Introduction to the various type of Exchange Online recipients | PowerShell cmdlets | Office 365 | Part 8#13 5/5 (3) 30 min read

Addressing “recipient’s objects” in Exchange Online and Azure Active Directory environment for performing tasks such as looking for information about E-mail addresses could be realized as a challenging task.

In the current article, we will take a walk in the “thick forest” of Exchange Online and Azure Active Directory infrastructure, and learn about the various types of “entities” in the Office 365 environment.

To be able to address the various “recipient entities” in an Office 365 environment, we will need to answer the following questions:

Q1: Where are these “recipient entities” stored?
For example, the term “Office 365” can be translated into different infrastructure such as – Azure Active Directory, Exchange Online, Share point online, SkyDrive for business and so on.

It’s true that most of the time, we associate the term “recipient” to the Exchange Online environment but, in an Office 365 environment, the definition of the term “recipient” is more complex.

For example, Azure Active Directory store information about the E-mail addresses of Exchange Online recipients and the Office 365 login name (UPN name) is impacting the Exchange on-Premises Recipient Primary E-mail address.

Another scenario could be an Exchange Hybrid environment that “bind” Exchange on-Premises Exchange environment + Exchange Online environment.
In this scenario, we will need to understand where are the “recipients” stored (Exchange on-Premises or Exchange Online) and what is the difference between this recipient type.

Q2: Who are the different recipient and user object entities that we need to address?

For example, Exchange Online environment includes many types of recipients such as – Mailbox recipient, contact recipients, Public Folder recipient, Group recipient and so on.

Q3: What are the PowerShell cmdlets that we use in addressing each of the different types of recipients?

For example

To address users stored in the Azure Active Directory we need to use different PowerShell cmdlets versus the Exchange Online environment.

To address different type of Exchange Online recipient, we will need to use a “dedicated PowerShell cmdlets” for each type of recipient or use a “General purpose” PowerShell cmdlets such as the command Get-Recipient.

The challenges of searching E-mail addresses in Office 365 environment

At first glance, this task could seem to be quite simple. Our basic assumption is that the Office 365 ports or the Exchange Online admin center interface include some “graphic interface” that will help us to perform the required search.

In reality, the task of locating E-mail address in Office 365 and Exchange Online can prove to be not that simple!

There are a couple of reasons the lead me to describe the above task as – “not a simple task”

1. Exchange Online admin – the lack of centralized E-mail address searches tool

Exchange Online (and Exchange) has many types of “recipients.” The E-mail address that we look for could be related to any type of recipient.

Exchange Online includes a web-based interface, that enables us to perform a search, looking for
E-mail address, but the main disadvantage of this interface is that the search interface is based on a “scope.”

For example, different search scope for “Exchange Online user mailbox object scope”, “Exchange Online shared mailbox scope” and so on.

In other words, we don’t have a tool that can perform a “wide E-mail address search” that is performed by query all the recipient’s types that exist in Exchange Online infrastructure.

2. Multiple “identities” that uses the E-mail address naming convention

E-mail address is just a naming conviction that we use for describing the identity of someone.

An E-mail address can be described as a string structure that contains the left part which described as Alias, the “@” sign and the “right part” – organization name (domain mane suffix).

The structure of E-mail address and UPN name in Office 365 and Exchange Online

In Office 365 infrastructure, there are additional identities that use an identical naming
convention as an E-mail address.

For example, the login name of Office 365 described as UPN (user principal name), and the UPN has and identical structure to the E-mail address structure.

Most of the time the Office 365 UPN name is identical to the Exchange Online Primary E-mail address but sometimes they are different.

Another example is the SIP (Session Initiation Protocol) address.

Every Office 365 users whom his license includes Skype for Business license, have a SIP address.
And again, the SIP address is based on the identical structure as the stature of the E-mail address.

When we say that we look for information about “E-mail address,” it’s important that we know if the information that we look for is indeed E-mail address or another type of identities such as SIP address or Office 365 user UPN name.

The E-mail address naming convection used by “other” Office 365 infrastructures -02
3. Office 365 as a complicated infrastructure

Office 365 is a logical container for many types of services and infrastructures.

The information about a specific Office 365 can “appears” in many infrastructures as the same time.

For example, each Office 365 users who have Exchange Online license appears at the same time as – Office 365 Azure Active Directory “user account entity,” and defined also in Exchange Online infrastructure as a user and as a “mailbox recipient.”

When we are looking for information about specific E-mail address or a specific type of E-mail address addresses, it’s important to know that we will need to define a “search scope” that includes the Office 365 (Azure Active Directory) infrastructure + the Exchange Online infrastructure.

