Good Mailbox

The Azure Active Directory user with the bad mailbox is on the left, you can see the error. The Aliases component is also missing.

After some Google Fu I found a script to get the MS Online Users with errors. This script is smattered all over popoular message boards but it doesn’t really work in my opinion. It’s more of a health check for the entire environment. Basically it shows the MSOL Users with errors. The mailbox in question was in the list. But the underlying error wasn’t displayed.

Get-MsolUser -HasErrorsOnly | fl DisplayName,UserPrincipalName,@{Name=”Error”;Expression={($_.errors[0].ErrorDetail.objecterrors.errorrecord.ErrorDescription)}}

 

This script seemed to be more useful because it gives the full error message.

(Get-MsolUser -UserPrincipalName jane@contoso.com).Errors[0].ErrorDetail.objecterrors.errorRecord.errorDescription

Looking at the error, the mailbox was placed on an In-Place hold. But why, the user wasn’t deleted. From what I gather, there are three reasons for mailbox holds. A Legal Hold, this is normally done by the Office365 Admin. There are Delete Holds, i.e. the user Account is deleted but the Delete Hold may persist for 30 days. This is an internal MS Policy incase a user account gets deleted accidently, basically this prevents the immediate nuking of the mailbox. There’s also a License Hold. If you remove the users license that allows them a mailbox. A License Hold will be created. This also prevents the mailbox from being nuked. I’m not sure how to tell what kind of In-Place hold is in play. You just need to run the scenarios down. The user wasn’t on a Legal Hold becuase we didn’t set it up. The User wasn’t deleted and recreated, I could tell this becuase ExternalDirectoryObjectID of the User Mailbox matched the matched Obviously the user wasn’t deleted.

Get-Mailbox jane@contoso.com

Get-MsolUser -User jane@contoso.com | fl

The ExternalMailboxID will be returned by the Get-Mailbox command. Compare this to the ObjectId returned by the Get-MsolUser. If IDs don’t match then the Mailbox is on a Delete Hold becuase there is no user account associated. In this case they matched. 

I guess we need to check the license. The Get-MsolUser command should have a Licenses property. The user had a license!

BUT the ProxyAddresses property only had one email. Which was SMTP:jane@contoso.onmicrosoft.com. A working mailbox needs two addresses, for example smtp:jane@contoso.com & SMTP:jane@contoso.onmicrosoft.com. And remember, the Aliases web widget isn’t working. This also explains why inner office email works but external mail does not.

I’m not sure how to set the ProxyAddresses in Power Shell…. A coworker suggested removing and reapplying the mailbox license. Crazy enough, it added smtp:Jane@contoso.com to the ProxyAddresses and this got the Aliases web widget working again.

**A side not here about ProxyAddresses, smtp vs SMTP. SMTP is the primary mailbox, this should always be the public mail route, i.e  jane@contoso.com 

 I cleaned up the ProxyAddresses using the web widget that was broken/missing earlier. 

UPDATE: Found a PS Script.

#clear proxyaddresses
Set-Aduser -Identity $user -Clear ProxyAddresses

# Set Proxyaddress Array
$proxyaddressesNew = "smtp:$($user)@email.mail.onmicrosoft.com","SMTP:$($user)@email.com"

# Set new Proxyaddress Attribute in AD
set-aduser -Identity $user -add @{proxyaddresses = "$proxyaddressesNew"}

This article was very helpful in troubleshooting all this. 

Exchange can’t disable this mailbox because it is placed on hold – Microsoft Community