Introduction
The purpose of this blog is to cover the recommendations for switching over shared mailbox accounts from synced with Active Directory to Cloud only accounts.
There are two options to perform the switchover of an account from synced with Active Directory to cloud only. This document is going to cover the preferred method of changing the account to a cloud account.
Lab Configuration
This section of the document covers the configuration within the Office 365 tenant and Active Directory.
- A user named Shared-IT is stored in a test folder that is synced with Office 365
-
A folder named Builtin is not synced with Office 365
Configurations Steps
-
Created Test Shared and synced it with Office 365
-
Created test shared mailbox in Exchange Online
-
Switch the user over to a shared mailbox in Exchange Online
-
Within Exchange added users to full mailbox and send permissions
-
Sent a few email messages to the mailbox
-
Moved the Shared-IT account to an OU that is not synced
-
Forced a delta sync
-
Restored the Shared Room object
-
Test Shared was moved to active users and is now a cloud object
-
Change the immutableid account to $null and break the relationship between the accounts
-
Force sync with AAD Connect
-
Account stayed as a cloud account
-
Test Cases
This section of the document covers the test cases we executed in our lab environment. The results of the test cases directly influenced our recommendations.
Validation Key Color Code
| Test Case Color Code Key | |
| Pass – The expected results were achieved | |
| Fail – The expected results were not achieved | |
Validation
| Test Case – 01: Access to Shared Mailbox – OWA | |||
| Explanation | The delegate of the mailbox should still have access to the shared mailbox after making it a cloud mailbox | ||
| Expected Result | Christopher’s account will still have full access to the mailbox | ||
| Test Actions | Access mailbox from OWA | ||
| Comments from Test | |||
| Test Results | Test Date | Result | |
| 5/1/2018 | Pass | ||
| Test Case – 02: Access to Shared Mailbox – Outlook | |||
| Explanation | The delegate of the mailbox should still have access to the shared mailbox after making it a cloud mailbox | ||
| Expected Result | Christopher’s account will still have full access to the mailbox | ||
| Test Actions | Access mailbox from Outlook | ||
| Comments from Test | |||
| Test Results | Test Date | Result | |
| 5/1/2018 | Pass | ||
| Test Case – 03: Send As Permissions | |||
| Explanation | The delegate of the mailbox should still perform Send As | ||
| Expected Result | Christopher’s account will still have to Send As permissions | ||
| Test Actions | Send an email message from within Outlook | ||
| Comments from Test | |||
| Test Results | Test Date | Result | |
| 5/1/2018 | Pass | ||
| Test Case 004: Email Content | |||
| Explanation | Mail content is still visible after cutover | ||
| Expected Result | The content in the shared mailbox should still be available | ||
| Test Actions | Open the shared mailbox and validate the content is in the inbox | ||
| Comments from Test | |||
| Test Results | Test Date | Result | |
| 5/1/2018 | Pass | ||
| Test Case 005: Sync AD User – After Switchover | |||
| Explanation | After the ImmutableID change on the cloud account, force a sync | ||
| Expected Result | The cloud user shouldn’t be moved to the deleted user container | ||
| Test Actions | Force sync after changing the immutableID | ||
| Comments from Test | |||
| Test Results | Test Date | Result | |
| 5/1/2018 | Pass | ||