Symptoms

An Exchange Online mailbox is not provisioned in Azure Active Directory (Azure AD) Connect.

Resolution


There are two Windows Azure Active Directory modules to administer Azure AD through PowerShell. Both are supported currently. 

To fix this issue, follow these steps: 

  1. Confirm that the object exists in the Azure AD by using the Azure AD PowerShell module. A UsageLocation parameter is required and has to be populated. For example, run the following cmdlet: 

    Get-MsolUser -UserPrincipalName <UserPrinicipalName or DisplayName> | fl ValidationStatus,UsageLocation,*error*

    Note The ValidationStatus parameter is only viewable by using the Get-MsolUser cmdlet.

    If the ValidationStatus parameter value is not healthy, the following Microsoft Knowledge Base article may help you identify more detailed information about the error:

    2741233 You see validation errors for users in the Office 365 portal or in the Azure Active Directory Module for Windows PowerShell

  2. If the object is not present in Azure AD, make sure that the object is in scope of Azure AD Connect.

  3. If the object is present in Azure AD, confirm that the object is present in Exchange by using the Get-User cmdlet. 

    If there is no result, ask Microsoft to submit the object for a forward sync from Azure AD to Exchange Online. This request must be made by using the ObjectId parameter. The ObjectId parameter value can be found in Azure AD. (It will be in the form of XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX). For example, run one of the following cmdlets: 

    Get-MsolUser -UserPrincipalName <UserPrinicipalName or DisplayName> | fl ObjectId

    Get-AzureADUser -SearchString <UserPrinicipalName or DisplayName> | fl ObjectId

  4. If a user is not present, review a source AD dump to verify that the values of the UserPrincipalName and mailNickname attributes are populated.

  5. If the UserPrincipalName attribute value is set, ask Microsoft to submit the object for a forward sync from Azure AD to Exchange Online by using the UserPrincipalName attribute. Provide this value, as it may differ from your PrimarySMTPAddress attribute value.

  6. Check for DirSync errors. To do this, refer to the following support articles:

      Identify directory synchronization errors in Office 365
      Identifying DirSync provisioning errors in Office 365

    For more information about how to troubleshoot, see the following articles:

      Troubleshooting errors during synchronization
      Troubleshoot an object that is not synchronizing to Azure AD

  7. If there is a conflict with another object but that object can't be found in your on-premises Active Directory, confirm that there isn't a cloud-only object that is causing the problem.

    You can do this in several ways. Select Users -> Guest Users in the Admin Portal, or view the properties in the Sync Error details in the Admin Portal. If it shows Source Anchor as blank and the Source of authority is Cloud, this is a Guest user. The object should be removed or updated to reduce the conflict with a syncing object. Finally, you can also check this by using the following cmdlet in PowerShell.

    get-msoluser -userprincipalname John@contoso.com | fl UserType,ImmutableId

    The result resembles the following: 

    UserType    : Guest
    ImmutableId : 
    
  8. Confirm that there is a license assigned to the user in Azure AD. This can be checked in Azure AD and in Exchange Online. For example: 

    Azure AD

    Get-MsolUser -UserPrincipalName <UserPrinicipalName or DisplayName> | fl *license*

    Get-AzureADUser -ObjectId <UserPrinicipalName or DisplayName> | fl *license*

    Exchange Online

    Get-Recipient <UserPrinicipalName or DisplayName> | fl SkuAssigne

  9. Determine whether there is a mailbox in a soft-deleted or inactive state. To do this, run the following cmdlets: 

    Soft-deleted

    Get-Mailbox -SoftDeletedMailbox <UserPrinicipalName or DisplayName>

    If the mailbox is soft-deleted, it’s recoverable within 30 days by moving the AD account back into scope or restoring content by using the New-MailboxRestoreRequest cmdlet. For more information, see Delete or restore user mailboxes in Exchange Online

    Inactive

    Get-Mailbox -InactiveMailboxOnly <UserPrinicipalName or DisplayName>

    If the mailbox is inactive, see Recover an inactive mailbox in Exchange Online

     

  10. If you make a change to correct a sync error and the issue is still not resolved, ask Microsoft to submit the object for a forward sync from Azure AD to Exchange Online by using the UserPrincipalName attribute. Please provide this value as it may differ from your PrimarySMTPAddress attribute value. Provide the Azure ObjectID parameter, which is now needed to run the forward sync.

    Get-MsolUser -SearchString <UserPrinicipalName or DisplayName> | fl ObjectID

 

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×