When migrating from Exchange on-premises to Office 365 with a Third-Party tool such as Migration Wiz from BitTitan you need to remove the msExchMailboxGuid from the synchronised attributes otherwise you will get the following error:
This is because Exchange Online recognises that the msExchMailboxGUID attached to the user is an Exchange on-premises mailbox, and so will not provision a new mailbox and therefore break mail flow. But in a migration scenario you would want to run the two mailboxes side by side, i.e. if you have slow comms and want to “front-fill” the mailbox ahead of the migration date.
In this case you would need to edit your synchronisation option in AAD Sync. To do this follow these steps:
- Open the Synchonization Service
- Under connectors right-click your on-premises Active Directory connector and click Properties.
- Under Select Attributes you need to untick msExchMailboxGUID and click OK.
Once you have completed the above, kick off a sync and you will then be able to license your users with the original error!
If you have any questions, comments or additional information please use the comments section below, email me at blog@mikeparker365.co.uk or Tweet Me @MikeParker365.
Mike Parker on 365 
Hi,
Nice article.
what is the procedure if we’ve already have the users in office 365 and would like to disable this attribute i.e MSExchMailboxGUID
LikeLike
Hi Sri,
If I understand you correctly you have already synced the users, but they don’t have mailboxes?
In this scenario, if you follow the above steps and then perform a full sync the attribute should get cleared from Office 365, allowing you to license for Exchange and create the mailbox.
Let me know if you have any problems!
Thanks,
Mike
LikeLike
Mike,
I’ve try this and it didnt work. i know in the past using dirsync, i had to create a blank ou ,sync office 365 with that ou, and that would delete the users,then i had to empty the recycling bin at office 365 using remote powershell. once that was done and all users were deleted . i could reconfigure the users ou and resync to office 365. is that only with dirsync? can i use that method with Azure AD connect?
LikeLiked by 1 person
Hi John G,
That’s what I would try next, if the FullSync doesn’t resolve the issue I would then remove the accounts from the scope of AAD Connect with Attribute filtering (done in the same way as DirSync), run a full sync, and then add them back in to the scope, full sync again.
Hope this helps!
Mike
LikeLike
We had synced to Office 365 without first setting the attribute to NULL. To resolve we set the attribute to Null, performed a full sync, disabled/turned off the exchange online option for the user under product licenses section in office 365 (alternatively you can remove the entire license from all users and then re-add it) and this triggered the creation of the mailbox.
LikeLike
Hello Mike
Thanks for the article very helpful , Just wondering once we complete the migration should we enable the msExchMailboxGUID in the AD Azure sync tool?
LikeLike
Hi Jim
There would be no need to sync this attribute later, it is an on-premises identifier for your mailbox, and the users will get a new mailbox GUID when they are enabled in Exchange Online. I personally wouldn’t try and sync it later, and I don’t think it would work anyway!
Glad you found the post helpful!
Mike
LikeLike
Hi There.
If we have done a full sync without the Exchange GUID and all users are up and running how do we go about removing our OLD exchange servers. Can we just remove them via uninstalling since the Exchange GUID has not been synced ?
Much appreciated,
Shaun
LikeLike
Hi Mike.
I have been looking for any info on this.. Could you share your experience with me on our worrying issue at the moment. We have 5 2003 Exchange servers (one per site) and we have migrated via AD Sync to Office 365 filtering out the ExchangeGUID as per your guide.
Users are connected to their new mailboxes and all is well. We have imported the PST etc.
What does this mean for our steps going forward:
What is going to happen now if I uninstall our current exchange servers ?
Will it break the AD sync somehow or the users connection to the 365 Cloud ?
I would appreciate your reply.
Thanks
Shaun.
LikeLike
Hi Shaun,
You should be making use of the free Hybrid Exchange License from Microsoft and installing Exchange 2010 into your Forest (as 2003 cannot co-exist with 2013/2016) migrating all your roles to Exchange 2010. Once this is done, you should de-provision all your Exchange 2003 servers as you would Exchange Servers normally, by removing all roles and uninstalling Exchange.
You should always keep at least one Exchange Server on-premises when using Directory Synchronisation for management of your attributes authored on-premises – such as proxy addresses.
Thanks,
Mike
LikeLike
Hi Mike.
Thanks for the reply. Due to the fact that we excluded the exchangeGUID from the AD Azure sync I believe we were able to sort of trick Office 365 into not seeing our on premise mailboxes and we were able to create a box in the cloud and assign it a licence.
We are able to manage the exchange attributes from the Office 365 console at the moment.
Or am i misunderstanding the attributes which you are mentioning.
Thanks very much.
Shaun
LikeLike
I would just like to understand how users would then remove their old exchange servers as per your article on excluding the ExchangeGUID from Azure AD sync.
Much appreciated.
Regards,
Shaun
LikeLike
Hi Shaun,
You would just perform a decommissioning of Exchange as you would any other environment, however, you would leave an Exchange 2013/2016 server for attribute management (unless you are currently running Exchange 2003 in which case this would be Exchange 2010 as 2013 onwards can’t co-exist)
LikeLike
Hi Mike.