The specific Office 365 infrastructure that we address -03

The solution + additional Challenges

The main tool that we can use for performing such type of “global search” is our dear friend – the PowerShell.

Given that we decide to use PowerShell as a tool for getting information about E-mail address, SIP address or Office 365 UPN name, the main challenge that we face is – the need to be familiar with each type of Exchange Online recipient and the Office 365 “entity” that we need to address + the specific PowerShell cmdlets that we need to use for addressing this recipient or Office 365 entities.

Two common scenarios of - looking for E-mail address in Office 365

Real life scenarios examples

Scenario 1 – Removing a “registered domain name” from Office 365 tenant

In this type of scenario, Office 365 will “allow” us to remove a specific registered domain name only if no existing “entity” uses the specific domain name. The “entity” could be Office 365 user, Exchange Online recipient and more.

In addition, the domain name that we need to remove can appear as part of the Office 365 UPN name, recipient E-mail address or other attributes.

Only after we found all the entities that use the specific domain name, and we remove this domain name or replace it with another domain name, only then we can remove the domain name that was registered with Office 365 as the tenant domain.

Scenario 2 – searching for a “hidden” E-mail address

In this scenario, we would like to locate existing Exchange Online recipient or Office 365 user who uses a specific E-mail address.

The main challenge in this case is, how to locate the specific E-mail address that could be “belong” to a variety of Exchange recipient types or to Office 365 user (the UPN username).

As mentioned, at the current time Exchange Online include a “search interface” but this search option is restricted to a specific type of recipient such as – Mailbox recipient, resources recipient and so on.


The Exchange recipient objects and Azure Active Directory “recipient objects”

When we say that we want to look for a specific “E-mail address,” it’s important that we also “declare” the specific Exchange “recipient type.”

Associatively we think that “recipient” is a User with a mailbox, but the reality is more complex because, in an Exchange base environment, there are many types of additional recipients such as – mail contact, Public Folder, a different type of groups and so on.

To make thing even more complicated, in an Office 365 based environment the subject of “E-mail address” is not related only to the Exchange Online environment, but also to the Office 365 part, that manages and store Office 365 user accounts – the Azure Active Directory.

For example, Office 365 user login name (UPN – User Principal Name) is based on an “E-mail address” naming convention (Alias + Domain name suffix).

The different types of Exchange Online recipients and Office 365 recipients

The task of – “searching” specific E-mail address in the Office 365 “space,” should include the information about the specific “Mail recipient object” and the specific environment such as Office 365 (Azure Active Directory) or Exchange Online.

The ability to review in detail each of the specific Exchange Online recipient type and their specific characters + each Office 365 (Azure Active Directory) object type, is beyond the scope of the current article.

Even though, I would like to provide a high-level review of the:

Different type of Exchange Online recipient, the PowerShell cmdlets that we use for getting information about the specific recipient type and the “Exchange Online classification” of the specific object.

As mentioned, Office 365 (Azure Active Directory) also includes information about the user account that uses the UPN name (identical structure as E-mail address) and includes information about groups and contacts.


Exchange Online recipient types

In the following section, I would like to review the PowerShell cmdlets that we use to address the various Exchange Online recipient type and the objects in the Azure Active Directory.

We will start with the Exchange Online based environment and in the next section, we review the Office 365 (Azure Active Directory) environment.

The following table includes a list of all the Exchange Online available recipient types and the PowerShell cmdlets that we use for getting information about each Exchange Online recipient type:

Exchange recipients
RecipientGet-Recipient
* Remark 1
Mailbox recipient
MailboxGet-Mailbox
* Remark 2
User object
UserGet-User
* Remark 3
Contact recipient
ContactGet-Contact
* Remark 4
Mail ContactGet-MailContact
* Remark 4
MailUserGet-MailUser
* Remark 5
Public Folder recipient – Mail enables Public Folder
Public FolderGet-MailPublicFolder
* Remark 6
Group recipient
DistributionGroupGet-DistributionGroup
Dynamic Distribution GroupGet-DynamicDistributionGroup
Unified GroupGet-UnifiedGroup
* Remark 7

Remark 1 | The PowerShell command Get-Recipient

We can relate to the PowerShell cmdlet “Get-Recipient” as a “super cmdlets” that we can use to get information about any type of existing Exchange Online recipient.

