6. User and contact administration

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 6. User and contact administration

Often, one of your primary tasks as a Microsoft Exchange administrator is to manage user accounts and contacts. User accounts enable individual users to log on to the network and access network resources. In Active Directory, users are represented by User and InetOrgPerson objects. User objects represent standard user accounts; InetOrgPerson objects represent user accounts imported from non-Microsoft Lightweight Directory Access Protocol (LDAP) or X.500 directory services. User and InetOrgPerson are the only Active Directory objects that can have Exchange mailboxes associated with them. Contacts, on the other hand, are people who you or others in your organization want to get in touch with. Contacts can have street addresses, phone numbers, fax numbers, and email addresses associated with them. Unlike user accounts, contacts don’t have network logon privileges.

Understanding users and contacts

In Active Directory, users are represented as objects that can be mailbox-enabled or mail-enabled. A mailbox-enabled user account has an Exchange mailbox associated with it. Mailboxes are private storage areas for sending and receiving mail. A user’s display name is the name Exchange presents in the global address list.

Another important identifier for mailbox-enabled user accounts is the Exchange alias. The alias is the name that Exchange associates with the account for addressing mail. When your mail client is configured to use Microsoft Exchange Server, you can type the alias or display name in the To, Cc, or Bcc text boxes of an email message and have Exchange Server resolve the alias or name to the actual email address.

Although you’ll likely configure most Windows user accounts as mailbox-enabled, user accounts don’t have to have mailboxes associated with them. You can create user accounts without assigning mailboxes. You can also create user accounts that are mail-enabled rather than mailbox-enabled, which means that the account has an off-site email address associated with it but doesn’t have an actual mailbox. Mail-enabled users have Exchange aliases and display names that Exchange Server can resolve to actual email addresses. Internal users can send a message to the mail-enabled user account using the Exchange display name or alias and the message will be directed to the external address. Users outside the organization can use the Exchange alias to send mail to the user.

It’s not always easy to decide when to create a mailbox for a user. To better understand the decision-making process, consider the following scenario:

You’ve been notified that two new users, Elizabeth and Joe, will need access to the domain.
Elizabeth is a full-time employee who starts on Tuesday. She’ll work on site and needs to be able to send and receive mail. People in the company need to be able to send mail directly to her.
Joe, on the other hand, is a consultant who is coming in to help out temporarily. His agency maintains his mailbox, and he doesn’t want to have to check mail in two places. However, people in the company need to be able to contact him, and he wants to be sure that his external address is available.
You create a mailbox-enabled user account for Elizabeth. Afterward, you create a mail-enabled user account for Joe, ensuring that his Exchange information refers to his external email address.

Mail-enabled users are one of several types of custom recipients that you can create in Exchange Server. Another type of custom recipient is a mail-enabled contact. You create a mail-enabled contact so that users can more easily send email to that contact. A mail-enabled contact has an external email address.Microsoft Exchange Server 2013 has in-place archiving for user mailboxes, which is designed to replace the need for personal stores in Outlook. An in-place archive is an alternative storage location for historical message data that is seamlessly accessible to a user in Microsoft Outlook 2007 and later and Outlook Web App.

The in-place archive is created as an additional mailbox and is referred to as an archive mailbox. Users can easily move and copy mail data between a primary mailbox and an archive mailbox. Because in-place archiving is a premium feature, an enterprise license is required for each user with an archive mailbox. For more information, see “Creating and using archive mailboxes” in Chapter 7.

Understanding the basics of email routing

Exchange uses email addresses to route messages to mail servers inside and outside the organization. When routing messages internally, Mailbox servers use mail connectors to route messages to other Exchange servers, as well as to other types of mail servers that your company might use. Two standard types of connectors are used:

Send connectors. Control the flow of outbound messages
Receive connectors. Control the flow of inbound messages

Send and Receive connectors use Simple Mail Transfer Protocol (SMTP) as the default transport and provide a direct connection among Mailbox servers in an on-premises Exchange organization. Edge Transport servers can also receive mail from and send mail to other types of mail servers.

