I'm looking for the best way to move a user to a new Active Directory (AD) account while keeping their existing mailbox intact. I'm currently managing a hybrid AD setup that includes on-premises and Entra sync with Exchange Online. The user's original account was frequently locking out, which I suspect was due to a cached credential or a rogue device. To resolve the issue, I created a new AD account, and the user logged in with that, resolving the lockouts. However, the original account still has all of their emails, calendar events, and meeting details in its mailbox. I'd like to know the cleanest long-term solution to allow the user to continue using the existing mailbox with the new account, without any disruption to email flow or data loss. I'm considering options like mailbox delegation, converting the mailbox to a shared one, or completely migrating it to the new account. In a mixed environment like mine, what approach should I take? Should I stick with delegation, or is it better to move the mailbox entirely?
2 Answers
Honestly, instead of creating a new account, you might want to just change the username on the existing account. That way, everything stays the same, and it might solve the lockout issue. If you have tools like SIEM, they can help pinpoint where the lockouts are happening, which is much better than creating a workaround.
Before anything, run a script or check the sign-in logs to identify what's locking the account. Knowing the root cause will help prevent future issues. Going forward with mailbox delegation does seem like a more sustainable solution than hopping from one account to another, especially if the problem isn't addressed.
I totally agree! Workarounds can lead to more headaches in the future. Fixing the root cause is always the best way to go.