There are a few different ways that you can create new users in your newly configured Exchange – Office 365 Hybrid setup. This post will go through the various ways of setting users up and I will include a new user script at the end that I wrote to setup new users for this organisation.
The three ways you could setup a user & mailbox are:
1. Create the user in the on-premise AD and then sync the user to Azure. You can then just assign the user an E3 licence in Office 365 and they will have a mailbox. . But creating new mailboxes this way never fills in the correct Exchange attributes on the user’s AD account, which causes them to not display in the local EAC. This could also cause the inventory of your on-premises AD Connect domain and Azure AD domain to show incorrect data and conflicting information.
2. You can create the user and mailbox in the Exchange 2016 console.
3. You can create the user in your on-premise AD sync to Azure and then use PowerShell from the Exchange 2016 server to create a mailbox for them. You can then assign a licence to the user.
Out of the three methods we decided to use the 3rd mainly because our users UPN did not match their SamAccountName. We therefore did not want to start creating users using method 2 as we would then have users with a differing SamAccountName to the majority.
Creating users in the Exchange Admin Center
1. Log into the Exchange Admin Center here: https://mail.mydomain.com/ecp.
2. In the Exchange Admin Center of your on-premises hybrid server, go to Recipients > Mailboxes and hit the plus sign right above the “Display Name” column. You’ll notice one of the options is a new “Office 365 mailbox.”
3. Complete the information in the Dialog Box and click Save. Once saved, you can edit the user’s mailbox properties to add information such as title, manager, address and phone number.
If you’re creating an Office 365 mailbox this way, there’s no need to set up an AD account for the user beforehand. As part of this process, Exchange automatically creates the AD object for the user in the OU you specify. Simply fill out the details and click save.
4. Sync the directory using AD Connect.
On the next synchronisation of AD Connect (either automatic or forced), your user will show up in Office 365 and an Exchange Online mailbox provisioned shortly after. Once the user is synced, you’re free to assign the appropriate license to the account.
To force a manual directory sync, log in to the Azure AD Connect server, open an Administrative PowerShell window and execute the following command:
• Start-ADSyncSyncCycle -PolicyType Delta
5. License the User.
1. Browse to https://portal.office.com
2. Click the tiles icon and select the Admin tile
3. Navigate to Users and select Active users
4. Select the user in question, locate the Product Licenses field and click Edit
5. Choose a location then click the slider to activate an available license
6. At the bottom of the Product licenses pane, click Save
Using PowerShell to create mailboxes in Exchange Online
You would use the Exchange PowerShell method for one of two reasons: to automate account provisioning or to grant an Office 365 mailbox to an existing AD user. You can also use this method to add Exchange Online mailboxes to the view in the on-premises Exchange Admin Center.
To create an Office 365 mailbox for an existing user, the command we’ll be using is enable-remotemailbox.
The command we need to use is:
enable-remotemailbox -identity "Test User" -remoteroutingaddress demo.user@mydomain.mail.onmicrosoft.com
The proxy address will always be @tenant.mail.onmicrosoft.com
New User Script
Here is the initial version of a script I wrote to provision new users in a way that we could continue to manage them using our onsite Exchange 2016 server. I have deliberately kept the script simple and left out further modifications so that it is easy to understand and use as it is.
<# .SYNOPSIS This script is designed to create mydomain users and mailboxes. The main reason this is needed is to preserve needed attributes so that we can continue to manage the user from Exchange 2016 .DESCRIPTION The script will do the following: Create the AD user, sync the AD user to Azure AD, connect the user to an Office 365 mailbox and then assign licences to the user. .NOTES File Name : Create_O365_User.ps1 Author : Robin Clarke (Oct 2018) Prerequisite : PowerShell V2 and upper. .INSTRUCTIONS The script has to be run on an Exchange 2016 server (or you will lose the ability to manage the user). You will be prompted for the user's information and your Office 365 login details to assign the licences. #> #This module imports the AD PowerShell module and prompts for the user's details. It automatically creates some variables form input given. import-module activedirectory $intdomain = "mydomain" $FirstName = Read-Host -prompt "Enter user's first name" $Surname = Read-Host -prompt "Enter user's surname name" $Name = $FirstName + " " + $Surname $WindowsLogin = Read-Host -prompt "Enter user's Windows username" $O365Login = $FirstName + "." + $Surname + "@" + $intdomain $OUPicker = Read-Host -Prompt "Enter OU to create user in" $Path = "OU=" + $OUPicker + ",OU=Users,OU=mydomain,DC=mydomain,DC=com" $Password = Read-Host -AsSecureString "Input Password" $RemoteRouting = $FirstName + "." + $Surname + "@mydomain.mail.onmicrosoft.com" New-ADUser -Name $Name -GivenName $FirstName -Surname $Surname -SamAccountName $WindowsLogin -UserPrincipalName $O365Login -Path $Path -AccountPassword $Password -Enabled $true Start-Sleep -s 10 Set-ADUser -Identity $WindowsLogin -ChangePasswordAtLogon $false Start-Sleep -s 10 #Message to user $PleaseWaitAD = "User account is created in on-premise Active Directory " Write-Host $PleaseWaitAD #This module remote connects to the Azure AD Sync server and forces a delta sync. $AADComputer = "MyAzureADSyncServer" $AADsession = New-PSSession -ComputerName $AADComputer Invoke-Command -Session $AADsession -ScriptBlock {Import-Module -Name 'ADSync'} Invoke-Command -Session $AADsession -ScriptBlock {Start-ADSyncSyncCycle -PolicyType Delta} Remove-PSSession $AADsession #Message to user $PleaseWaitAAD = "User is being synced to Azure AD " Write-Host $PleaseWaitAAD #Wait for sync to complete Start-Sleep -s 60 #This command connects the AD user to a new mailbox (Provisioned through the Exchange 2016 server) Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn; enable-remotemailbox -identity $WindowsLogin -remoteroutingaddress $RemoteRouting $PleaseWaitMB = "Please wait while the user's mailbox is created and linked to their AD account " Write-Host $PleaseWaitMB #Wait for mailbox creation to complete Start-Sleep -s 60 #This module connects to Office 365 and then assigns licences to the user. $UserCredential = Get-Credential Connect-MsolService -Credential $UserCredential | out-null Set-MsolUser -UserPrincipalName $O365Login -UsageLocation GB Set-MsolUserLicense -UserPrincipalName $O365Login -AddLicenses mydomain:ENTERPRISEPACK Set-MsolUserLicense -UserPrincipalName $O365Login -AddLicenses mydomain:EMS write-host -nonewline "The user and mailbox was created. Please press X to exit " $response = read-host if ( $response -ne "X" ) { exit }