You can use these connectors to connect Mailbox servers in an organization. When routing messages outside the company, Mailbox servers and Edge Transport servers use mail gateways to transfer messages. The default gateway is SMTP.

Online-only deployments work in much the same way, except that mail is routed through the Exchange Online organization. Here, Exchange Online Protection handles transport.

In hybrid deployments, mailboxes can reside in the on-premises Exchange organization and in an Exchange Online organization. Messages are sent between the organizations transparently and appear as internal messages. To enhance security, messages are encrypted and transferred between the organizations using Transport Layer Security (TLS).

Exchange Server 2013 uses directory-based recipient resolution for all messages that are sent from and received by users throughout an Exchange organization. The Exchange component responsible for recipient resolution is the Categorizer. The Categorizer must be able to associate every recipient in every message with a corresponding recipient object in Active Directory.

All senders and recipients must have a primary SMTP address. If the Categorizer discovers a recipient that does not have a primary SMTP address, it will determine what the primary SMTP address should be or replace the non-SMTP address. Replacing a non-SMTP address involves encapsulating the address in a primary SMTP address that will be used while transporting the message.

Important

Non-SMTP email address formats include fax, X.400, and the legacy Exchange format (EX). The Categorizer encapsulates email addresses using non-SMTP formats in the Internet Mail Connector Encapsulated Addressing (IMCEA) format. For example, the Categorizer encapsulates the fax address, FAX-888-555-1212, as [email protected]. Any email address that is longer than what SMTP allows is transmitted as an extended property in the XExch50 field, provided the name part of the address and domain part of the address don’t exceed the allowed limits. The maximum allowed length for an email address in Exchange is 571 characters, 315 characters for the name part of the address, 255 characters for the domain name, and the @ sign character that separates the two name parts.

In addition to primary SMTP email addresses, you can configure alternative recipients and forwarding addresses for users and public folders. If there is an alternative recipient or forwarding address, redirection is required during categorization. You specify the addresses to which messages will be redirected in Active Directory, and redirection history is maintained with each message.

Understanding on-premises and online recipient management

Exchange Management Shell provides many commands for working with mailbox-enabled users, mail-enabled users, and contacts. The main commands you’ll use are shown in the following list:

MAILBOX-ENABLED USER	MAIL-ENABLED USERS	CONTACTS
Connect-Mailbox	Disable-MailUser	Disable-MailContact
Disable-Mailbox	Enable-MailUser	Enable-MailContact
Enable-Mailbox	Get-MailUser	Get-MailContact
Get-Mailbox	New-MailUser	New-MailContact
New-Mailbox	Remove-MailUser	Remove-MailContact
Remove-Mailbox	Set-MailUser	Set-MailContact
Set-Mailbox

Because Exchange organizations can be on-premises, online, or a hybrid of the two, working with recipients is more complex than it used to be, especially when it comes to creating recipients. Normally, to work with the recipient you access the organization where the recipient should be or has been created. For example, if a mailbox was created in the on-premises Exchange organization, you connect to the on-premises organization and work with the mailbox using the on-premises implementation of Exchange Admin Center or Exchange Management Shell. If a mailbox was created in the online Exchange organization, you connect to the online organization and work with the mailbox using the online implementation of Exchange Admin Center or Exchange Management Shell.

With hybrid deployments, however, you can synchronize users from on-premises Active Directory to Exchange Online. You do this using the hybrid deployment tools. When you run the sync tool for the first time, it copies all of the user accounts, contacts, and groups from Active Directory to Exchange Online. The domains in your organization are then synchronized automatically, so you need to re-run the sync tool only if you add, remove, or rename domains.

Although accounts for synced users are created in the Exchange Online organization, they are not activated for online use, which means they don’t have access to the online features and also haven’t been licensed. If you want to create an online mailbox for a synced user, you also must activate the account before the grace period expires. If the user has a local mailbox and you want to move it to Exchange Online, you run the Mailbox Migration Wizard. This wizard configures forwarding of the user’s local mailbox to Exchange Online and then copies the user’s mailbox data to Exchange Online. Moving and migrating mailboxes is discussed in more detail in Chapter 7.