The rule of “all available Exchange Online recipient” is true beside two exceptions:

  • An exchange online mailbox that considered as soft deleted (Get-Mailbox -SoftDeletedMailbox)
  • Unified Exchange Online group (Get-UnifiedGroup)

In case that we want to look for a specific E-mail address or a specific domain name suffix, and we want to create a “search scope” that will include – all the available recipient’s objects in the Exchange Online based environment, we will need to use a combination of the three PowerShell cmdlets:

  1. Get-Recipient
  2. Get-UnifiedGroup
  3. Get-Mailbox -SoftDeletedMailbox

The magic formula of getting information about all the Exchange Online recipient types

The PowerShell cmdlets – Get-Recipient, display information about all the Exchange Online recipient types that appears in the diagram below.

As mentioned, the PowerShell cmdlets – Get-Recipient, will not display soft deleted Exchange Online mailboxes, and will not display information about the Exchange Online recipient who described as “Unified groups.”

Exchange Online infrastructure - Get information about various Exchange Online mail recipients

 

View the different type of Exchange Online recipients, when using the Get-Recipient cmdlet

To be able to know what are the Exchange Online recipients type that the PowerShell cmdlet
Get-User, get” for us, we can the PowerShell cmdlet Get-Recipient + the parameter “Group.”
The Group parameter creates a “grouped display” of the different type Exchange Online recipients.

For example:

In the results, under the “name” column, we can see all the different type of Exchange Online recipients that the PowerShell cmdlets Get-Recipient “get.”

To summarize the information, we can say that if we want to look for a specific recipient in Exchange Online based environment, we will need to use the combination of the following three PowerShell cmdlets.

The complete search scope of recipients in Exchange Online environment

Remark 2 | The Exchange Online PowerShell cmdlets – Get-Mailbox

In an Exchange environment, the term “mailbox,” relate to a mailbox that is associated with a “user account.” In other words, Exchange user who “own” (mailbox owner) an Exchange mailbox.

The PowerShell cmdlet “Get-Mailbox” relates to 5 types of mailboxes:

  • User mailbox
  • Shared mailbox
  • Room mailbox
  • Equipment
  • Soft Deleted mailbox

When we use the PowerShell command Get-Mailbox, we will get information about all the different type of Exchange Online mailboxes, besides the exception of – Soft Deleted Exchange Online mailboxes.

To be able to view Soft Deleted Exchange Online mailboxes, we will need to add an additional parameter to the original Get-Mailbox cmdlet.

In case that we want to get information about specific types of Exchange Online mailbox such as – user mailbox, Shared mailbox, Room mailbox and so on, we will need to use
the PowerShell command Get-Mailbox + filter.

Attached an example of the way that we use the Get-Mailbox cmdlet + a filter (we implement the filter by using PowerShell where statement) for getting information about a specific type of “Exchange mailbox.”

Exchange Online mailboxes by “type”

Display information only about Exchange Online mailboxes considered as “User mailbox.”PowerShell command example

Display information only about Exchange Online mailboxes considered as “Room mailbox.”PowerShell command example

Display information only about Exchange Online mailboxes considered as “Shared mailbox.”PowerShell command example

Display information only about Exchange Online mailboxes considered as “Equipment mailbox.”PowerShell command example

Soft Deleted Exchange Online mailboxes

As mentioned, the PowerShell cmdlets Get-Mailbox, will not display Exchange Online mailboxes that considered as “deleted mailboxes.”

In Exchange Online environment, there are two type or two classifications of “deleted mailboxes”
1. “Standard” Soft Deleted Exchange Online mailbox
Each Exchange Online mailbox that we deleted considered as Soft Deleted mailboxes. The Soft Deleted mailbox stay in the Exchange Online recycle bin for a period of 30 days.

In case that we want to get a list of Soft Deleted Exchange Online mailboxes, we can use the following PowerShell syntax:

Get-Mailbox -SoftDeletedMailbox

2. Inactive mailbox
This is a special type of Soft Deleted Exchange Online mailboxes that are kept in the Exchange Online recipient for a long period based on the litigation Hold period that was assigned to the specific Exchange Online mailbox.

The PowerShell command Get-Mailbox -SoftDeletedMailbox
display information about the “standard” Soft Deleted + inactive Exchange Online mailboxes.

In case that we want to display information only about Soft Deleted Exchange Online mailboxes that considered as “inactive mailboxes”, we can use the PowerShell command:
Get-Mailbox -InactiveMailboxOnly

Get information about Exchange Online mailbox recipients

View the different type of Exchange Online recipients, when using the Get-Mailbox cmdlet

To be able to know what are the Exchange Online recipients type, that the PowerShell cmdlet Get-User
“get” for us, we can the PowerShell cmdlet Get-Mailbox + the parameter “Group.”
The Group parameter creates a “grouped display” of the different type Exchange Online recipients.

