The current article we review the PowerShell command syntax, that we use for “constructing” a…
Introduction to the various type of Exchange Online recipients | PowerShell cmdlets | Office 365 | Part 8#13
Addressing “recipient’s objects” in Exchange Online and Azure Active Directory environment for performing tasks such as looking for information about E-mail addresses could be realized as a challenging task.
In the current article, we will take a walk in the “thick forest” of Exchange Online and Azure Active Directory infrastructure, and learn about the various types of “entities” in the Office 365 environment.
Table of contents
- The challenges of searching E-mail addresses in Office 365 environment
- Two common scenarios of – looking for E-mail address in Office 365
- The Exchange recipient objects and Azure Active Directory “recipient objects”
- Exchange Online recipient types
- Exchange Online recipients classification and PowerShell cmdlets
- Office 365 (Azure Active Directory) infrastructure
- Exchange Online environment and Exchange Online
- The next article in the current article series
To be able to address the various “recipient entities” in an Office 365 environment, we will need to answer the following questions:
Q1: Where are these “recipient entities” stored?
For example, the term “Office 365” can be translated into different infrastructure such as – Azure Active Directory, Exchange Online, Share point online, SkyDrive for business and so on.
It’s true that most of the time, we associate the term “recipient” to the Exchange Online environment but, in an Office 365 environment, the definition of the term “recipient” is more complex.
For example, Azure Active Directory store information about the E-mail addresses of Exchange Online recipients and the Office 365 login name (UPN name) is impacting the Exchange on-Premises Recipient Primary E-mail address.
Another scenario could be an Exchange Hybrid environment that “bind” Exchange on-premises Exchange environment + Exchange Online environment.
In this scenario, we will need to understand where are the “recipients” stored (Exchange on-premises or Exchange Online) and what is the difference between this recipient type.
Q2: Who are the different recipient and user object entities that we need to address?
For example, the Exchange Online environment includes many types of recipients such as – Mailbox recipient, contact recipients, Public Folder recipient, Group recipient and so on.
Q3: What are the PowerShell cmdlets that we use in addressing each of the different types of recipients?
For example
To address users stored in the Azure Active Directory we need to use different PowerShell cmdlets vs. the Exchange Online environment.
To address different type of Exchange Online recipient, we will need to use a “dedicated PowerShell cmdlets” for each type of recipient or use a “General purpose” PowerShell cmdlets such as the command Get-Recipient.
The challenges of searching E-mail addresses in Office 365 environment
At first glance, this task could seem to be quite simple. Our basic assumption is that the Office 365 ports or the Exchange Online admin center interface include some “graphic interface” that will help us to perform the required search.
In reality, the task of locating the E-mail address in Office 365 and Exchange Online can prove to be not that simple!
There are a couple of reasons the lead me to describe the above task as – “not a simple task”
1. Exchange Online admin – the lack of centralized E-mail address searches tool
Exchange Online (and Exchange) has many types of “recipients.” The E-mail address that we look for could be related to any type of recipient.
Exchange Online includes a web-based interface, that enables us to perform a search, looking for
E-mail address, but the main disadvantage of this interface is that the search interface is based on a “scope.”
For example, different search scope for “Exchange Online user mailbox object scope”, “Exchange Online shared mailbox scope” and so on.
In other words, we don’t have a tool that can perform a “wide E-mail address search” that is performed by query all the recipient’s types that exist in Exchange Online infrastructure.
2. Multiple “identities” that uses the E-mail address naming convention
The e-mail address is just a naming conviction that we use for describing the identity of someone.
An E-mail address can be described as a string structure that contains the left part which described as Alias, the “@” sign and the “right part” – organization name (domain mane suffix).
In Office 365 infrastructure, there are additional identities that use an identical naming
convention as an E-mail address.
For example, the login name of Office 365 described as UPN (user principal name), and the UPN has an identical structure to the E-mail address structure.
Most of the time the Office 365 UPN name is identical to the Exchange Online Primary E-mail address but sometimes they are different.
Another example is the SIP (Session Initiation Protocol) address.
Every Office 365 users whom his license includes Skype for a Business license, have a SIP address.
And again, the SIP address is based on the identical structure as the stature of the E-mail address.
When we say that we look for information about “E-mail address,” it’s important that we know if the information that we look for is indeed E-mail address or another type of identities such as SIP address or Office 365 user UPN name.
3. Office 365 as a complicated infrastructure
Office 365 is a logical container for many types of services and infrastructures.
The information about a specific Office 365 can “appears” in many infrastructures at the same time.
For example, each Office 365 users who have Exchange Online license appears at the same time as – Office 365 Azure Active Directory “user account entity,” and defined also in Exchange Online infrastructure as a user and as a “mailbox recipient.”
