microsoft makes this choice for us and it is not uncommon for Microsoft to redistribute mailboxes across databases.
If you are looking to create a user and mailbox quickly the minimum fields required are those marked with an asterisk.
For our example, we specified a first name, last name (which populated name field for us), Organizational Unit, username, domain suffix, mailbox type, and password.
With your fields populated click the Save button. Your mail-enabled user will now appear under the Mailboxes tab. The Mailbox Type for Wilfred will be listed as Office 365. On-premises mailboxes are listed as type User. This is a great way to distinguish which mailboxes are on-prem and which are in the cloud.
Keep in mind the user will need to be assigned an Office 365 license before they can access their mailbox.
Note: Your user will not show in Office 365 until directory synchronization completes. How long this takes depends on how your sync cycle is configured. You can force an immediate sync with Azure AD Connect by running the following PowerShell command: Start-ADSyncSyncCycle -PolicyType Delta
Using the Exchange Management Shell
To perform this same task in EMS we use the New-RemoteMailbox cmdlet. Using the above example of Wilfred Mott let’s see what the process would have looked like in PowerShell.
From your on-premises Exchange 2016 server, open the Exchange Management Shell.
First, we will need to capture a temporary password for Wilfred in a variable. The password will be saved as a secure string. To do this enter the following command. Enter a password when prompted.
C:\> $password = Read-Host "Enter password" -AsSecureString Enter Password: *********
Next, let’s create the mailbox and parse in the $password variable.
C:\> New-RemoteMailbox -Name "Wilfred Mott" -FirstName "Wilfred" -LastName "Mott" -OnPremisesOrganizationalUnit "skaro.local/Whoniverse" -UserPrincipalName "wilfred.mott@exchangeservergeek.com" -Password $password -ResetPasswordOnNextLogon:$true
In this cmdlet:
-Name specifies the content of the display name field in Active Directory.
-FirstName specifies the first name of the user.
-LastName specifies the last name of the user.
-OnPremisesOrganizationalUnit specifies where in the on-premises Active Directory the new user account should be created. The New-RemoteMailbox cmdlet tweaks the naming of the parameter from -OrganizationalUnit to -OnPremisesOrganizationUnit to emphasize where the user account exists. In our example, we specified this as the on-premises Whoniverse OU in the Skaro.local domain. This is an optional parameter. If you omit this parameter the user will be created in the default Users OU.
-UserPrincipalName specifies the username in UPN form.
-Password calls the variable named $password from our previous command.
-ResetPasswordOnNextLogon specifies whether a user must change their password the next time they log in.
Create an Office 365 Mailbox for an Existing User
To enable an existing user with an Office 365 mailbox we can use the Enable-RemoteMailbox cmdlet. For example, if we had already created Wilfred in Active Directory Users and Computers we can enable him for an Office 365 mailbox using the following command.
C:\> Enable-RemoteMailbox -Identity "Wilfred Mott" -RemoteRoutingAddress "wmott@exchangeservergeek.mail.onmicrosoft.com
In this command, the -RemoteRoutingAddress parameter specifies Wilfred’s unique SMTP address in Office 365. The domain you use in the routing address is assigned by Microsoft to your Office 365 tenant. The routing address is stamped to Wilfred’s TargetAddress property on his Active Directory account. This instructs our on-prem Exchange to route messages addressed to Wilfred to Office 365. We don’t need to specify a primary SMTP address as this will be generated by our on-prem Email Address Policy (EAP).
Regardless of which command is used the user’s mailbox will not show in Office 365 until directory synchronization performs a sync. Keep in mind the user will need to be assigned an Office 365 license before they can access their mailbox.
Further Reading
Here are some articles I thought you might like:
- Change the notification email for directory synchronization failures
- Access is Denied when enabling Group Writeback
- Easily Connect to Exchange Online with PowerShell
- Easily Connect to Office 365 with PowerShell
What is your preferred way of creating new users in Office 365? Do you create the user on-prem first and then migrate, or, use the method described above. Drop a comment below or join the conversation @SuperTekBoy.
Muthu says
Hi,
Thanks for the update. How we can enabled for multple user
1: enable the remote mailbox
2: enable the archive
3: enable the email address policy
now we are dint it manually
Regards
Muthu
Gareth Gudger says
Hi Muthu,
1. Enabling a remote mailbox is covered at the end of the article. -Archive
2. To enable an an archive you can run the command Enable-RemoteMailbox -Identity
3. By default any new remote mailbox should automatically be configured to use an email address policy. If it is not working correctly you may need to look at the scope of your email address policies. For example, are they scoped to mailbox-only (which does not include remote mailboxes) or scoped to mail-users or remote mailboxes (which will apply to a remote mailbox).
Ralph says
Hello, quick question. For example I already have cloud users with EXO mailbox before enabling Hybrid. Will they be able to send and receive email from on-prem users? Thank you
Gareth Gudger says
When you configure Azure AD Connect and Exchange Hybrid that should sync all the mailboxes from on-premises to Exchange Online as mail users. Once Exchange Online has these mail users the Exchange Online users will be able to email the Exchange On-Premises users.
