Updating Remote Recipient Types on-Premises
During migrations from third-party platforms like Gmail or various POP3 providers or from hosted Exchange environments, we frequently see customers provisioning remote mailboxes for shared resources.
This works fine for three out of four recipient types. You can run New-RemoteMailbox for a regular user or specify a Type (Room or Equipment) to get the appropriate mailboxes. One glaring omission is the SharedMailbox.
One of our goals is to have on-premises objects synchronous with the cloud objects--that way, if you need to rebuild AAD Connect and sync objects back up to the cloud, all of the properties get synced correctly and everything continues on as it was. There is a risk when your Remote User Mailbox types don't match between cloud and on-premises. That is to say, if the on-premises AD account of your shared mailbox user looks like a regular user, the risk is that those properties would get synced to the cloud and your shared mailbox might get converted back to a user. It's not a big deal if that happens on-premises, since it doesn't really affect anything.
The cloud is a whole different story. We're using the RecipientDisplayType and RecipientTypeDetails to flag whether or not a mailbox needs to be licensed. And, if it's been longer than the 30 days since you migrated a mailbox, removing a license will result in deletion of the mailbox.
If you, for example, had a legacy Exchange 2003 environment that you migrated to Office 365, you most likely have Shared, Room, or Equipment mailboxes that were created as just regular users , since Exchange 2003 didn't have concepts of different types of recipient objects. Or, if you migrated from another platform like Gmail or Notes and wanted to manage identity on-premises, you might also run into this problem.
Here's a quick function you can use to set the on-premises recipient types for synchronized user accounts (that map to shared/resource/equipment mailboxes) correctly so that they show up in the cloud (and you don't end up losing the mailbox when you remove a license).
Function SetRemoteRecipientTypes($Recipient,$RecipientType)
{
If (!(Get-Recipient $Recipient))
{
"Recipient $($Recipient) not found."
Break
}
Switch ($RecipientType)
{
Equipment
{
$EquipmentRecipientDisplayType = '-2147481594'
$EquipmentRecipientTypeDetails = '17179869184'
$EquipmentRemoteRecipientType = '65'
Set-ADUser -Identity ((Get-Recipient $Recipient).SamAccountName) -Replace @{msExchRecipientDisplayType=$EquipmentRecipientDisplayType;msExchRecipientTypeDetails=$EquipmentRecipientTypeDetails;msExchRemoteRecipientType=$EquipmentRemoteRecipientType}
}
Shared
{
$SharedRecipientDisplayType = '-2147483642'
$SharedRecipientTypeDetails = '34359738368'
$SharedRemoteRecipientType = '100'
Set-ADUser -Identity ((Get-Recipient $Recipient).SamAccountName) -Replace @{msExchRecipientDisplayType=$SharedRecipientDisplayType;msExchRecipientTypeDetails=$SharedRecipientTypeDetails;msExchRemoteRecipientType=$SharedRemoteRecipientType}
}
Room
{
$RoomRecipientDisplayType = '-2147481850'
$RoomRecipientTypeDetails = '8589934592'
$RoomRemoteRecipientType = '33'
Set-ADUser -Identity ((Get-Recipient $Recipient).SamAccountName) -Replace @{msExchRecipientDisplayType=$RoomRecipientDisplayType;msExchRecipientTypeDetails=$RoomRecipientTypeDetails;msExchRemoteRecipientType=$RoomRemoteRecipientType}
}
}
}
To use it, just run SetRemoteRecipientType <samaccountname> <RecipientType>.
You'll want to make sure the recipient type is also configured correctly in the cloud (Set-Mailbox -Type [Shared|Equipment|Room]).