question

DaroUY avatar image
0 Votes"
DaroUY asked joyceshen-MSFT commented

Linked Mailboxes on Exchange Online

Hi,

We have an account-resource forest deployment type, where the exchange organization are in the resource forest and all the mailboxes are linked to they master accounts that's are hosted on the account forest.
We are trying to make this linked mailboxes visible on Exchange Online, like a mailuser, but in our lab was not possible.
(We don't want to migrate these linked mailboxes, we want to make and hybrid deployment)

And whenever we enable the licence of the Exchange Online to the linked user's other separate mailbox is created (usermailbox).

When we see the details of the running profiles on the sync service, we found that the projections are not replicated to the tenant.

Trying all the steps on this article, we have the same result, the linked mailboxes are not synced to the tenant.
https://jaapwesselius.com/2018/04/26/exchange-resource-forest-and-office-365-part-ii/

We trying also to change the linked account on the resource forest (change the password and enable it), change the running profiles to accept disabled accounts on the sync services, all this without luck.

Docs of Azure AD Connect say that this is possible but we are stuck on this point
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-forests-account-resource-forest
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-objectsync#linked-mailbox-issue

Resource and Account forest Azure AD Connect is configured whit this option and the azure login att is the mail.
132881-image.png







Can anyone have an idea why this happens?

Thanks in advance for your help.

Regards -

office-exchange-server-administrationoffice-exchange-hybrid-itpro
image.png (42.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

joyceshen-MSFT avatar image
1 Vote"
joyceshen-MSFT answered joyceshen-MSFT commented

Hi @DaroUY

Do you mean you meet the issue users not synced here? Please correct me if I have any misunderstanding about your question.

132849-image.png

If this is the case ,first make sure we select the right Domain/OU filtering options for both Forest (the containers containing the user accounts in the Account Forest and the corresponding Mailboxes in the Resource Forest)

Here is also an article tells about how to Migrate Your Linked Mailboxes
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

A different scenario is introduces here: a client who had a mixture of linked and non-linked mailboxes, so in this case, we couldn’t match users on the ObjectSID and msExchMasterAccountSID attributes. Instead, we chose to match users using the SamAccountName and MailNickName attributes. In most scenarios, user objects in each forest will have the same value for these attributes, so matching accounts on these attributes is the next best option. If this is not the case in your environment, you will need to select another attribute to match your users on. You will also need a process in place to populate this attribute correctly across the AD objects in the two forests.

In addition, if your issue is related to the AAD not sync, I would suggest you refer to the trpubleshooting step here: Troubleshoot an object that is not synchronizing with Azure Active Directory


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




image.png (166.9 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your response

Yes, the linked mailboxes are not synchronized but the master accounts are (AD User on the account forest). We try in the lab to sync first the resource forest accounts (linked mailboxes) and in the portal, we saw that the synchronization occurs but don't see any new user.
In this type of deployment, we understand the linked mailbox and the master account data are merged in the tenant, but we don't saw that occurs. For example, the user doesn't have any extra X500.

When we saw the details of the running profiles on the synchronization service we notice the projections of users filtered the linked mailboxes. Not like a domain/ou filter

132990-image.png


133112-image.png



0 Votes 0 ·
image.png (11.8 KiB)
image.png (5.4 KiB)

Hi @DaroUY

Thanks for providing more information, I would suggest you check the CS import to see if there is any error. And it seems that your on-prem AD object synchronization is not triggered at all. This is more related to AAD scope and it's better to consult engineers in AAD forum to get further support, thanks for your understanding!


1 Vote 1 ·

Hi @DaroUY

Is your issue resloved now? Have you discussed the question with AAD team and get any progress?

0 Votes 0 ·