For example:

In the results, under the “name” column, we can see all the different type of Exchange Online recipient that the PowerShell cmdlets Get-Recipient “get.”

Notice that there is no specific classification of “Soft Deleted mailbox” because this is a special category. Each type of Exchange Online mailboxes such as User mailbox or shared mailbox can be considered as a Soft Deleted mailbox.

Remark 3 | The Exchange Online PowerShell cmdlets – Get-user

In Exchange Online environment, the term “User,” relate to Exchange recipient who has a user account.

For example, an Exchange “contact object” doesn’t have a “User account.”

The PowerShell command Get-User relates to all types of Exchange Online recipient who have a user account with an Exchange Online mailbox and without Exchange Online mailbox.

View the different type of Exchange Online recipients, when using the Get-User cmdlet

To be able to know what are the Exchange Online recipients type that the PowerShell cmdlet Get-User “get” for us, we can the PowerShell cmdlet Get-User + the parameter “Group.”
The Group parameter creates a “grouped display” of the different type Exchange Online recipients.

For example:

In the results, under the “name” column, we can see all the different type of Exchange Online recipient that the PowerShell cmdlets Get-User “get.”

Remark 4 | The Exchange Online PowerShell cmdlets – Get-Contact versus Get-MailContact

Exchange Online contacts or a synchronized contact from On-Premise Active Directory.

The PowerShell command Get-MailContact and Get-Contact will “fetch” the same type of contact recipients.

In other words, there is no difference between the number of the contact recipients who will be displayed.

The difference between these two commands is the properties that we displayed for the “contact recipient object.”

The Exchange Online PowerShell cmdlets – ?Get-Contact versus Get-MailContact

For example, looking at the result of using the PowerShell commands – Get-MailContact
and Get-Contact, we can see that we get the same number of recipients.

Remark 5 | MailUser (Get-MailUser) Exchange Hybrid environment

The Exchange Online recipient MailUser

Mail users are similar to mail contacts. Both have external email addresses, and both contain information about people outside your Exchange or Exchange Online organization that can be displayed in the shared address book and other address lists. However, unlike a mail contact, a mail user has login credentials in your Exchange or Office 365 organization and can access resources.

Technically speaking, we can create “MailUser recipient” in Exchange Online but the use of such recipient is quite rare.

In Exchange Online base environment, the most common use of “MailUser recipients” is realized in an Exchange Hybrid environment.

In Exchange Hybrid environment (Directory synchronization environment), the “MailUser recipient” representative – Exchange on-Premises recipient with a mailbox such as – Exchange on-Premises user mailbox, shared mailbox, room mailbox.

The Exchange on-Premises users don’t have “Exchange Online mailbox” but Exchange Online “understand” that these are special recipients, that were synchronized to the cloud from On-Premise Active Directory, and this recipient are Exchange on-Premises recipient with a mailbox.

Mail objects synchronized ?from On-Premise - Exchange on-Premises mailbox users -Get-MailUser

Remark 6 | Public Folder recipient – Mail enables Public Folder

By default, Exchange Online Public Folder doesn’t consider as a “recipient object.” Only in case that we configure Exchange on-Premises Public Folder as “mail enabled,” the Exchange Online Public Folder will be considered as a “recipient.”

The PowerShell command – Get-Recipient display information about Exchange Online mail enabled Public Folders.

In case that we want to get information only about “mail enabled Public Folder recipients,” we use the PowerShell command – Get-MailPublicFolder.

Remark 7 | Group recipient

The PowerShell command Get-Group, will display information about all the type of Exchange Online groups beside one exception – “Dynamic Distribution Group.”

Using the PowerShell command Get-Group, we can get information about

Distribution Group, Mail-enabled security groups, and unified groups.

Regarding the subject of Mail-enabled security groups, there is no special PowerShell command.

To be able to get information only about Mail-enabled security groups, we will need to use the PowerShell command Get-DistributionGroup + Filter.

For example:

Get-Group | Where {$_.GroupType -like “*security*”}

The Exchange Online PowerShell cmdlets – ?Get-Group

Exchange Online recipients classification and PowerShell cmdlets

In the following section, we get an additional view if the various Exchange Online recipients type.

This time, I would like to add additional information that relates to the following parameters
1. PowerShell cmdlets
What are the PowerShell cmdlets that we can use for view information about a specific Exchange Online recipient type?