When we are looking for information about specific E-mail address or a specific type of E-mail address addresses, it’s important to know that we will need to define a “search scope” that includes the Office 365 (Azure Active Directory) infrastructure + the Exchange Online infrastructure.
The solution + additional Challenges
The main tool that we can use for performing such type of “global search” is our dear friend – the PowerShell.
Given that we decide to use PowerShell as a tool for getting information about E-mail address, SIP address or Office 365 UPN name, the main challenge that we face is – the need to be familiar with each type of Exchange Online recipient and the Office 365 “entity” that we need to address + the specific PowerShell cmdlets that we need to use for addressing this recipient or Office 365 entities.
Two common scenarios of – looking for E-mail address in Office 365
Real life scenarios examples
Scenario 1 – Removing a “registered domain name” from Office 365 tenant
In this type of scenario, Office 365 will “allow” us to remove a specific registered domain name only if no existing “entity” uses the specific domain name. The “entity” could be Office 365 user, Exchange Online recipient and more.
In addition, the domain name that we need to remove can appear as part of the Office 365 UPN name, recipient E-mail address or other attributes.
Only after we found all the entities that use the specific domain name, and we remove this domain name or replace it with another domain name, only then we can remove the domain name that was registered with Office 365 as the tenant domain.
Scenario 2 – searching for a “hidden” E-mail address
In this scenario, we would like to locate the existing Exchange Online recipient or Office 365 user who uses a specific E-mail address.
The main challenge, in this case, is, how to locate the specific E-mail address that could be “belong” to a variety of Exchange recipient types or to Office 365 user (the UPN username).
As mentioned, at the current time Exchange Online include a “search interface” but this search option is restricted to a specific type of recipient such as – Mailbox recipient, resources recipient and so on.
The Exchange recipient objects and Azure Active Directory “recipient objects”
When we say that we want to look for a specific “E-mail address,” it’s important that we also “declare” the specific Exchange “recipient type.”
Associatively we think that “recipient” is a User with a mailbox, but the reality is more complex because, in an Exchange-based environment, there are many types of additional recipients such as – mail contact, Public Folder, a different type of groups and so on.
To make thing even more complicated, in an Office 365 based environment the subject of “E-mail address” is not related only to the Exchange Online environment, but also to the Office 365 part, that manages and store Office 365 user accounts – the Azure Active Directory.
For example, Office 365 user login name (UPN – User Principal Name) is based on an “E-mail address” naming convention (Alias + Domain name suffix).
The task of – “searching” specific E-mail address in the Office 365 “space,” should include the information about the specific “Mail recipient object” and the specific environment such as Office 365 (Azure Active Directory) or Exchange Online.
The ability to review in detail each of the specific Exchange Online recipient type and their specific characters + each Office 365 (Azure Active Directory) object type, is beyond the scope of the current article.
Even though, I would like to provide a high-level review of the:
Different type of Exchange Online recipient, the PowerShell cmdlets that we use for getting information about the specific recipient type and the “Exchange Online classification” of the specific object.
As mentioned, Office 365 (Azure Active Directory) also includes information about the user account that uses the UPN name (identical structure as E-mail address) and includes information about groups and contacts.
Exchange Online recipient types
In the following section, I would like to review the PowerShell cmdlets that we use to address the various Exchange Online recipient type and the objects in the Azure Active Directory.
We will start with the Exchange Online based environment and in the next section, we review the Office 365 (Azure Active Directory) environment.
The following table includes a list of all the Exchange Online available recipient types and the PowerShell cmdlets that we use for getting information about each Exchange Online recipient type:
Exchange recipients | |
Recipient | Get-Recipient |
* Remark 1 | |
Mailbox recipient | |
Mailbox | Get-Mailbox |
* Remark 2 | |
User object | |
User | Get-User |
* Remark 3 | |
Contact recipient | |
Contact | Get-Contact |
* Remark 4 | |
Mail Contact | Get-MailContact |
* Remark 4 | |
MailUser | Get-MailUser |
* Remark 5 | |
Public Folder recipient – Mail enables Public Folder | |
Public Folder | Get-MailPublicFolder |
* Remark 6 | |
Group recipient | |
DistributionGroup | Get-DistributionGroup |
Dynamic Distribution Group | Get-DynamicDistributionGroup |
Unified Group | Get-UnifiedGroup |
* Remark 7 |
Remark 1 | The PowerShell command Get-Recipient
We can relate to the PowerShell cmdlet Get-Recipient as a “super cmdlets” that we can use to get information about any type of existing Exchange Online recipient.