To create a new synced mailbox user, you have several options. One option is as follows:

Create the user account in Active Directory Users And Computers.
Wait for the account to be synchronized with the Exchange Online organization.
Access the Exchange Online organization. Next, either create the mailbox for the user or migrate the user’s existing mailbox to Exchange Online. If you create a mailbox for the user, keep the following in mind:
- For Exchange Admin Center, this means using the online console for administration. In a synchronized hybrid deployment, you can access the online console from an on-premises console. Tap or click the Office 365 option. In Office 365 Admin Center, tap or click Admin and then select Exchange. This opens the Exchange Online version of Exchange Admin Center.
- For Exchange Management Shell, you access the Exchange Online organization by establishing a remote session with Exchange Online as discussed in “Connecting manually to Exchange Online” in Chapter 4.
Using Office 365 Admin, activate the synced user and assign a license. When you assign a license, a mailbox is created automatically for the user.

The second option for creating a new synced mailbox user is to use the New-RemoteMailbox cmdlet. In this method, you access the on-premises Exchange organization in Exchange Management Shell and then use New-RemoteMailbox to create an enabled and synced mailbox user, which means:

A mail-enabled user is created in on-premises Active Directory.
An associated mailbox is created in Exchange Online.

Note

Don’t forget, you’ll also need to assign the user a mailbox plan.

The basic syntax for the RemoteMailbox cmdlets are as follows:

New-RemoteMailbox. Creates a mail-enabled user in on-premises Active Directory and a mailbox in Exchange Online.

New-RemoteMailbox -Name CommonName [-Alias ExchangeAlias]
[-ArbitrationMailbox ModeratorMailbox] [-Archive <$true
| $false>] [-DisplayName Name] [-DomainController FullyQualifiedName]
[-FirstName FirstName] [-Initials Initials] [-LastName LastName]
[-ModeratedBy Moderators] [-ModerationEnabled <$true | $false>]
[-OnPremisesOrganizationalUnit OUName] [-OverrideRecipientQuotas
<$true | $false>] [-Password Pwd] [-PrimarySmtpAddress SmtpAddress]
[-RemotePowerShellEnabled <$true |$false>] [-RemoteRoutingAddress
ProxyAddress] [-ResetPasswordOnNextLogon <$true | $false>]
[-SamAccountName PreWin2000Name] [-SendModerationNotifications <Never
| Internal | Always>] [-UserPrincipalName LoginName]

Enable-RemoteMailbox. Creates an online mailbox for a user already created in on-premises Active Directory.

Enable-RemoteMailbox -Identity UserId [-Alias ExchangeAlias]
[-DisplayName DisplayName] [-DomainController DomainControllerName]
[-PrimarySmtpAddress SmtpAddress] [-RemoteRoutingAddress
ProxyAddress]

Disable-RemoteMailbox. Removes an online mailbox but keeps the user account in on-premises Active Directory.

Disable-RemoteMailbox -Identity UserId [-Archive <$true | $false>]
[-DomainController DomainControllerName] [-IgnoreDefaultScope<$true |
$false>] [-IgnoreLegalHold <$true | $false>]

Remove-RemoteMailbox. Removes an online mailbox and the related account in on-premises Active Directory.