For example, to get information about Exchange Online recipient who considers as “mailbox user” (Exchange Online + Exchange Online mailbox), we can use the following PowerShell commands:

Get-Recipient – the PowerShell command Get-Recipient, get information about various types of Exchange Online recipient, including Exchange Online mailbox user because Exchange Online mailbox user is actually one type of Exchange Online recipient.

Get-Mailbox – the PowerShell command Get-Mailbox, get information only for Exchange Online recipients that have a mailbox.

We can say that the PowerShell command Get-Mailbox is a derivative of the PowerShell command Get-Recipient
2. RecipientType and RecipientTypeDetails

The Exchange Online recipient properties – RecipientType and RecipientTypeDetails define the specific classification of the mail recipient.

For example, the RecipientType Shared mailbox is – UserMailbox, because Shared mailbox is realized as a user account that is associated with Exchange Online mailbox.

The RecipientTypeDetails of a Shared mailbox is –“ Shared Mailbox,” because Shared mailbox is a special type of mailbox.

For example, in an Office 365 based environment the user account that is associated with the shared mailbox doesn’t have any user license (shared mailbox in Office 365 are free).

3. Exchange Online admin center interface

In this section, I mention where we can see the “location” of the various types of Exchange Online recipients when using the Exchange Online admin center.

In the following screenshot, we can see an example of the “classification” that Exchange Online uses for relating to the different type of Exchange Online recipients.

The location of the various type of Exchange Online recipients

Exchange Online infrastructure

The following section, include summary tables for each Exchange Online recipient type.

The table includes the following sections:

  • The PowerShell cmdlet that we use for getting information about the specific recipient type.
  • The classification of the Exchange Online recipient (RecipientType and RecipientTypeDetails).
  • The “location” of the Exchange Online recipient when using the Exchange Online admin center web interface.

Recipients object type | Mailbox

Exchange Online | User mailbox | Get-Mailbox
PowerShell cmdletsGet-Recipient,Get-Mailbox
RecipientTypeUserMailbox
RecipientTypeDetailsUserMailbox
Exchange Online admin center interface | appear in “mailboxes
Exchange Online | Shared mailbox | Get-Mailbox
PowerShell cmdletsGet-Recipient,Get-Mailbox
RecipientTypeUserMailbox
RecipientTypeDetailsSharedMailbox
Exchange Online admin center interface | appear in “shared
Exchange Online | Room mailbox | Get-Mailbox
PowerShell cmdletsGet-Recipient,Get-Mailbox
RecipientTypeUserMailbox
RecipientTypeDetailsRoomMailbox
Exchange Online admin center interface | appear in “resources
Exchange Online | Equipment mailbox | Get-Mailbox
PowerShell cmdletsGet-Recipient,Get-Mailbox
RecipientTypeUserMailbox
RecipientTypeDetailsEquipmentMailbox
Exchange Online admin center interface | appear in “resources
Exchange Online | Soft deleted mailbox | Get-Mailbox
PowerShell cmdletsGet-Mailbox -SoftDeletedMailbox

Recipients object type | Contact

Exchange Online | Contact | Get-Contact
PowerShell cmdletsGet-Recipient,Get-Contact
RecipientTypeMailContact
RecipientTypeDetailsMailContact
Exchange Online admin center interface | appear in “contacts
Exchange Online | Mail user | Get-MailContact
PowerShell cmdletsGet-Recipient,Get-MailContact
RecipientTypeMailUser
RecipientTypeDetailsMailUser
Exchange Online admin center interface | appear in “contacts

Recipients object type | Mail user

Exchange Online | Mail user | Get-User
PowerShell cmdletsGet-Recipient,Get-User
RecipientTypeUserMailbox
RecipientTypeDetailsUserMailbox
The PowerShell command Get-User relate to all type of Exchange Online recipient that have a user account with Exchange Online mailbox and without Exchange Online mailbox

Store Exchange Hybrid objects

Exchange Online | Mail user | Get-MailUser
PowerShell cmdletsGet-Recipient,Get-MailUser
RecipientTypeMailUser
RecipientTypeDetailsMailUser
Exchange Online admin center interface | appear in “contacts

Recipients object type | Mail enabled Public Folder

Exchange Online | Mail enabled Public Folder | Get-MailPublicFolder
PowerShell cmdletsGet-Recipient, Get-MailPublicFolder
RecipientTypePublicFolder
RecipientTypeDetailsPublicFolder
Exchange Online admin center interface | appear in “Public Folders

