I'm trying to clean up my shared mailboxes after migrating them to Exchange Online. A few years back, we moved all our mailboxes from on-prem Exchange to Exchange Online in a hybrid setup. While we still manage Exchange locally, we created around 30 shared accounts that are only used for shared mailboxes and no one logs into them. When I create a new shared mailbox now, it seems to generate a user account in Entra/Exchange Online, but these accounts do not sync back to Active Directory (AD). However, I still have all those old accounts in AD that are tied to the shared mailboxes.
I'm wondering if I can go ahead and delete these accounts in AD without causing issues. If that risks breaking something, is there a workaround, like exporting to a PST file, deleting the mailbox, removing the AD user, and recreating it? Or should I consider removing the shared mailboxes in Entra/Exchange Online and create users in AD first, so everything syncs up and is manageable? What's the best approach for ongoing management?
2 Answers
To manage those shared mailboxes effectively, you need to ensure you’re not violating any licensing issues by converting from a user mailbox if they were ever user mailboxes. For shared mailboxes created from scratch, you shouldn’t have any problems. If you remove a user account or move it out of the sync OU, you'd lose the mailbox. If you want to keep transaction logs, you have to put them on Legal hold first. It seems like managing them in AD would give you better control overall!
It sounds like your shared mailboxes are actually set to disabled sign-in by default, which is the expected behavior when you create them in Exchange Online. If you want to clean things up, you could try moving the user accounts to a non-syncing OU, then syncing again. After that, just restore them from Deleted Users and they'll turn into cloud-only accounts. It might sound overly simple for Microsoft, but it's worth a shot!
Wait, so you're saying you can just move them and restore? Sounds too easy, but I really like the idea! I will definitely give that a try.
I thought all of mine were always shared mailboxes and not user accounts. I didn’t set any passwords or let anyone log in, so it’s good to know that I may not have those licensing issues!