The rule of “all available Exchange Online recipient” is true beside two exceptions:
- An exchange online mailbox that considered as soft deleted Get-Mailbox -SoftDeletedMailbox
- Unified Exchange Online group Get-UnifiedGroup
In case that we want to look for a specific E-mail address or a specific domain name suffix, and we want to create a “search scope” that will include – all the available recipient’s objects in the Exchange Online based environment, we will need to use a combination of the three PowerShell cmdlets:
- Get-Recipient
- Get-UnifiedGroup
- Get-Mailbox -SoftDeletedMailbox
The PowerShell cmdlets Get-Recipient, display information about all the Exchange Online recipient types that appears in the diagram below.
As mentioned, the PowerShell cmdlets Get-Recipient, will not display soft deleted Exchange Online mailboxes, and will not display information about the Exchange Online recipient who described as “Unified groups.”
View the different type of Exchange Online recipients, when using the Get-Recipient cmdlet
To be able to know what are the Exchange Online recipients type that the PowerShell cmdlet
Get-User, get” for us, we can the PowerShell cmdlet Get-Recipient + the parameter Group.
The Group parameter creates a “grouped display” of the different type Exchange Online recipients.
For example:
Get-Recipient | Group RecipientTypeDetails | Select name, count
In the results, under the “name” column, we can see all the different type of Exchange Online recipients that the PowerShell cmdlets Get-Recipient “get.”
PS C:\> Get-Recipient | Group RecipientTypeDetails | Select name,count
Name Count
---- -----
MailUniversalDistributionGroup 23
UserMailbox 54
MailContact 14
MailUniversalSecurityGroup 14
DiscoveryMailbox 1
SharedMailbox 13
DynamicDistributionGroup 5
MailUser 13
EquipmentMailbox 1
PublicFolder 5
RoomMailbox 7
RoomList 1
To summarize the information, we can say that if we want to look for a specific recipient in Exchange Online based environment, we will need to use the combination of the following three PowerShell cmdlets.
Remark 2 | The Exchange Online PowerShell cmdlets – Get-Mailbox
In an Exchange environment, the term “mailbox,” relates to a mailbox that is associated with a “user account.” In other words, Exchange user who “owns” (mailbox owner) an Exchange mailbox.
The PowerShell cmdlet Get-Mailbox relates to 5 types of mailboxes:
- User mailbox
- Shared mailbox
- Room mailbox
- Equipment
- Soft Deleted mailbox
When we use the PowerShell command Get-Mailbox, we will get information about all the different type of Exchange Online mailboxes, besides the exception of -Soft Deleted Exchange Online mailboxes.
To be able to view Soft Deleted Exchange Online mailboxes, we will need to add an additional parameter to the original Get-Mailbox cmdlet.
In case we want to get information about specific types of Exchange Online mailbox such as – user mailbox, Shared mailbox, Room mailbox and so on, we will need to use
the PowerShell command Get-Mailbox + filter.
Attached an example of the way that we use the Get-Mailbox cmdlet + a filter (we implement the filter by using PowerShell where statement) for getting information about a specific type of “Exchange mailbox.”
Exchange Online mailboxes by “type”
Display information only about Exchange Online mailboxes considered as “User mailbox.”
PowerShell command example:
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "UserMailbox"}
Display information only about Exchange Online mailboxes considered as “Room mailbox.”
PowerShell command example:
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "RoomMailbox"}
Display information only about Exchange Online mailboxes considered as “Shared mailbox.”
PowerShell command example:
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "SharedMailbox"}
Display information only about Exchange Online mailboxes considered as “Equipment mailbox.”
PowerShell command example:
Get-Mailbox | Where {$_.RecipientTypeDetails -eq "EquipmentMailbox"}
Soft Deleted Exchange Online mailboxes
As mentioned, the PowerShell cmdlets Get-Mailbox, will not display Exchange Online mailboxes that considered as “deleted mailboxes.”
In the Exchange Online environment, there are two type or two classifications of “deleted mailboxes”
- “Standard” Soft Deleted Exchange Online mailbox
Each Exchange Online mailbox that we deleted considered as Soft Deleted mailboxes. - The Soft Deleted mailbox stay in the Exchange Online recycle bin for a period of 30 days.
In case we want to get a list of Soft Deleted Exchange Online mailboxes, we can use the following PowerShell syntax:
Get-Mailbox -SoftDeletedMailbox
2. Inactive mailbox
This is a special type of Soft Deleted Exchange Online mailboxes that are kept in the Exchange Online recipient for a long period based on the litigation Hold period that was assigned to the specific Exchange Online mailbox.
The PowerShell command Get-Mailbox SoftDeletedMailbox display information about the “standard” Soft Deleted + inactive Exchange Online mailboxes.
In case we want to display information only about Soft Deleted Exchange Online mailboxes that considered as “inactive mailboxes”, we can use the PowerShell command:
Get-Mailbox -InactiveMailboxOnly
View the different type of Exchange Online recipients, when using the Get-Mailbox cmdlet
To be able to know what are the Exchange Online recipients type, that the PowerShell cmdlet Get-User “get” for us, we can the PowerShell cmdlet Get-Mailbox + the parameter Group.