However, for the Exchange On-Premises users to email the Exchange Online users is a bit more complicated. One option could be to switch your SMTP domain (in Exchange On-Premises) from authoritative to internal relay (not ideal). The other option, and assuming the cloud mailboxes have on-premises Active Directory accounts, you could remote mailbox-enable each user. You will just need to make sure the email addresses match. Definitely test this thoroughly.
Greg says
So, we are no longer able to use AD user templates for consistency.
Gareth Gudger says
You can use AD user templates to create the user and then use the last example to enable a remote mailbox for that user – Enable-RemoteMailbox -Identity “Wilfred Mott” -RemoteRoutingAddress “wmott@exchangeservergeek.mail.onmicrosoft.com
David Bertelsen says
Hi Gareth
When you give an AD user office 365 license a mailbox will be created automatically in cloud. But what would be a powershell command I could use to make sure it is connected to the hybrid server after the creation?
Gareth Gudger says
Hey David,
To avoid this, I would recommend creating the remote mailbox before applying the license. Exchange Online checks to see if a mailbox GUID is being synced to the cloud. If it does not see one and a license is assigned it will create the cloud mailbox.
To fix it take a look at this article, https://docs.microsoft.com/en-us/exchange/troubleshoot/move-mailboxes/mailbox-exists-exo-onpremises
Paul says
Great example. How can I skip the manual password part for automation purposes?
Confidence says
Still needed some help.
Confidence says
Especially on how to log into my account or email.
Confidence says
Especially on how to log in.
Matej says
Hey,
please what happen when I delete mailbox on-prem? Will be the mailbox deleted also in o365? If yes, when?
Gareth Gudger says
When you tell Exchange on-prem to delete the mailbox (e.g. Delete-Mailbox or Disable-Mailbox) it will delete it from the cloud. It will delete it once the next directory synchronization from AAD Connect occurs which is every 30 minutes by default (so up to 30 minutes).
It puts that mailbox in a soft-deleted state in Exchange Online for about 30 days. In that time you can recover it or reconnect it to another user.
dee says
hello,
is the a way to check which admin user has created an O365 mailbox ?
thanks,
Dee
Gareth Gudger says
Hi Dee,
Yes, you can through Admin Audit Logging. More info on that here:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance
Sach says
Thanks, you have a typo missing -Identity switch.
Enable-RemoteMailbox -Identity “Wilfred Mott” -RemoteRoutingAddress “wmott@exchangeservergeek.mail.onmicrosoft.com
Gareth Gudger says
Many thanks. Updated.
Marco says
Thanks, Between this article and script found on https:// thesysadminchannel.com/how-to-create-o365-mailboxes-hybrid-exchange/ it was able to help me out alot. Great Post Gareth
Michael says
What happens if you create a user in active directory first and then try and create a user
Ram says
Hi Gareth,
1. O365 for those 2 users were on trial for 30 days. It expired when they tried to send email to on premises user.
2. The current lab is of same domain (INFOTECHRAM.COM). I rebuilt entire home lab from scratch. No left over from earlier lab.
3. Currently the EX2016 is working fine for on premises users. Haven’t converted EX2016 to Hybrid.
Thanks
Ram
Ram says
Hi – I converted my home lab (EX2016) to hybrid and created mailbox on premises and O365. Did few mailbox migration from on premises to O365. Everything worked for one month and after that, I was not able to receive emails from any one including from those test users migrated to O365. Not sure what happened to EX2016 hybrid.
Do, I need to have any subscription service from MS for EX2016 hybrid to work indefinitely?
I had to rebuild the home lab. Now EX2016 is working without hybrid. I want to convert again but want to make sure, I have all the information required before, I proceed.
Thanks
Ram
Gareth Gudger says
Hey Ram,
Did you ever license those mailboxes in Office 365? Or were you just on a trial subscription?
If it were a trial or there was no active paid subscription then Microsoft would have disabled those mailboxes after 30 days.
More info on that here. https://blogs.technet.microsoft.com/exchange/2015/12/18/data-immutability-and-office-365-tenant-lifecycle/
To confirm, the new lab is a completely brand new Exchange organization (new domain and DCs as well)?
Carlos Rotver says
Hello! I have a question. If you create the mailbox directly in O365, what about the users that are still in on-prem? Will they be able to find the new mailbox in the on-prem GAL?
Regards and thanks
Gareth Gudger says
Hey Carlos,
Those on-prem users won’t be able to see the user in the GAL. Furthermore, because Exchange on-prem has no knowledge of the cloud-only user those on-prem users won’t be able to send mail to the cloud user either. Its always best to use the method I described above, or, create the mailbox on-prem and then migrate it to the cloud.
Carlos Rotver says
Thanks! That’s the way we do it. We create the mailboxes on-prem then we migrate them to 365. Same with the shared mailboxes. Thanks for your help!
Naik says
Hi Carlos, how do you migrate Shared Mailbox from ON Prem to O365 in Hybrid Environment. Thanks