Jaa


Script to Update msExchArchiveGuid and msExchArchiveName in bulk from Exchange Online to On-premise AD

Summary –

Use this script for errors like below on office 365 portal.

Failed to sync the ArchiveGuid 00000000-0000-0000-0000-000000000000 of mailbox 28b656595f-924b-4c5b-a4be-ea255450f  because one cloud archive 45e245ba67-a5ed-4408-8ced-a4d124521 exists

Note: Recommended way to resolve this issue is using On-premise Exchange PowerShell. But these steps are for those scenarios wherein we don’t have on-premise exchange to fix this but exchange attributes are there in AD schema.

Managing the Exchange Attributes for cloud users from AD PowerShell or from ADSIedit is not supported and we strongly recommend keeping an active Exchange Server in your Active directory with minimum roles, just for being able to manage the Exchange attributes that shall be synced to the cloud.

For more information about these recommendations, you might find interesting below public article:

https://technet.microsoft.com/en-us/library/dn931280(v=exchg.150).aspx

“The question of whether a third-party management tool or ADSIEDIT can be used is often asked. The answer is you can use them, but they are not supported. The Exchange Management Console, the Exchange Administration Center (EAC), and the Exchange Management Shell are the only supported tools that are available to manage Exchange recipients and objects. If you decide to use third-party management tools, it would be at your own risk. Third-party management tools often work fine, but Microsoft does not validate these tools. “

Who should use this?

It can be used for users for whom you are getting error like below.

Failed to sync the ArchiveGuid 00000000-0000-0000-0000-000000000000 of mailbox 28b656595f-924b-4c5b-a4be-ea255450f  because one cloud archive 45e245ba67-a5ed-4408-8ced-a4d124521 exists

What do you need to know before you begin?

  • Should have installed MsOnline module for Office 365.
  • Should have Global admin credentials for Office 365.
  • Should have logged in to domain controller with Enterprise Admin credentials.
  • Should have rights to execute scripts.

How you do this?

  1. Login to a domain controller which meets above per-requites.
  2. Download and extract attached zip file in any location on the server. For example, I extracted it under “C:\O365”. There should be below 4 files.

 

ArchiveGuid_Version1.0.ps1

ArchiveGuid_Version1.0_Menifest.psd1

ArchiveGuid_Version1.0_Module.psm1

ConnectingToResources.ps1

 

  1. Open Windows PowerShell as administrator on the machine and set the directory of script files. For example, below.

 

Set-Location “C:\O365”

 

  1. Run below command and you should be able to see script files. If they are not there then you have set wrong location on step 3.

 

Get-ChildItem

  1. Run below command to import module.

 

Import-Module .\ArchiveGuid_Version1.0_Menifest.psd1

 

  1. Run below command to connect to office 365 and when prompted enter Office 365 global admin credentials.

ConnectTo-office365

  1. Run below command to collect effected users data from Office 365.

Get-EffectedMsolUser -CSVPath “location for csv file”

For example:

Get-EffectedMsolUser -CSVPath "C:\O365\EffectedMsolUser.csv"

 

**CSVPath – Path where you want to extract CSV file of effected MSOL users. Suggested to use same path where you have script files.

 

  1. Run below command to collect effected mailboxes data from Office 365.

Get-EffectedMailboxes -MsolUserCSVPath "location of CSV file collected in step 7" -MailboxCSVPath "location to create effected mailbox csv file"

For example:

Get-EffectedMailboxes -MsolUserCSVPath "C:\O365\EffectedMsolUser.csv" -MailboxCSVPath "C:\O365\EffectedMailboxes.csv"

 

**MsolUserCSVPath – Path of CSV file collected in step 7.

**MailboxCSVPath – Location to create effected mailboxes csv. Suggested to use same path where you have script files.

 

  1. Run below command to see effected AD accounts in your on-premise active directory. Output of this will show samAccountName of users where Archive Guid and name needs to be set.

 

Get-EffectedAdUser -EffectedMailboxCsvPath "location of CSV file generated in step 8" -EffectedPartition 'Domain partition where you want to search'

 

For example:

Get-EffectedAdUser -EffectedMailboxCsvPath "C:\O365\EffectedMailboxes.csv" -EffectedPartition 'DC=hckoffice365,DC=in'

 

**EffectedMailboxCsvPath – Location of CSV file generated in step 8. In my case its “C:\O365\EffectedMailboxes.csv”

**EffectedPartition (Not Mandatory) – Domain partition where you want to search and set the attributes. If you don’t mention this attribute, then script will take root partition by default.