Remove-RemoteMailbox -Identity UserId [-Archive <$true | $false>]
[-DomainController DomainControllerName] [-IgnoreDefaultScope<$true |
$false>] [-IgnoreLegalHold <$true | $false>]

Regardless of which approach you use to create new mailbox users in Exchange Online, you must license these mailbox users in Office 365. You do this by associating a mailbox plan with each mailbox user. Using the graphical tools, you can associate mailbox plans when you are creating mailbox users or afterward by editing the account properties. In a remote session with Exchange Online, you can use the -MailboxPlan parameter with the New-Mailbox cmdlet to do the same. However, at the time of this writing, there are no mailbox plan parameters for any of the RemoteMailbox cmdlets. (Hopefully, this oversight will be corrected by the time you read this.) When you assign mailbox plans, you need to ensure you have enough licenses. You purchase and assign licenses using Office 365 Admin Center. Select Licensing in the feature pane to see the subscription and licensing options. On the Subscriptions tab, tap or click a subscription link to purchase additional licenses for that plan. On the Licenses tab, as shown in Figure 6-1, you see a summary of the number of valid, expired, and assigned licenses for each plan being used.

A screen shot of Office 365 Admin Center, showing the number of valid, expired, and assigned licenses for various mailbox plans.

Figure 6-1. Accessing the Licensing node to work with subscriptions and licensing.

Office 365 will allow you to assign more mailbox plans than you have licenses for. However, after the initial grace period, problems will occur. For example, mail data for unlicensed mailboxes may become unavailable. Remember, the number of valid licenses shouldn’t exceed the number of assigned licenses.

You activate and license synced users in Office 365 as well. Under Users And Groups > Active Users, select the check boxes for the users you want to activate and license and then select Activate Synced Users. Next, specify the work location for the users, such as United States. Under Assign Licenses, select the mailbox plan to assign. Finally, select Activate.

The Office 365 service, its settings, and accounts are all manageable from Windows PowerShell. Every account you create in the online environment is in fact created in the online framework within which Office 365 and Exchange Online operate. This framework is called Windows Azure, and like Windows Server, it uses Active Directory to provide its directory services.

Before you can manage Office 365, its settings, and accounts from Windows PowerShell, you must install the Windows Azure Active Directory module (which is available at the Microsoft Download Center: http://go.microsoft.com/fwlink/p/?linkid=236297). Any computer capable of running Exchange 2013 or acting as a management server can run this module, provided .NET framework 3.51 and the Microsoft Online Services Sign-in Assistant version 7.0 or later are installed. At the time of this writing, the sign-in assistant was available at http://go.microsoft.com/fwlink/?LinkId=286152. Be sure to download and install only the 64-bit versions of the module and the sign-in assistant.

After you download and install the required components, the Windows Azure Active Directory module is available for your use. This module also is referred to as the Microsoft Online module. Although Windows PowerShell 3.0 or later can implicitly import modules, you must explicitly import this module with PowerShell 2.0. After you import the module, if necessary, you can connect to the Windows Azure and Microsoft Online Services using the Connect-MSOLService cmdlet.

Because you’ll typically want to store your credentials in a Credential object rather than be prompted for them, the complete procedure to connect to Microsoft Online Services by using Windows PowerShell 2.0 is:

import-module msonline
$cred = get-credential
connect-msolservice -credential:$cred

Or, by using Windows PowerShell 3.0 or later:

$cred = get-credential
connect-msolservice -credential:$cred

After connecting to the service, you can use the available commands to manage online settings and objects. For example, if you want to get a list of user accounts that have been created in the online service along with their licensing status, enter get-msoluser. The results will be similar to the following:

UserPrincipalName                     DisplayName                 isLicensed
-----------------                     -----------                 ----------
[email protected]…   William Stanek            True
[email protected]…   Valery Ushakov            False

Enter get-help *msol* to get a list of commands specific to Microsoft Online Services.

Managing user accounts and mail features

With Exchange Server 2013, Exchange Admin Center and Exchange Management Shell are the primary administration tools you use to manage mailboxes, distribution groups, and mail contacts. You can use these tools to create and manage mail-enabled user accounts, mailbox-enabled user accounts, and mail-enabled contacts, as well as any other configurable aspect of Exchange Server.

The sections that follow examine techniques to manage user accounts and the Exchange features of those accounts whether you are working with either on-premises Exchange organizations or Exchange Online. In a hybrid environment, you always manage domain user accounts and their mailboxes using the on-premises Exchange tools. Your changes are then synced to the online environment.