The Group parameter creates a “grouped display” of the different type Exchange Online recipients.
For example:
Get-Mailbox | Group RecipientTypeDetails | Select name,count
In the results, under the “name” column, we can see all the different type of Exchange Online recipient that the PowerShell cmdlets Get-Recipient get.
Notice that there is no specific classification of “Soft Deleted mailbox” because this is a special category. Each type of Exchange Online mailboxes such as User mailbox or shared mailbox can be considered as a Soft Deleted Mailbox.
PS C:\> Get-Mailbox | Group RecipientTypeDetails | Select name,count
Name Count
---- -----
UserMailbox 54
DiscoveryMailbox 1
SharedMailbox 13
EquipmentMailbox 1
RoomMailbox 7
Remark 3 | The Exchange Online PowerShell cmdlets – Get-user
In the Exchange Online environment, the term “User,” relates to Exchange recipient who has a user account.
For example, an Exchange “contact object” doesn’t have a “User account.”
The PowerShell command Get-User relates to all types of Exchange Online recipient who have a user account with an Exchange Online mailbox and without Exchange Online mailbox.
View the different type of Exchange Online recipients, when using the Get-User cmdlet
To be able to know what are the Exchange Online recipients type that the PowerShell cmdlet Get-User “get” for us, we can the PowerShell cmdlet Get-User + the parameter Group.
The Group parameter creates a “grouped display” of the different type Exchange Online recipients.
For example:
Get-Mailbox | Group RecipientTypeDetails | Select name, count
In the results, under the “name” column, we can see all the different type of Exchange Online recipient that the PowerShell cmdlets Get-User “get.”
PS C:\> Get-User | Group RecipientTypeDetails | Select name,count
Name Count
---- -----
User 13
UserMailbox 54
DiscoveryMailbox 1
SharedMailbox 13
MailUser 13
EquipmentMailbox 1
RoomMailbox 7
Remark 4 | The Exchange Online PowerShell cmdlets: Get-Contact vs. Get-MailContact
Exchange Online contacts or a synchronized contact from On-Premise Active Directory.
The PowerShell command Get-MailContact and Get-Contact will “fetch” the same type of contact recipients.
In other words, there is no difference between the number of contact recipients who will be displayed.
The difference between these two commands is the properties that we displayed for the “contact recipient object.”
For example, looking at the result of using the PowerShell commands Get-MailContact
and Get-Contact, we can see that we get the same number of recipients.
PS C:\> Get-MailContact | Group RecipientTypeDetails | Select name, count
Name Count
---- -----
MailContact 14
PS C:\> Get-Contact | Group RecipientTypeDetails | Select name, count
Name Count
---- -----
MailContact 14
Remark 5 | MailUser (Get-MailUser) Exchange Hybrid environment
The Exchange Online recipient MailUser
Mail users are similar to mail contacts. Both have external email addresses, and both contain information about people outside your Exchange or Exchange Online organization that can be displayed in the shared address book and other address lists. However, unlike a mail contact, a mail user has login credentials in your Exchange or Office 365 organization and can access resources.
Technically speaking, we can create “MailUser recipient” in Exchange Online but the use of such recipient is quite rare.
In Exchange Online based environment, the most common use of “MailUser recipients” is realized in an Exchange Hybrid environment.
In Exchange Hybrid environment (Directory synchronization environment), the “MailUser recipient” representative – Exchange on-Premises recipient with a mailbox such as – Exchange on-premises user mailbox, shared mailbox, room mailbox.
The Exchange on-Premises users don’t have “Exchange Online mailbox” but Exchange Online “understand” that these are special recipients, that were synchronized to the cloud from On-Premise Active Directory, and this recipient are Exchange on-Premises recipient with a mailbox.
Remark 6 | Public Folder recipient – Mail enables Public Folder
By default, Exchange Online Public Folder doesn’t consider as a “recipient object.” Only in the case that we configure Exchange on-Premises Public Folder as “mail-enabled,” the Exchange Online Public Folder will be considered as a “recipient.”
The PowerShell command Get-Recipient display information about Exchange Online mail enabled Public Folders.
In case that we want to get information only about “mail enabled Public Folder recipients,” we use the PowerShell command Get-MailPublicFolder.
Remark 7 | Group recipient
The PowerShell command Get-Group, will display information about all the type of Exchange Online groups beside one exception – “Dynamic Distribution Group.”
Using the PowerShell command Get-Group, we can get information about Distribution Group, Mail-enabled security groups, and unified groups.
Regarding the subject of Mail-enabled security groups, there is no special PowerShell command.
To be able to get information only about Mail-enabled security groups, we will need to use the PowerShell command Get-DistributionGroup + Filter.