 

  1. Run below command to set Archive Guid and Archive Name values on effected user accounts.

 

Set-msExchArchiveInfo -EffectedMailboxCsvPath "location of CSV file generated in step 8" -EffectedPartition "domain partition where you want to set the values"

 

For example:

 

Set-msExchArchiveInfo -EffectedMailboxCsvPath "C:\O365\EffectedMailboxes.csv" -EffectedPartition "DC=hckoffice365,DC=in"

 

**EffectedMailboxCsvPath – Location of CSV file generated in step 8. In my case its “C:\O365\EffectedMailboxes.csv”

 

**EffectedPartition (Not Mandatory) – Domain partition where you want to search and set the attributes. If you don’t mention this attribute, then script will take root partition by default.

 

  1. Once above steps completed force directory sync from AAD connect server PowerShell using below command.

 

Start-AdSyncSyncCycle -PolicyType Initial

 

  1. Once sync completed check office 365 portal after 10-15 mins and there should not be any error for effected mailboxes. You can also confirm by performing step 7 again and this time output CSV file should be blank.

 

Script File Zip file - Archive Guid Script

 

Please do share feedback in comments if you face any issues.

Thanks,

Harish Kaushal

Comments

  • Anonymous
    February 27, 2017
    Awesome script, I ran it with no error messages, but still getting issues on O365 side and running step 7 result in a full file again (populated with users). I suspect the issue is with the msExchArchiveGUID value I am seeing. When I am going to attribute editor on each of the users I see \D1\2b\20\2F...... instead of the GUID which should look like 0265ece3-62f1-4c41-903c-9ad8979c9af2 so unless there is a conversion therefrom GUID to Hex or something. I dont know why the field does no show "0265ece3-62f1-4c41-903c-9ad8979c9af2"Also, was on a phone with a MS O365 Partner support for two hours, but we could not figure it out. My background is quite special though, we synced all mailboxes to O365 back in December, did a migration with SkyKick which went smooth. We then set up AD Sync, which worked fine as well. During out on premise Exch2010 decommission we removed mailboxes with accounts by mistake! We had to re-create some AD accounts from scratch as we could not restore them. Still re-enabled AD Connect sync and watched it syncing fine. Then the archive errors started:Exchange: Failed to sync the ArchiveGuid 00000000-0000-0000-0000-000000000000 of mailbox b4e09ca7-9284-4fa1-9ef7-44ea07759576 because one cloud archive 0265ece3-62f1-4c41-903c-9ad8979c9af2 exists.; Exchange: An unknown error has occurred. Refer to correlation ID: d8e63486-2604-4a9f-95e6-6f12056722d7Any other ideas why this is not working? Could it be that the msExchArchiveGUID entry or current data is the culprit? Thank you very much for your help.
    • Anonymous
      February 27, 2017
      No the value you see in AD is correct its just hex value of cloud Guid. Did you force AAD CONNECT sync after making changes? If yes do you see updates getting synched on Synchronization Service Export operation?How many users affected? If its more in number then it might take sometime to replicate changes between azure Ad and EXO.
    • Anonymous
      February 27, 2017
      One more thing check in SYNC RULE EDITOR do you see exchange rules there?If yes check if MailNickName attribute is populated for effected users or not. If not then you need to populate it because no mailNickName value will not trigger EXO rules on AAD connect.
      • Anonymous
        February 27, 2017
        Yes, I forced AAD Connect, with no luck. I did see the msExchArchiveGUID and msExchArchiveName gets populated to all users. O365 still shows errors though. I suspect you got something with your comment on the mailNickName. I noticed it is empty on all user accounts. Should I manually populate it? Does it need to be something in specific or match something in O365? Thanks for your help!
        • Anonymous
          February 27, 2017
          It worked, I just synced it again after adding the full user name on the mailNickName field and the error for archive went away. Fantastic! Thank you very much. Now, when I finally go and remove the old Exchange 2010, is there something I should keep in mind or consider when removing it?
          • Anonymous
            March 01, 2017
            You can remove Exchange server. Just make sure there is no changes to AD Schema and attributes. But if you have exchange attributes on-premise and want to manage through on-premise then Microsoft Suggest to keep at least on exchange server.
  • Anonymous
    February 27, 2017
    Should I maybe remove the msExchMailboxGuid attribute sync from AD Connect Sync?
  • Anonymous
    September 28, 2017
    magnificent post, very informative. I wonder why the opposite experts of this sector don't realize this.You should continue your writing. I'm confident, you have a great readers' base already!