Recipients object type | Mail enabled Group

Exchange Online | Distribution Group | Get-DistributionGroup
PowerShell cmdletsGet-Recipient,Get-DistributionGroup
RecipientTypeMailUniversalDistributionGroup
RecipientTypeDetailsMailUniversalDistributionGroup
GroupTypeUniversal
Exchange Online admin center interface | appear in “Groups
Exchange Online | Security mail enabled Group | Get-DistributionGroup
PowerShell cmdletsGet-Recipient,Get-DistributionGroup
RecipientTypeMailUniversalSecurityGroup
RecipientTypeDetailsMailUniversalSecurityGroup
GroupTypeUniversal, SecurityEnabled
Exchange Online admin center interface | appear in “Groups
Exchange Online | Dynamic Distribution Group | Get-DynamicDistributionGroup
PowerShell cmdletsGet-Recipient,Get-DynamicDistributionGroup
RecipientTypeDynamicDistributionGroup
RecipientTypeDetailsDynamicDistributionGroup
GroupTypeNA
Exchange Online admin center interface | appear in “Groups
Exchange Online | Unified Group | Get-UnifiedGroup
PowerShell cmdletsGet-UnifiedGroup
RecipientTypeMailUniversalDistributionGroup
RecipientTypeDetailsGroupMailbox
GroupTypeUniversal
Exchange Online admin center interface | appear in “Groups


Office 365 (Azure Active Directory) infrastructure

In office 365 environments, some of the information about Exchange Online recipients, “appear” also in the Office 365 infrastructure (Azure Active Directory).

Although Azure Active Directory includes information about Exchange Online recipients, most of the time, the task of looking for a specific E-mail of a specific recipient, will be performed by addressing the Exchange Online infrastructure, and not by addressing the Azure Active Directory infrastructure.

For example, the number of the Azure Active Directory PowerShell cmdlets, that “get’” information about “recipients” object versus the available PowerShell cmdlets in Exchange Online is far below.

The main reason in which we address Azure Active Directory, looking for a specific E-mail address is – the Office 365 user UPN (User Principal Name) name.

As mentioned, the Office 365 user login name described as UPN, is based on a “naming structure” identical to the naming structure of standard email addresses.

In a scenario in which we look for a “lost \ hidden” E-mail address that we need to locate or get information about Office 365 user UPN.

The Similarities between Office 365 user UPN name versus Exchange Online E-mail address

The main PowerShell cmdlets that we use for “query” Office 365 UPN names and E-mail addresses
is the – Get-Msoluser.

The main PowerShell command that we use for get information about E-mail addresses Get-Msoluser -01

Azure Active Directory and Exchange Online recipients

Azure Active Directory infrastructure, include information about the following types of recipients

  1. Exchange Online recipients crated in Exchange Online infrastructure.
  2. In Directory synchronization environment, recipient object that is synchronized from On-Premise Active Directory and Exchange on-Premises recipients.

To be able to get information about “group recipient” in an Azure Active Directory environment, we use the PowerShell cmdlets – Get-MsolGroup.

To be able to get information about “contact recipient” in an Azure Active Directory environment, we use the PowerShell cmdlets – Get-MsolContact.

How Azure Active Directory sees Mail objects synchronized ?from On-Premise -02

Office 365 (Azure Active Directory) objects

The following table includes a list of all the Azure Active Directory available User account + recipient types, and the PowerShell cmdlets that we use for getting the information user account and recipients.

Azure Active Directory | User account
RecipientGet-Msoluser
* Remark 1
Azure Active Directory | Group account
MailboxGet-MsolGroup
* Remark 2
Azure Active Directory | Contact account
UserGet-MsolContact
* Remark 3

Remark 1 | Azure Active Directory | User account | Get-MsolUser

Using the PowerShell cmdlet Get-Msoluser, we can get information about the Azure Active Directory (Office 365) user account.

The information about Office 365 user UPN is stored in a property named – UserPrincipalName.

The information about Office 365 user E-mail addresses is stored in a property named – ProxyAddresses.

In addition, each Office 365 users have a property named – SignInName.

To get information about this Office 365 user account properties, we can use the following PowerShell command:

PowerShell console output example

View information about E-mail address and UPN names of Soft Deleted Office 365 user account

In a scenario in which we look for infrastructure about Office 365 user UPN name or E-mail address, the “standard” Get-Msoluser PowerShell cmdlet, will not display information about Soft Deleted Office 365 user account.