Yes currently we have 5 exchange servers still running with the OLD mailboxes on.
I think we already have a small issue as if I delete the AD user’s current mailbox there email address field in AD reverts to blank and their in cloud email address defaults to Onmicrosoft.com.
To fix this I filled in the email field under the AD account section and kicked off a sync and it then fixed the default SMTP address in the cloud to the correct one,
With Exchange 2003 tho the users management was usually done with the Active Directory tool under the Microsoft Exchange folder. AD users would have an Exchange General TAB, Exchange Advanced TAB as well as Email Tab. (Links to pictures below) As soon as I removed the on premise mailbox these TABs disappeared so already I cant manage certain attributes even with the Exchange servers still present.
https://onedrive.live.com/redir?resid=A50ABB6D5B9262A1!13724&authkey=!AD7fKaPLClEwzJw&ithint=folder%2cJPG
Do you think installing an Exchange 2010 server would once again let me manage these attributes. ?
Much appreciated.
Shaun
LikeLike
Yes you should install an Exchange server to manage mail attributes on-premises. This is the supported method by Microsoft.
LikeLike
Well we have 5 exchange servers and once the on premise box is removed i cant manage any mail attributes of users in the cloud… (in my case)
LikeLike
Thats why you should install an Exchange 2010 server with the hybrid license.
LikeLike
Hi Mike.
Ok great.
Just a last question. Instead of adding the Exchange 2010 server now, do you think its better to first remove all the Exchange 2003 servers and then add a new 2010 server to avoid the whole 2003 and 2010 Co existence / Migration steps.
Regards,
Shaun
LikeLike
Hi Shaun,
To ensure you dont hit problems down the line and to best enable continuity I would migrate. As there is no mailboxes left on prem it is pretth low risk and you shouldn’t need to worry about co-existence too much.
Mike
LikeLike
Hi Mike.
So you say go with uninstalling all Exchange 2003 servers and then Install a Fresh 2010 Server ?
Thanks
LikeLike
Great article, had fiddled in the past with DirSync, but AAD Connect is still new to me. I had already allocated a license on O365 but still got the error message. Ended up to remove the license and re-assign it, which then got me the message “We are preparing a mailbox for this user…” Yeay!
LikeLiked by 1 person
Great Felix, glad this helped!
LikeLike
Hi Mike, great article.
Is this still the recommended way to keep one Exchange server on premise when using AAD Connect? I am in the process of migrating to Office365 myself and I was wondering if there is no other way? What If i filter every msexch… property via AAD Connect so I can start from scratch in the cloud – I have only about 15 users. Any suggestions? Should I create the users manually or sync them with AAD connect?
Thanks,
Mike
LikeLike
Hey..
This is an easy way to do it with a number of users. If you are going to keep an onpremis exchange then you should migrate it the proper way. If not then what we did was to just excluded the ExchangeMailGuid from the AAD sync then office 365 will allow you to create new boxes for users. You can then export them via outlook or via exmerge tool. With no on premis exchange you need to edit the AD schema for certain things like additional email addreses or to hide the user from the address list. We found this out…
This is fine for us tho as we didnt want an on premis server – that would defeat thr object of moving to the cloud for us
Regards,
LikeLike
Hi Mike,
If you are going to use AAD Connect then the only supported way to manage users is using the on-premises Exchange server. Unfortunately even if you turn off sync for all Exchange attributes, Office 365 still sees the objects authored on-premises and will not let you edit the Exchange attributes in the cloud.
For only 15 users I would question whether the expense of running AAD Connect and Exchange boxes is worth the benefits, and perhaps consider moving to cloud only accounts, and if passwords being the same is the big issue for your organisation then look into using a Third Party tool like MessageOps Password Sync to sync just the passwords, but still be able to manage the accounts in Exchange Online.
Thanks,
Mike
LikeLike
Hi Mike,
Perfect, thanks a lot. Helped me out a lot.
Cudos.
Cheers,
Mike
LikeLike
Thanks Mike for the useful information. I did this for one of our customers and it worked like magic.
LikeLike
Glad it helped you out Owams!
LikeLike
I’m doing a cut-over migration for a client, and I caught this at the last minute – however, You saved my Bacon Mike! Thanks a lot – Tarj
LikeLiked by 1 person
Thank you so much for this post. It saved me on a cutover. You sir are great.
LikeLiked by 1 person
We have a client who has hybrid w/ AD connect with existing O365 users, they bought a company that has an on prem exchange 2010 w/ their own AD, the plan is to join them Main company AD on a separate OU and move to mailbox to O365, we used skykick, but having errors and wants to disable msExchMailboxGuid, how can I move forward without affecting the existing users on the main AD, will it delete my users when a sync happens?
LikeLike
You should find that filtering out this attribute from Sync will only stop Exchange Online from knowing the users have a mailbox on-premises, and so it shouldn’t affect existing users in the cloud. It isn’t used for mail flow, and the mail contacts will still be created as normal, so I wouldn’t expect this to cause any problems. Mike
LikeLike