For example:
Get-Group | Where {$_.GroupType -like “security“}
Exchange Online recipients classification and PowerShell cmdlets
In the following section, we get an additional view of the various Exchange Online recipients type.
This time, I would like to add additional information that relates to the following parameters
1. PowerShell cmdlets
What are the PowerShell cmdlets that we can use for view information about a specific Exchange Online recipient type?
For example, to get information about Exchange Online recipient who considers as “mailbox user” (Exchange Online + Exchange Online mailbox), we can use the following PowerShell commands:
Get-Recipient: the PowerShell command Get-Recipient, get information about various types of Exchange Online recipient, including Exchange Online mailbox user because Exchange Online mailbox user is actually one type of Exchange Online recipient.
Get-Mailbox: the PowerShell command Get-Mailbox, get information only for Exchange Online recipients that have a mailbox.
We can say that the PowerShell command Get-Mailbox is a derivative of the PowerShell command Get-Recipient
2. RecipientType and RecipientTypeDetails
The Exchange Online recipient properties RecipientType and RecipientTypeDetails define the specific classification of the mail recipient.
For example, the RecipientType Shared mailbox is UserMailbox, because Shared mailbox is realized as a user account that is associated with Exchange Online mailbox.
The RecipientTypeDetails of a Shared mailbox is –“ Shared Mailbox,” because Shared mailbox is a special type of mailbox.
For example, in an Office 365 based environment the user account that is associated with the shared mailbox doesn’t have any user license (shared mailbox in Office 365 are free).
PS C:\> Get-mailbox Shared-MB01 | select Name, RecipientType,RecipientTypeDetails
Name RecipientType RecipientTypeDetails
---- ------------- --------------------
Shared-MB01 UserMailbox SharedMailbox
3. Exchange Online admin center interface
In this section, I mention where we can see the “location” of the various types of Exchange Online recipients when using the Exchange Online admin center.
In the following screenshot, we can see an example of the “classification” that Exchange Online uses for relating to the different type of Exchange Online recipients.
Exchange Online infrastructure
The following section, include summary tables for each Exchange Online recipient type.
The table includes the following sections:
- The PowerShell cmdlet that we use for getting information about the specific recipient type.
- The classification of the Exchange Online recipient (RecipientType and RecipientTypeDetails).
- The “location” of the Exchange Online recipient when using the Exchange Online admin center web interface.
Recipients object type | Mailbox
Exchange Online | User mailbox | Get-Mailbox | |
PowerShell cmdlets | Get-Recipient Get-Mailbox |
RecipientType | UserMailbox |
RecipientTypeDetails | UserMailbox |
Exchange Online admin center interface | appear in “mailboxes” |
Exchange Online | Shared mailbox | Get-Mailbox | |
PowerShell cmdlets | Get-Recipient Get-Mailbox |
RecipientType | UserMailbox |
RecipientTypeDetails | SharedMailbox |
Exchange Online admin center interface | appear in “shared” |
Exchange Online | Room mailbox | Get-Mailbox | |
PowerShell cmdlets | Get-Recipient Get-Mailbox |
RecipientType | UserMailbox |
RecipientTypeDetails | RoomMailbox |
Exchange Online admin center interface | appear in “resources” |
Exchange Online | Equipment mailbox | Get-Mailbox | |
PowerShell cmdlets | Get-Recipient Get-Mailbox |
RecipientType | UserMailbox |
RecipientTypeDetails | EquipmentMailbox |
Exchange Online admin center interface | appear in “resources” |
Exchange Online | Soft deleted mailbox | Get-Mailbox | |
PowerShell cmdlets | Get-Mailbox -SoftDeletedMailbox |
Recipients object type | Contact
Exchange Online | Contact | Get-Contact | |
PowerShell cmdlets | Get-Recipient Get-Contact |
RecipientType | MailContact |
RecipientTypeDetails | MailContact |
Exchange Online admin center interface | appear in “contacts” |
Exchange Online | Mail user | Get-MailContact | |
PowerShell cmdlets | Get-Recipient Get-MailContact |
RecipientType | MailUser |
RecipientTypeDetails | MailUser |
Exchange Online admin center interface | appear in “contacts” |
Recipients object type | Mail user
Exchange Online | Mail user | Get-User | |
PowerShell cmdlets | Get-Recipient Get-User |
RecipientType | UserMailbox |
RecipientTypeDetails | UserMailbox |
The PowerShell command Get-User relate to all type of Exchange Online recipient that have a user account with Exchange Online mailbox and without Exchange Online mailbox |
