The perils of deleting a Shared Mailbox user account

The world of IT is a perilous and dangerous place to be. Particularly when your mouse is hovering over that ‘Delete’ button.

I came across an incident recently where a user had left a company, and as per standard practice for leavers in Office 365, their mailbox had been converted to a Shared Mailbox to free up the license whilst preserving mailbox access for their manager. As this mailbox was now Shared and the user was no longer present, the administrator deleted the user account in question out of Active Directory. The effect of this was that the user and mailbox in Office 365 was also deleted. This behaviour is something worth remembering if you are the administrator of an Office 365 environment.

I could see that the mailbox was listed in the Office 365 ECP under Recipients>Mailboxes>…>Deleted Mailboxes therefore it was recoverable. I went for the Recover option and was faced with the error:

'User not found'

Uh oh. Usually this process would recreate the MSOL User account along with restoring the mailbox. I checked in the Office 365 Admin Centre and the user had not been recreated, however if I went to the ECP and Recipients>Shared I could see the restored mailbox. Unfortunately though, the mailbox was only half there and the details pane showed no email address, just ‘the items you’re trying to open couldn’t be found’:

ItemCouldntbeFound

My mailbox was stuck in limbo! I went into Powershell for Exchange Online and ran Get-Mailbox, but the Shared mailbox wasn’t listed. I then ran Get-Mailbox -SoftDeletedUsers and the Shared mailbox wasn’t here either. This wasn’t looking good.

I was concerned that if I deleted the limbo mailbox then I would lose it forever, but I had no choice but to try. I got another error message ‘User not found’ when trying to delete the mailbox but after a minute or two it showed up in Deleted Mailboxes and when running Get-Mailbox -SoftDeletedUsers it also appeared. Hurrah!

My mantra whenever I work with Exchange, online or on premise is that if something doesn’t work in the GUI, try it in Powershell. So I ran the command shown below to try and recover the mailbox, and by the Power of the Shell, it worked!

Undo-SoftDeletedMailbox sharedmailbox@doubledit.co.uk -WindowsLiveID sharedmailbox@doubledit.co.uk -Password (ConvertTo-SecureString -String ‘Passw0rd’ -AsPlainText -Force)

In my opinion, this looks like a GUI based bug when recovering a Shared Mailbox. User mailboxes restore without a hitch, but Shared Mailboxes are not so friendly via the GUI. The answer, as usual, is the mighty Powershell.

11 thoughts on “The perils of deleting a Shared Mailbox user account

  1. Adam says:

    Hi, I’m wondering what the -Password parameter is for. Aren’t you already authenticated and the powershell session bound to outlook.office365.com ?

    I’ve tried entering the Undo-SoftDeletedMailbox command with and without the -Password parameter and i get the error “Wrong DomainController value. This session is bound to… .com” Any suggestions on how to retrieve this mailbox?

    Like

  2. The password parameter sets a cloud password for the cloud user if I’m not mistaken. Are you trying to run this command in the Exchange Management Shell instead of in a PS session connected to Exchange Online? That’s the only reason I can think where you would end up with a domain controller based error!

    Like

  3. marc says:

    Hi i tried the script but i had an error: Wrong DomainController value. Cannot use Domain Controller ‘SINPR06A002DC06.APCPR06A002.prod.outlook.com’ in AD Session bound to partition ‘apcprd06.prod.outlook.com’.

    can you please help me out??

    Like

  4. Asri says:

    Hi,
    Our organization has the same procedure for ex-staffs and we’re wondering if there’s a way to unlink the office365 user account from the shared mailbox so that we can delete the user account while still retaining the shared mailbox?

    At present, when we delete the user account, the shared mailbox get deleted as well.

    I think there’s a way in powershell however I could not find any documentation on it. Another reason i think it’s possible is because when a shared mailbox is created standalone, there are no user accounts created, this is only occurring on regular mailboxes that were converted to shared mailboxes.

    Like

    • Prior to converting the mailbox to shared, you could delete the AD User and then restore the MSOL User account. This would leave you with a cloud only account which you could then convert to shared.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s