Note

Domain administrators can create user accounts and contacts using Active Directory Users And Computers. If any existing user accounts need to be mail-enabled or mailbox-enabled, you perform these tasks using the Exchange management tools. If existing contacts need to be mail-enabled, you also perform this task using the Exchange management tools.

Finding existing mailboxes, contacts, and groups

You work with recipients where they were created, which can be either in an on-premises Exchange organization or in Exchange Online. You can view current mailboxes, mail-enabled users, contacts, and groups by following these steps:

Open Exchange Admin Center using one of the following techniques:
- For on-premises Exchange, open your web browser and then enter the secure URL for Exchange Admin Center, such as https://mailserver48.cpandl.com/ecp.
- For online Exchange, open your web browser and then enter the secure URL for Office 365 Admin Center, such as https://portal.microsoftonline.com/admin/default.aspx. In Office 365 Admin Center, tap or click Admin and then select Exchange. This opens the Exchange Online version of Exchange Admin Center.
As shown in Figure 6-2, select Recipients in the feature pane and then select the related Mailboxes, Groups, or Contacts tab, as appropriate for the type of recipient you want to work with.
Figure 6-2. Accessing the Recipients node to work with mailboxes, distribution groups, and mail contacts.
By default all recipients of the selected type are displayed. With mailboxes this means that user mailboxes, linked user mailboxes, legacy user mailboxes, and remote user mailboxes are displayed. If you want to display the recipient subtype, tap or click More and then select Add/Remove Columns. In the Add/Remove Columns dialog box, select Recipient Type and then select OK.
If you want to filter recipients based on attributes, tap or click More and then select Advanced Search.
You can then filter by alias, display name, department, email addresses, first name, last name, and recipient type. The Recipient Types condition allows you to filter the results for specific recipient subtypes, such as only remote mailbox users.
You can add conditions that allow you to filter results based on city, state, country, office, title, group membership, and more. To do this, select More Options and then select Add Condition.
By default, Exchange Admin Center displays only three columns of information for each recipient, including the display name, mailbox type, and email address. To customize the columns of information displayed, tap or click More. Use the options provided in the Add/Remove Columns dialog box, shown in Figure 6-3, to configure the columns to use, and then tap or click OK.
Figure 6-3. Customizing the list of columns to display using the options provided.

In Exchange Management Shell, you can find mailboxes, contacts, and groups by using the following commands:

Get-User. Use the Get-User cmdlet to retrieve all users in the forest that match the specified conditions.

Get-User [-Identity UserId | -Anr Identifier]
[-AccountPartition PartitionId]
[-Arbitration <$true | $false>] [-Credential Credential]
[-DomainController DomainControllerName] [-Filter FilterString]
[-IgnoreDefaultScope <$true | $false>] [-Organization OrgName]
[-OrganizationalUnit OUName] [-PublicFolder <$true | $false>]
[-ReadFromDomainController <$true | $false>] [-RecipientTypeDetails
Details] [-ResultSize Size] [-SortBy String]

Get-Contact. Use the Get-Contact cmdlet to retrieve information about a specified contact or contacts.

Get-Contact [-Identity ContactId | -Anr ContactID] [-AccountPartition
PartitionId] [-Credential Credential] [-DomainController
DCName] [-Filter FilterString] [-IgnoreDefaultScope <$true
| $false>] [-Organization OrgName] [-OrganizationalUnit OUName]
[-ReadFromDomainController <$true | $false>]
[-RecipientTypeDetails Details] [-ResultSize Size] [-SortBy Value]

Get-Group. Use the Get-Group cmdlet to query for existing groups.