Store Exchange Hybrid objects
Exchange Online | Mail user | Get-MailUser | |
PowerShell cmdlets | Get-Recipient Get-MailUser |
RecipientType | MailUser |
RecipientTypeDetails | MailUser |
Exchange Online admin center interface | appear in “contacts” |
Recipients object type | Mail enabled Public Folder
Exchange Online | Mail enabled Public Folder | Get-MailPublicFolder | |
PowerShell cmdlets | Get-Recipient Get-MailPublicFolder |
RecipientType | PublicFolder |
RecipientTypeDetails | PublicFolder |
Exchange Online admin center interface | appear in “Public Folders” |
Recipients object type | Mail enabled Group
Exchange Online | Distribution Group | Get-DistributionGroup | |
PowerShell cmdlets | Get-Recipient Get-DistributionGroup |
RecipientType | MailUniversalDistributionGroup |
RecipientTypeDetails | MailUniversalDistributionGroup |
GroupType | Universal |
Exchange Online admin center interface | appear in “Groups” |
Exchange Online | Security mail enabled Group | Get-DistributionGroup | |
PowerShell cmdlets | Get-Recipient Get-DistributionGroup |
RecipientType | MailUniversalSecurityGroup |
RecipientTypeDetails | MailUniversalSecurityGroup |
GroupType | Universal, SecurityEnabled |
Exchange Online admin center interface | appear in “Groups” |
Exchange Online | Dynamic Distribution Group | Get-DynamicDistributionGroup | |
PowerShell cmdlets | Get-Recipient Get-DynamicDistributionGroup |
RecipientType | DynamicDistributionGroup |
RecipientTypeDetails | DynamicDistributionGroup |
GroupType | NA |
Exchange Online admin center interface | appear in “Groups” |
Exchange Online | Unified Group | Get-UnifiedGroup | |
PowerShell cmdlets | Get-UnifiedGroup |
RecipientType | MailUniversalDistributionGroup |
RecipientTypeDetails | GroupMailbox |
GroupType | Universal |
Exchange Online admin center interface | appear in “Groups” |
Office 365 (Azure Active Directory) infrastructure
In office 365 environments, some of the information about Exchange Online recipients, “appear” also in the Office 365 infrastructure (Azure Active Directory).
Although Azure Active Directory includes information about Exchange Online recipients, most of the time, the task of looking for a specific E-mail of a specific recipient, will be performed by addressing the Exchange Online infrastructure, and not by addressing the Azure Active Directory infrastructure.
For example, the number of the Azure Active Directory PowerShell cmdlets, that “get’” information about “recipients” object vs. the available PowerShell cmdlets in Exchange Online is far below.
The main reason in which we address the Azure Active Directory, looking for a specific E-mail address is – the Office 365 user UPN (User Principal Name) name.
As mentioned, the Office 365 user login name described as UPN, is based on a “naming structure” identical to the naming structure of standard email addresses.
In a scenario in which we look for a “lost \ hidden” E-mail address that we need to locate or get information about Office 365 user UPN.
The main PowerShell cmdlets that we use for “query” Office 365 UPN names and E-mail addresses is the Get-Msoluser.
Azure Active Directory and Exchange Online recipients
Azure Active Directory infrastructure, include information about the following types of recipients
- Exchange Online recipients crated in Exchange Online infrastructure.
- In Directory synchronization environment, recipient object that is synchronized from On-Premise Active Directory and Exchange on-Premises recipients.
To be able to get information about “group recipient” in an Azure Active Directory environment, we use the PowerShell cmdlets Get-MsolGroup.
To be able to get information about “contact recipient” in an Azure Active Directory environment, we use the PowerShell cmdlets Get-MsolContact.
Office 365 (Azure Active Directory) objects
The following table includes a list of all the Azure Active Directory available User account + recipient types, and the PowerShell cmdlets that we use for getting the information user account and recipients.
Azure Active Directory | User account | |
Recipient | Get-Msoluser |
* Remark 1 | |
Azure Active Directory | Group account | |
Mailbox | Get-MsolGroup |
* Remark 2 | |
Azure Active Directory | Contact account | |
User | Get-MsolContact |
* Remark 3 |
Remark 1 | Azure Active Directory | User account | Get-MsolUser
Using the PowerShell cmdlet Get-Msoluser, we can get information about the Azure Active Directory (Office 365) user account.
The information about Office 365 user UPN is stored in a property named UserPrincipalName.
The information about Office 365 user E-mail addresses is stored in a property named ProxyAddresses.
In addition, each Office 365 users have a property named SignInName.
