Skip to content
Home » Linked Accounts Check

How to check linked accounts on M365 remote mailboxes

In a hybrid context with an Exchange platform located in a resource forest and users in an account forest, on-premise mailboxes are linked to user accounts. When a mailbox is migrated to Microsoft 365, the mailuser object (remote mailbox) that remains on-premises is still linked to the user’s account. There is no native PowerShell command to check these links.

Here are two PowerShell functions to search linked accounts Microsoft 365 remote mailbox with powershell.

  • The first one allows you to find the account linked to a remote mailbox.
  • The second allows you to find the remote mailbox linked to a user account.

Get linked account of a remote mailbox

“Get-LinkedAccount” function permits to read the account linked to a remote mailbox.

The usage is very simple with only the input field “Recipient” (email or name).

#################################################################
# $recipient = email or alias or identity of the on-premise mailuser
#################################################################

Function Get-LinkedAccount($recipient){

    $objectName = (Get-remotemailbox $recipient).Name
    Write-Host $objectName
    $SIDSTR = (Get-ADUser $objectName -Properties MsExchMasterAccountSid).MsExchMasterAccountSid
    Write-Host $SIDSTR
    $SID = New-Object System.Security.Principal.SecurityIdentifier($SIDSTR)
    $objUser = $SID.Translate([System.Security.Principal.NTAccount])
    Return $objUser.Value
    
}

Get linked recipient for an account

“Seach-LinkedMailbox” function permits to find the remote mailbox / on-premise mailbox linked to an user account.

The usage is very simple with only 2 input fileds : user name and thedomain name.

#################################################################
# $UserDomain = Domain name of the account forest
# $UserDomain = Username
#################################################################

Function Search-LinkedMailbox($UserDomain,$UserAccount){

    $UserDomainAccount= $UserDomain + "\" + $UserAccount
    #Get SID from AD
    try
    {
        $objsid = New-Object System.Security.Principal.NTAccount($UserDomain,"$UserAccount")
        $error.Clear()      
        $sid = $objsid.Translate([System.Security.Principal.SecurityIdentifier])
        if ($error) { write-host "ERROR: AD account $UserDomainAccount not found! " }
    }
    catch
    {
        Write-Host "Error getting SID for the account $UserDomain $UserAccount" -ForegroundColor Red
        continue
    }

    #Test is account is already linked and return recipient
    try
    {
        $Testifnotlinked = Get-ADObject -LDAPFilter "MsExchMasterAccountSid=$($sid.value)" -ErrorAction SilentlyContinue
        if ( $Testifnotlinked )
        {
            throw "Account already linked to a recipient DN = $($Testifnotlinked.Distinguishedname)"
        }
    }
    catch
    {
        Write-Host "Account already linked to a recipient DN = $($Testifnotlinked.Distinguishedname)" -ForegroundColor Red
        Get-Recipient -anr $Testifnotlinked.Name | ft Name, PrimarySmtpAddress, DisplayName
        continue
    } 

}


By Lionel TRAVERSE
Microsoft 365 Certified Administrator Expert / Microsoft Certified Trainer