Get-Group [-Identity GroupId | -Anr GroupID]
[-AccountPartition PartitionId] [-Credential Credential]
[-DomainController FullyQualifiedName] [-Filter FilterString]
[-IgnoreDefaultScope <$true | $false>] [-Organization OrgName]
[-OrganizationalUnit OUName] [-ReadFromDomainController <$true |
$false>] [-RecipientTypeDetails {"Contact" | "MailContact" |
"MailUser" | "RoleGroup" | "User" | "UserMailbox" | … }]
[-ResultSize Size] [-SortBy Value]

Get-RemoteMailbox. Use the Get-RemoteMailbox cmdlet to get details for mail-enabled users in on-premises Active Directory that have mailboxes in Exchange Online.

Get-RemoteMailbox [-Identity UserId | -Anr Identifier] [-Alias
ExchangeAlias] [-Archive <$true | $false>] [-DomainController
DomainControllerName] [-OnPremisesOrganizationalUnit OUName]
[-ReadFromDomainController DomainControllerName]
[-ResultSize NumResults]

Finding synced, unlicensed, inactive, and blocked users

When you are working with hybrid organizations, users can be synced from Active Directory to Exchange Online. These synced users can have mailboxes on-premises or in Exchange Online. If you need to view all the synced users, determine where a synced user’s mailbox is located, or perform other tasks with synced users, you can use a custom filter. To create a custom filter for synced users, complete the following steps:

Open Office 365 Admin Center. Select Users And Groups in the feature pane, and the Active Users option will be selected by default.
Tap or click Filter. Next, in the Filter drop-down list, select New View.
On the New View page, enter a name for the view, such as Synced Users.
Select the Synchronized Users Only checkbox and then select Save.
Select the view you just created in the Filter drop-down list. You should now see a list of synced users.

Custom views that you create are persistent and as such will be available each time you log in to Office 365 Admin Center. To change the options of a custom view, display the view by selecting it in the Filter drop-down list and then select Edit View in the Filter drop-down list.

If you no longer want a custom view, you can delete it. Display the view by selecting it in the Filter drop-down list and then select Delete View in the Filter drop-down list. When prompted to confirm, select Yes and then select Close.

A synced user is only one type of user you may want to find in an Exchange Online organization. You also may want to find:

Unlicensed users. These users haven’t been assigned an Exchange Online license. Although there is a grace period for licensing after creating a mailbox user online, the user may lose mailbox data after the grace period expires.
Inactive users. These users have been deleted by an admin, which puts them in inactive status for a period of 30 days. When the recovery period expires, the account and any unprotected data is removed.
Blocked users. These users cannot sign in and the related accounts are blocked, such as may happen when a user’s password expires.
Users with errors. These users have errors associated with their accounts.

You can find blocked users, unlicensed users, or users with errors by completing the following steps:

Open Office 365 Admin Center. Select Users And Groups in the feature pane, and the Active Users option will be selected by default.
Tap or click Filter. Next, in the Filter drop-down list, select Sign-in Blocked Users, Unlicensed Users, or Users With Errors as appropriate.

In Office 365 Admin Center, you can find inactive users by selecting Users And Groups in the feature pane and then selecting the Deleted Users tab.

Creating mailbox-enabled and mail-enabled user accounts

Generally speaking, you need to create a user account for each user who wants to use network resources. The following sections explain how to create domain user accounts that are either mailbox-enabled or mail-enabled, and how to add a mailbox to an existing user account. If a user needs to send and receive email, you need to create a new mailbox-enabled account for the user or add a mailbox to the user’s existing account. Otherwise, you can create a mail-enabled account.

Understanding logon names and passwords

Before you create a domain user account, you should think for a moment about the new account’s logon name and password. You identify all domain user accounts with a logon name. This logon name can be (but doesn’t have to be) the same as the user’s email address. In Windows domains, logon names have two parts:

User name. The account’s text label
User domain. The domain where the user account exists

For the user Williams whose account is created in pocket-consultant.com, the full logon name for Windows is [email protected].

User accounts can also have passwords and public certificates associated with them. Passwords are authentication strings for an account. Public certificates combine a public and private key to identify a user. You log on with a password by typing the password. You log on with a public certificate by using a smart card and a smart card reader.