To get information about this Office 365 user account properties, we can use the following PowerShell command:
Get-MsolUser -UserPrincipalName bob@o365info.com | fl DisplayName,ProxyAddresses,SignInName,UserPrincipalName
PowerShell console output example
PS C:\> Get-MsolUser -UserPrincipalName bob@o365info.com | fl DisplayName,ProxyAddresses,SignInName,UserPrincipalName
DisplayName : Bob marley
ProxyAddresses : {smtp:bob2@o365pilot.com, SMTP:bob@o365info.com, smtp:bob@o365info2.onmicrosoft.com}
SignInName : bob@o365info.com
UserPrincipalName : bob@o365info.com
View information about E-mail address and UPN names of Soft Deleted Office 365 user account
n a scenario in which we look for infrastructure about Office 365 user UPN name or E-mail address, the “standard” Get-Msoluser PowerShell cmdlet, will not display information about Soft Deleted Office 365 user account.
To be able to get information about the Soft Deleted user account that is stored in the Azure Active Directory recycle bin, we will need to use the Get-Msoluser PowerShell cmdlet with an additional parameter in the following way: Get-MsolUser -ReturnDeletedUsers
Remark 2 | Azure Active Directory | Group account | Get-MsolGroup
The Azure Active Directory PowerShell cmdlet Get-MsolGroup displays information about:
- An Azure Active Directory group that doesn’t appear in Exchange Online – we can relate to this type of groups as “system group” and the scenario in which we look for information about this group is quite rare.
- Exchange Online groups – Exchange group recipient who was created in Exchange Online infrastructure.
- Synchronized group from On-Premise infrastructure – In case that the Office 365 is Directory synchronization services, the PowerShell cmdlet Get-MsolGroup display information about the group that was synchronized from On-Premise Active Directory and Exchange on-Premises.
Remark 3 | Azure Active Directory | contact account | Get-MsolContact
The Azure Active Directory PowerShell cmdlet Get-MsolContact displays information about:
Exchange Online contacts – Exchange contacts recipient who was created in Exchange Online infrastructure.
Synchronized group from On-Premise infrastructure – In case that the Office 365 is Directory synchronization services, the PowerShell cmdlet Get-MsolContact display information about contacts that was synchronized from On-Premise Active Directory and Exchange on-Premises.
Exchange Online environment and Exchange Online
In this section, I would like to review the infrastructure described as “Directory synchronization environment”.
In this type of environment, user object and Exchange On-Premises recipient are synchronized to the “cloud” meaning Azure Active Directory and Exchange Online.
In the environment, such as Exchange Hybrid environment, Exchange Online host “his recipients,” but in addition, “host” Exchange on-premises recipients who are synchronized from the On-Premise environment (Exchange on-Premises).
In the following diagram, we can see the concept in which Exchange On-Premises “recipient objects” are synchronized to the “cloud,” Exchange Online in our example.
The main question in the scenario of Exchange Hybrid is – how Exchange Online relates to “recipient objects” that he “gets” from Exchange on-Premises?
As mentioned, in Exchange Hybrid, Exchange Online must be “familiar” with this recipient
The “thing” is that Exchange Online classifies this type of recipient objects in a different way.
It’s important that we will be familiar with the Exchange Online “classification” so in a scenario in which need to distinguish between “original Exchange Online recipient “ vs. recipient who was synchronized from Exchange on-Premises; we need to a way to identify this “Exchange on-premises recipients.”
To simplify the concept in which Exchange Online relates to Exchange on-premises synchronized recipient, we will divide the Exchange on-premises recipients into three categories.
- Exchange on-Premises “mailbox users recipients.”
- Exchange Online “contact recipients.”
- Exchange Online “Group recipients.”
In the following diagram, we can see an example of the Exchange Online “logic” regarding recipients synchronized from Exchange on-Premises.
- Exchange on-Premises “mailbox user” recipients who are synchronized with Exchange Online, are configured as “Mailuser” in Exchange Online.
- Exchange on-Premises “contact” recipients who are synchronized with Exchange Online, are configured as “Mailcontact” in Exchange Online.
- Exchange on-Premises “group” recipients who are synchronized with Exchange Online, are configured as “Group recipient” in Exchange Online.
What are the “recipient objects” that are not synchronized to the “cloud” (Exchange Online)?
Additional information that I would like to mention regarding the Exchange on-premises recipients that are synchronized with Exchange Online, is that the synchronization doesn’t apply to all the recipient type.
In the Exchange Hybrid environment, the following two recipient object is not synchronized from Exchange on-Premises to the “cloud”:
- Public Folder mail enabled folder.
- Dynamic Distribution Group
Exchange on-Premises recipient object that is synchronized to Exchange Online
The following section, include summary tables for each Exchange On-Premises recipient type, that is synchronized to Exchange Online.
The table includes the following sections:
- The PowerShell cmdlet that we use for getting information about the specific recipient type.
- The classification of the Exchange Online recipient (RecipientType and RecipientTypeDetails). In other words, how Exchange Online “see” the synchronized recipient.
- The “location” of the Exchange Online recipient when using the Exchange Online admin center web interface.