To be able to get information about the Soft Deleted user account that is stored in the Azure Active Directory recycle bin, we will need to use the Get-Msoluser PowerShell cmdlet with an additional parameter in the following way: Get-MsolUser -ReturnDeletedUsers

Remark 2 | Azure Active Directory | Group account | Get-MsolGroup

The Azure Active Directory PowerShell cmdlet Get-MsolGroup displays information about:

  1. An Azure Active Directory group that doesn’t appear in Exchange Online – we can relate to this type of groups as “system group” and the scenario in which we look for information about this group is quite rare.
  2. Exchange Online groups – Exchange group recipient who was created in Exchange Online infrastructure.
  3. Synchronized group from On-Premise infrastructure – In case that the Office 365 is Directory synchronization services, the PowerShell cmdlet Get-MsolGroup display information about the group that was synchronized from On-Premise Active Directory and Exchange on-Premises.

Remark 3 | Azure Active Directory | contact account | Get-MsolContact

The Azure Active Directory PowerShell cmdlet Get-MsolContactdisplays information about:

  1. Exchange Online contacts – Exchange contacts recipient who was created in Exchange Online infrastructure.
  2. Synchronized group from On-Premise infrastructure – In case that the Office 365 is Directory synchronization services, the PowerShell cmdlet Get-MsolContact display information about contacts that was synchronized from On-Premise Active Directory and Exchange on-Premises.

Exchange Online environment and Exchange Online

In this section, I would like to review the infrastructure that described as “Directory synchronization environment”.

In this type of environment, user object and Exchange on-Premises recipient are synchronized to the “cloud” meaning Azure Active Directory and Exchange Online.

In the environment, such as Exchange Hybrid environment, Exchange Online host “his recipients,” but in addition, “host” Exchange on-Premises recipients who are synchronized from the On-Premise environment (Exchange on-Premises).

In the following diagram, we can see the concept in which Exchange on-Premises “recipient objects” are synchronized to the “cloud,” Exchange Online in our example.

How Exchange Online sees Mail objects synchronized from On-Premise-01

The main question in the scenario of Exchange Hybrid is – how Exchange Online relates to “recipient objects” that he “get” from Exchange on-Premises?

As mentioned, in Exchange Hybrid, Exchange Online must be “familiar” with this recipient

The “thing” is that Exchange Online classifies this type of recipient objects in a different way.

It’s important that we will be familiar with the Exchange Online “classification” so in a scenario in which need to distinguish between “original Exchange Online recipient “versus recipient who was synchronized from Exchange on-Premises; we need to a way to identify this “Exchange on-Premises recipients.”

How Exchange Online sees Mail objects synchronized from On-Premise-02

To simplify the concept in which Exchange Online relates to Exchange on-Premises synchronized recipient, we will divide the Exchange on-Premises recipients to three categories.

  • Exchange on-Premises “mailbox users recipients.”
  • Exchange Online “contact recipients.”
  • Exchange Online “Group recipients.”

In the following diagram, we can see an example of the Exchange Online “logic” regarding recipients synchronized from Exchange on-Premises.

  1. Exchange on-Premises “mailbox user” recipients who are synchronized with Exchange Online, are configured as “Mailuser” in Exchange Online.
  2. Exchange on-Premises “contact” recipients who are synchronized with Exchange Online, are configured as “Mailcontact” in Exchange Online.
  3. Exchange on-Premises “group” recipients who are synchronized with Exchange Online, are configured as “Group recipient” in Exchange Online.

How Exchange Online sees Mail objects synchronized from On-Premise-03

What are the “recipient objects” that are not synchronized to the “cloud” (Exchange Online)?

Additional information that I would like to mention regarding the Exchange on-Premises recipients that are synchronized with Exchange Online, is that the synchronization doesn’t apply to all the recipient type.

In the Exchange Hybrid environment, the following two recipient object is not synchronized from Exchange on-Premises to the “cloud”:

  1. Public Folder mail enabled folder.
  2. Dynamic Distribution Group

What are the recipient object that are not synchronized to the cloud Exchange Online

Exchange on-Premises recipient object that is synchronized to Exchange Online

The following section, include summary tables for each Exchange on-Premises recipient type, that is synchronized to Exchange Online.

The table includes the following sections:

  • The PowerShell cmdlet that we use for getting information about the specific recipient type.
  • The classification of the Exchange Online recipient (RecipientType and RecipientTypeDetails). In other words, how Exchange Online “see” the synchronized recipient.
  • The “location” of the Exchange Online recipient when using the Exchange Online admin center web interface.

Recipients object type | Exchange on-Premises User Mailbox

Exchange on-Premises User Mailbox, is “represented” in Exchange Online infrastructure as “mail user.”

