A little while ago, I documented some steps to fix issues you may experience as part of migrating linked mailboxes to Exchange Online (check out the details here).
PROBLEM
One of the issues addressed was a scenario where a user has a mailbox in both Exchange on-premises and Exchange Online. Since I wrote the article, I’ve had to remediate this for a couple of customers where retention policies had also been configured to retain mailbox data for a period of time. This introduces a problem where you can’t permanently delete the mailbox in Exchange Online, which means when you re-license the user, they are connected to the soft-deleted mailbox (not something we want!).
SOLUTION
To get around it, I’ve prepared some steps below which you can follow:
The first thing to do is to find out the name of the retention policy the user is a member of. You can do this by running the following cmdlet and you will get a list of the GUIDs for the retention policies in your organisation:
Get-OrganizationConfig | FL InPlaceHolds
If there are too many retention policies to be displayed, use:
Get-OrganizationConfig | Select-Object -ExpandProperty InPlaceHolds
Retention policies which apply to mailboxes, public folders and Teams chats start with “mbx.” Those which apply to Microsoft 365 Groups (previously known as Office 365 Groups) and Teams channel messages start with “grp.”
Next, you need to exclude the user from the retention policy, either via the GUI or using PowerShell. This may take a while to complete, so I suggest giving it a day for the setting to replicate. You can use the following PowerShell to remove a single mailbox from a retention policy:
Set-RetentionCompliancePolicy ‘NameofRetentionPolicy‘ -RemoveExchangeLocation <username> -Force
Now you’ve excluded the mailbox from the retention policies, you’d expect that the mailbox would be excluded from the retention policy! Unfortunately, your expectations are incorrect. To give admins an opportunity to search for or recover mailbox items which will be purged after a hold is removed, a “delay hold” is applied. This means the actual removal of the hold is delayed for 30 days. Now, at this stage I’m pretty sure you don’t want to be waiting around for 30 days just to remove this mailbox, so thankfully Microsoft allows us to remove the delay hold on the mailbox by using the following PowerShell cmdlets:
Set-Mailbox <username> -RemoveDelayHoldApplied
Set-Mailbox <username> -RemoveDelayReleaseHoldApplied
To confirm the values for these settings have changed on the mailbox run:
Get-Mailbox <username> | FL *HoldApplied*
Once the delay hold has been removed from the mailbox, you can now remove the Exchange Online license from the user. This will take about 10 or so minutes to replicate throughout the various Azure and Exchange directories. Once replicated, you should find the mailbox has been removed and the user becomes a contact in Exchange Online.
As I explained in the original blog, now you need to clear the previous mailbox information from the user by running the following:
Set-User <UserPrincipalName> -PermanentlyClearPreviousMailboxInfo
After waiting for Azure AD Connect to perform sync or manually starting one, you can add the Exchange Online license back to the user and confirm they remain a contact in the Exchange Online admin centre with no mailbox created in Exchange Online.
As always, feel free to reach out if you have questions or comments.