Recipients object type | Exchange on-Premises User Mailbox
Exchange on-Premises User Mailbox, is “represented” in Exchange Online infrastructure as “mail user.”
Exchange Online | User mailbox | |
PowerShell cmdlets | Get-Recipient,Get-MailUser |
Recipient Type | MailUser |
RecipientTypeDetails | MailUser |
Exchange Online admin center interface | appear in “contacts” |
Exchange on-Premises Shared Mailbox, is “represented” in Exchange Online infrastructure as “mail user”.
Exchange Online | Shared mailbox | |
PowerShell cmdlets | Get-Recipient,Get-MailUser |
Recipient Type | MailUser |
RecipientTypeDetails | MailUser |
Exchange Online admin center interface | appear in “contacts” |
Exchange on-Premises Room Mailbox, is “represented” in Exchange Online infrastructure as “mail user”.
Exchange Online | Room mailbox | |
PowerShell cmdlets | Get-Recipient,Get-MailUser |
Recipient Type | MailUser |
RecipientTypeDetails | MailUser |
Exchange Online admin center interface | appear in “contacts” |
Exchange on-Premises Equipment Mailbox, is “represented” in Exchange Online infrastructure as “mail user”.
Exchange Online | Equipment mailbox | |
PowerShell cmdlets | Get-Recipient,Get-MailUser |
Recipient Type | MailUser |
RecipientTypeDetails | MailUser |
Exchange Online admin center interface | appear in “contacts” |
Recipients object type | Exchange on-Premises Groups
Exchange on-Premises Distribution group
Exchange on-Premises Distribution group is “represented” in Exchange Online infrastructure as “MailUniversalDistributionGroup”.
Exchange Online | |
PowerShell cmdlets | Get-Recipient,Get-DistributionGroup |
Recipient Type | MailUniversalDistributionGroup |
RecipientTypeDetails | MailUniversalDistributionGroup |
Exchange Online admin center interface | appear in “groups” |
Exchange on-Premises Distribution group, is “represented” in Exchange Online infrastructure as “MailUniversalSecurityGroup”.
Exchange Online | Security mail enabled Group | |
PowerShell cmdlets | Get-Recipient,Get-DistributionGroup |
Recipient Type | MailUniversalSecurityGroup |
RecipientTypeDetails | MailUniversalSecurityGroup |
GroupType | Universal, SecurityEnabled |
Exchange Online admin center interface | appear in “groups” |
Recipients object type | Contact
Exchange Online | Contact | |
PowerShell cmdlets | Get-Recipient,Get-MailContact |
Recipient Type | MailContact |
RecipientTypeDetails | MailContact |
Exchange Online admin center interface | appear in “contacts” |
Exchange Online | Mail user | |
PowerShell cmdlets | Get-Recipient,Get-MailContact |
Recipient Type | MailUser |
RecipientTypeDetails | MailUser |
Exchange Online admin center interface | appear in “contacts” |
Get information about Exchange on-Premises synchronized recipients
When using the Exchange Online admin interface, the task of differentiating between “original Exchange Online recipient” and Exchange on-Premises recipient who were synchronized to the cloud is not so simple.
For example, when we look at the Exchange Online admin interface under the “group” section, is not easy to under which are the group consider as “Exchange Online native group” and, which form the group is synchronized from Exchange On-Premises.
The good news is that we can use a little trick that will enable us to “reveal” this type of recipients (recipients synchronized from Exchange on-Premises).
Each of the Exchange Online recipients has a property named Capabilities
Regarding recipient objects that are synchronized from Exchange on-Premises, the value of the Capabilities property is MasteredOnPremise
To be able to get a “filter list” that includes only Exchange on-Premises recipient’s objects we can use the following PowerShell command syntax:
Get-Recipient | Where {$_.Capabilities -like "*MasteredOnPremise"} | FL DisplayName,EmailAddresses
In case that we need to get a “high-level view” of the recipients, we can use the same PowerShell command with additional parameter Group-Object.
The Group-Object parameter, enable us as the name implies, to group the “objects” (the recipients in our example) by a specific property.
In our case, we ask from PowerShell to “group” the recipient by using the property RecipientTypeDetails.
PowerShell command example:
Get-Recipient | Where {$_.Capabilities -like "*MasteredOnPremise"} | Group-Object -Property RecipientTypeDetails |select Count, Name
PowerShell console output example:
PS C:\> Get-Recipient | Where {$_.Capabilities -like "*MasteredOnPremise"} | Group-Object -Property RecipientTypeDetails |select Count, Name
Count Name
----- ----
21 UserMailbox
2 MailContact
11 MailUser
2 MailUniversalDistributionGroup
3 RoomMailbox
4 SharedMailbox
1 MailUniversalSecurityGroup
The next article in the current article series
Searching for an Email addresses using PowerShell | Where Filter | Office 365 | Part 9#13