Check linked accounts on MS365/Exchange remote mailboxes

1 Introduction
2 Get linked account of a remote mailbox
3 Search linked recipient for an account

Introduction

In a hybrid context with an Exchange platform located in a resource forest and users in an account forest, on-premise mailboxes are linked to user accounts. When a mailbox is migrated to MS365, the mailuser object (remote mailbox) that remains on-premise is still linked to the user’s account. There is no native PowerShell command to list these links. Below are two PowerShell functions: One that allows you to find the account linked to a remote mailbox and one that allows you to find the remote mailbox linked to a user account.

Get linked account of a remote mailbox

“Get-LinkedAccount” function permits to read the account linked to a remote mailbox”Get-LinkedAccoubt permits you to read the account linked to a remote mailbox

#################################################################
# $recipient = email or alias or identity of the on-premise mailuser
#################################################################

Function Get-LinkedAccount($recipient){

    $objectName = (Get-remotemailbox $recipient).Name
    Write-Host $objectName
    $SIDSTR = (Get-ADUser $objectName -Properties MsExchMasterAccountSid).MsExchMasterAccountSid
    Write-Host $SIDSTR
    $SID = New-Object System.Security.Principal.SecurityIdentifier($SIDSTR)
    $objUser = $SID.Translate([System.Security.Principal.NTAccount])
    Return $objUser.Value
    
}

Search linked recipient for an account

“Seach-LinkedMailbox” function permits to find the remote mailbox / on-premise mailbox linked to a user account

#################################################################
# $UserDomain = Domain name of the account forest
# $UserDomain = Username
#################################################################

Function Search-LinkedMailbox($UserDomain,$UserAccount){

    $UserDomainAccount= $UserDomain + "\" + $UserAccount
    #Get SID from AD
    try
    {
        $objsid = New-Object System.Security.Principal.NTAccount($UserDomain,"$UserAccount")
        $error.Clear()      
        $sid = $objsid.Translate([System.Security.Principal.SecurityIdentifier])
        if ($error) { write-host "ERROR: AD account $UserDomainAccount not found! " }
    }
    catch
    {
        Write-Host "Error getting SID for the account $UserDomain $UserAccount" -ForegroundColor Red
        continue
    }

    #Test is account is already linked and return recipient
    try
    {
        $Testifnotlinked = Get-ADObject -LDAPFilter "MsExchMasterAccountSid=$($sid.value)" -ErrorAction SilentlyContinue
        if ( $Testifnotlinked )
        {
            throw "Account already linked to a recipient DN = $($Testifnotlinked.Distinguishedname)"
        }
    }
    catch
    {
        Write-Host "Account already linked to a recipient DN = $($Testifnotlinked.Distinguishedname)" -ForegroundColor Red
        Get-Recipient -anr $Testifnotlinked.Name | ft Name, PrimarySmtpAddress, DisplayName
        continue
    } 

}

Lionel TRAVERSE
Microsoft 365 Certified Administrator Expert
Microsoft Certified Trainer
lionel.traverse@admin365.fr