Exchange Online | User mailbox
PowerShell cmdletsGet-Recipient,Get-MailUser
Recipient TypeMailUser
RecipientTypeDetailsMailUser
Exchange Online admin center interface | appear in “contacts

Exchange on-Premises Shared Mailbox, is “represented” in Exchange Online infrastructure as “mail user”.

Exchange Online | Shared mailbox
PowerShell cmdletsGet-Recipient,Get-MailUser
Recipient TypeMailUser
RecipientTypeDetailsMailUser
Exchange Online admin center interface | appear in “contacts

Exchange on-Premises Room Mailbox, is “represented” in Exchange Online infrastructure as “mail user”.

Exchange Online | Room mailbox
PowerShell cmdletsGet-Recipient,Get-MailUser
Recipient TypeMailUser
RecipientTypeDetailsMailUser
Exchange Online admin center interface | appear in “contacts

Exchange on-Premises Equipment Mailbox, is “represented” in Exchange Online infrastructure as “mail user”.

Exchange Online | Equipment mailbox
PowerShell cmdletsGet-Recipient,Get-MailUser
Recipient TypeMailUser
RecipientTypeDetailsMailUser
Exchange Online admin center interface | appear in “contacts

Recipients object type | Exchange on-Premises Groups

Exchange on-Premises Distribution group

Exchange on-Premises Distribution group is “represented” in Exchange Online infrastructure as “MailUniversalDistributionGroup”.

Exchange Online
PowerShell cmdletsGet-Recipient,Get-DistributionGroup
Recipient TypeMailUniversalDistributionGroup
RecipientTypeDetailsMailUniversalDistributionGroup
Exchange Online admin center interface | appear in “groups

Exchange on-Premises Distribution group, is “represented” in Exchange Online infrastructure as “MailUniversalSecurityGroup”.

Exchange Online | Security mail enabled Group
PowerShell cmdletsGet-Recipient,Get-DistributionGroup
Recipient TypeMailUniversalSecurityGroup
RecipientTypeDetailsMailUniversalSecurityGroup
GroupTypeUniversal, SecurityEnabled
Exchange Online admin center interface | appear in “groups

Recipients object type | Contact

Exchange Online | Contact
PowerShell cmdletsGet-Recipient,Get-MailContact
Recipient TypeMailContact
RecipientTypeDetailsMailContact
Exchange Online admin center interface | appear in “contacts
Exchange Online | Mail user
PowerShell cmdletsGet-Recipient,Get-MailContact
Recipient TypeMailUser
RecipientTypeDetailsMailUser
Exchange Online admin center interface | appear in “contacts

Get information about Exchange on-Premises synchronized recipients

When using the Exchange Online admin interface, the task of differentiating between “original Exchange Online recipient” and Exchange on-Premises recipient who were synchronized to the cloud is not so simple.

For example, when we look at the Exchange Online admin interface under the “group” section, is not easy to under which are the group consider as “Exchange Online native group” and, which form the group is synchronized from Exchange on-Premises.

The good news is that we can use a little trick that will enable us to “reveal” this type of recipients (recipients synchronized from Exchange on-Premises).

Each of the Exchange Online recipients has a property named – Capabilities

Regarding recipient objects that are synchronized from Exchange on-Premises, the value of the Capabilities property is – MasteredOnPremise

To be able to get a “filter list” that includes only Exchange on-Premises recipient’s objects we can use the following PowerShell command syntax:

In case that we need to get a “high-level view” of the recipients, we can use the same PowerShell command with additional parameter Group-Object.

The Group-Object parameter, enable us as the name implies, to group the “objects” (the recipients in our example) by a specific property.

In our case, we ask from PowerShell to “group” the recipient by
using the property –RecipientTypeDetails.
PowerShell command example

PowerShell console output example


For your convenience, I have “Wrapped” all the PowerShell commands that were reviewed in the article,
in a “Menu Based” PowerShell Script.

You are welcome to download the PowerShell script and use it.
Download -o365info PowerShell Script

Manage E-mail address using PowerShell script
In case that you need instructions about – how to use the Manage E-mail address PowerShell script menu, you can read the fowling Article.


Now it’s Your Turn!
It is important for us to know your opinion on this article

Restore Exchange Online mailbox | Article series index

Print Friendly, PDF & Email

Related Post

Please rate this

Eyal Doron on EmailEyal Doron on FacebookEyal Doron on GoogleEyal Doron on LinkedinEyal Doron on PinterestEyal Doron on RssEyal Doron on TwitterEyal Doron on WordpressEyal Doron on Youtube
Eyal Doron
Share your knowledge.
It’s a way to achieve immortality.
Dalai Lama

Leave a Reply

Your email address will not be published. Required fields are marked *