In a hybrid context with an Exchange platform located in a resource forest and users in an account forest, on-premise mailboxes are linked to user accounts. When a mailbox is migrated to Microsoft 365, the mailuser object (remote mailbox) that remains on-premises is still linked to the user’s account. There is no native PowerShell command to check these links.
Here are two PowerShell functions to search linked accounts Microsoft 365 remote mailbox with powershell.
- The first one allows you to find the account linked to a remote mailbox.
- The second allows you to find the remote mailbox linked to a user account.
Get linked account of a remote mailbox
“Get-LinkedAccount” function permits to read the account linked to a remote mailbox.
The usage is very simple with only the input field “Recipient” (email or name).
#################################################################
# $recipient = email or alias or identity of the on-premise mailuser
#################################################################
Function Get-LinkedAccount($recipient){
$objectName = (Get-remotemailbox $recipient).Name
Write-Host $objectName
$SIDSTR = (Get-ADUser $objectName -Properties MsExchMasterAccountSid).MsExchMasterAccountSid
Write-Host $SIDSTR
$SID = New-Object System.Security.Principal.SecurityIdentifier($SIDSTR)
$objUser = $SID.Translate([System.Security.Principal.NTAccount])
Return $objUser.Value
}
Get linked recipient for an account
“Seach-LinkedMailbox” function permits to find the remote mailbox / on-premise mailbox linked to an user account.
The usage is very simple with only 2 input fileds : user name and thedomain name.
#################################################################
# $UserDomain = Domain name of the account forest
# $UserDomain = Username
#################################################################
Function Search-LinkedMailbox($UserDomain,$UserAccount){
$UserDomainAccount= $UserDomain + "\" + $UserAccount
#Get SID from AD
try
{
$objsid = New-Object System.Security.Principal.NTAccount($UserDomain,"$UserAccount")
$error.Clear()
$sid = $objsid.Translate([System.Security.Principal.SecurityIdentifier])
if ($error) { write-host "ERROR: AD account $UserDomainAccount not found! " }
}
catch
{
Write-Host "Error getting SID for the account $UserDomain $UserAccount" -ForegroundColor Red
continue
}
#Test is account is already linked and return recipient
try
{
$Testifnotlinked = Get-ADObject -LDAPFilter "MsExchMasterAccountSid=$($sid.value)" -ErrorAction SilentlyContinue
if ( $Testifnotlinked )
{
throw "Account already linked to a recipient DN = $($Testifnotlinked.Distinguishedname)"
}
}
catch
{
Write-Host "Account already linked to a recipient DN = $($Testifnotlinked.Distinguishedname)" -ForegroundColor Red
Get-Recipient -anr $Testifnotlinked.Name | ft Name, PrimarySmtpAddress, DisplayName
continue
}
}
By Lionel TRAVERSE
Microsoft 365 Certified Administrator Expert / Microsoft Certified Trainer