Office 365: Convert User Mailbox to Shared Mailbox
Many administrators need to convert regular User Mailboxes to a Shared Mailbox after migration to Office 365. While the task is not very complex in itself, it is admittedly quite boring and you need to remember quota sizes and not least the syntax for removing the license.
I’ve put together a small script that will automate this task given two command line arguments in the format:
.\convertUserToShared.ps1 <user@domain.com> <sec-gr-shared-mailbox-name>
Note:
Remember to assign an email address to the security group or you won’t be able to use it in Exchange Online. You may also want to hide it from the address book (set attribute: msExchHideFromAddressBook to True).
Now, to be able to perform the necessary operations you need the following plug-ins:
- Microsoft Online Services Sign-In Assistant: https://www.microsoft.com/en-us/download/details.aspx?id=39267
- Windows Azure AD Module: https://technet.microsoft.com/library/jj151815.aspx
And I really recoomend upgrading Powershell as well:
- Powershell 3.0: https://www.microsoft.com/en-us/download/details.aspx?id=34595
Connect to Exchange Online AND Office 365 with the following syntax prior to running the script:
1: $LiveCred = Get-Credential
2: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $LiveCred -Authentication Basic -AllowRedirection
3: Import-PSSession $Session
4: Connect-MsolService -Credential $LiveCred
I’ve commented directly in the source where needed, so the script should be fairly self explanatory:
1: $count = $args.Count
2: if ($count -lt 2) {
3: Write-Host
4: Write-Host "You need to specify username and security group as arguments: .\convertUserToShared.ps1 <username@domain.ext> <securitygroup>" -ForegroundColor Red
5: Write-Host
6: }
7: else {
8: $mbx = $args[0]
9: $secGroup = $args[1]
10: Write-Host Processing user: $mbx -ForegroundColor Yellow
11:
12: # Verify if group exist, remember to DirSync it first
13: $test = Get-Group $secGroup -ErrorAction SilentlyContinue
14: if ($test -ne $null) {
15:
16: # Verify if mailbox exist
17: $test = Get-Mailbox $mbx -ErrorAction SilentlyContinue
18: if ($test -ne $null) {
19:
20: # Do the "clever" stuff to find out if mbx is less than 4500 MB (leaves a little room up to 5 GB)
21: $stat = Get-MailboxStatistics $mbx
22: $tmp = $stat.TotalItemSize.Value.ToString().Split("(")[0].Replace(" ","")
23: $mb = Invoke-Expression $tmp/1MB
24: if ([int]$mb -lt 4500) {
25:
26: # Setting the actual mailbox parameters
27: Write-Host Converting user $mbx to shared and setting quota to 5 GB...
28: Set-Mailbox -Identity $mbx -Type "Shared" -ProhibitSendReceiveQuota 5GB -ProhibitSendQuota 4.75GB -IssueWarningQuota 4.5GB
29:
30: # Adding permissions
31: Write-Host Adding permissions for $secGroup on $mbx
32: Add-MailboxPermission $mbx -User $secGroup -AccessRights FullAccess
33: Add-RecipientPermission $mbx -Trustee $secGroup -AccessRights SendAs -Confirm:$false
34:
35: # Remove the license, Shared Mailboxes with a 5GB limit are free of charge
36: Write-Host Removing license for $mbx
37: $MSOLSKU = (Get-MSOLUser -UserPrincipalName $mbx).Licenses[0].AccountSkuId
38: Set-MsolUserLicense -UserPrincipalName $mbx -RemoveLicenses $MSOLSKU
39: Write-Host Done! -ForegroundColor Green
40:
41: }
42: else { Write-Host Mailbox is ([int]$mb) MB which is too large for conversion to a nonlicensed shared mailbox, reduce size and try again. -ForegroundColor Red }
43: }
44: else { Write-Host Mailbox: $mbx does not exist! -ForegroundColor Red }
45: }
46: else { Write-Host Group: $secGroup does not exist! -ForegroundColor Red }
47: Write-Host
48: }
Important:
If you’re synchronizing your accounts with Active Directory using DirSync (or FIM), please make sure that the following attributes are set on the modified Shared Mailbox objects in Active Directory:
msExchRemoteRecipientType = 100
msExchRecipientTypeDetails = 34359738368 (Optional but will set correct Remote Mailbox type on-prem)
If these attributes are not set correctly, you will risk that DirSync converts the cloud object back to a regular mailbox.
Note:
If you can make a regex that will do the job of line 22, you will be credited on this page! :)