Office 365: Unable to locate an Azure Active Directory user for an Exchange Online Mailbox
In order for an Exchange Online mailbox to exist in Office 365 it must be attached to an Azure Active Directory object. In Exchange Online we record the object ID for the Azure Active Directory account as the external directory object id of the mailbox.
PS C:\> Get-Mailbox tmcmichael | fl name,externalDirectoryObjectID
Name : Timothy McMichael
ExternalDirectoryObjectId : 61425db0-7812-49dd-b6aa-1a732bdec569
Using the external directory object ID we can locate the Azure Active Directory account that the mailbox is linked to.
PS C:\> Get-MsolUser -ObjectId 61425db0-7812-49dd-b6aa-1a732bdec569
UserPrincipalName DisplayName isLicensed
----------------- ----------- ----------
tmcmichael@domain.org Timothy McMichael True
I recently had a customer that presented with the inability to locate the Azure Active Directory Object for an associated mailbox.
Using get-mailbox the mailbox object was successfully located:
PS C:\> Get-Mailbox contact | fl name,externalDirectoryObjectID
Name : Contact Mailbox
ExternalDirectoryObjectId : 3959607e-8c53-4413-9d39-1af548b00819
When using get-msolUser the Azure Active Directory account could not be successfully located.
PS C:\> Get-MsolUser -ObjectId 3959607e-8c53-4413-9d39-1af548b00819
Get-MsolUser : User Not Found. User: 3959607e-8c53-4413-9d39-1af548b00819.
At line:1 char:1
+ Get-MsolUser -ObjectId 3959607e-8c53-4413-9d39-1af548b00818
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Get-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UserNotFoundException,Microsoft.Online.Administration.Automation.GetUser
If the mailbox object was a valid object – why can an Azure Active Directory account not be located.
In this particular instance we discovered that the mailbox was set as the JournalingReportNDRTo.
PS C:\> Get-TransportConfig | fl JournalingReportNdrTo
JournalingReportNdrTo : contact@domain.com
When a mailbox is specified as the journalingReportNDRTo recipient the mailbox cannot be deprovisioned. In this particular instance we suspect that the Azure Active Directory Account was removed and subsequently purged. When the object is purged from Azure Active Directory the associated Exchange Online Mailbox should enter a soft deleted state. In this instance the mailbox was not soft deleted because of an external dependency.