Although Windows displays user names to describe privileges and permissions, the key identifiers for accounts are security identifiers (SIDs). SIDs are unique identifiers that Windows generates when you create accounts. SIDs consist of the domain’s security ID prefix and a unique relative ID. Windows uses these identifiers to track accounts independently from user names. SIDs serve many purposes; the two most important are to allow you to easily change user names and to allow you to delete accounts without worrying that someone could gain access to resources simply by re-creating an account with the same user name.

When you change a user name, you tell Windows to map a particular SID to a new name. When you delete an account, you tell Windows that a particular SID is no longer valid. Afterward, even if you create an account with the same user name, the new account won’t have the same privileges and permissions as the previous one because the new account will have a new SID.

Creating mail-enabled user accounts

Mail-enabled users are defined as custom recipients in Exchange Server. They have an Exchange alias and an external email address, but they do not have an Exchange mailbox. All email messages sent to a mail-enabled user are forwarded to the remote email address associated with the account.

In Exchange Admin Center, mail-enabled users are listed as Mail Users under Recipients > Contacts. You can manage mail-enabled users through Exchange Admin Center and Exchange Management Shell.

Note

With on-premises Exchange, you have two options for mail-enabled users and contacts that are no longer needed. You can disable or delete the mail-enabled user or contact. With Exchange online, your only option is to delete the mail-enabled user or contact.

You can create a new mail-enabled user by completing the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Contacts.
Tap or click New and then select Mail User. This opens the New Mail User dialog box. Figure 6-4 shows on-premises Exchange options on the left and Exchange online options on the right.
Figure 6-4. Configuring the mail-enabled user’s settings.
If you are working with on-premises Exchange, select New User.
Type the user’s first name, middle initial, and last name in the text boxes provided. These values are used to create the Display Name entry (as well as the Active Directory name with on-premises Exchange).
The Display Name and Name properties can’t exceed 64 characters. As necessary, make changes to the Display Name, Name, or both text boxes. For example, you might want to type the name in LastName FirstName MiddleInitial format or in FirstName MiddleInitial LastName format.
Important
The difference between the Display Name and the Name properties is subtle but important. The Display Name property sets the name displayed in Exchange and Outlook. The Name property sets the display name in Active Directory and is the Common Name (CN) value associated with the user.
In the Alias text box, type an alias for the mail-enabled user. This alias should uniquely identify the mail-enabled user in the Exchange organization. Alias names cannot contain spaces.
In the External Email Address text box, type the mail user’s external email address. By default, the address is configured as a standard SMTP email address. If you are working with on-premises Exchange, you can specify a custom address type by selecting the related option and then entering a prefix that identifies the custom type. Use X.400, GroupWise or Lotus Notes for X.400, GroupWise, and Lotus Notes address types respectively.
With on-premises Exchange, the user account is created in the default user container, which typically is the Users container. Because you’ll usually need to create new user accounts in a specific organizational unit rather than in the Users container, click Browse to the right of the Organizational Unit text box. In the Select Organizational Unit dialog box, choose the location where you want to store the account and then click OK.
In the User ID or User Logon Name text box, type the user’s logon name. Use the drop-down list to select the domain with which you want to associate the account. This sets the fully qualified logon name, such as [email protected].
Type and then confirm the password for the account. This password must follow the conventions of your organization’s password policy. Typically, this means that the password must include at least eight characters and must use three of the four available character types: lowercase letters, uppercase letters, numbers, and symbols.
With on-premises Exchange you can select Require Password Change On Next Logon check box to ensure that the user changes the password at next logon.
Tap or click Save. Exchange Admin Center creates the new mail-enabled user.

If an error occurs, the user will not be created. You will need to tap or click OK, correct the problem, and then tap or click Save again. Consider the error example shown in Figure 6-5. In this instance, the user logon name/user ID was already in use so the user couldn’t be created.

A screen shot of an error dialog box, showing an error message that states the user principal name is already in use.

Figure 6-5. An error occurs when a user’s principal name is already in use.

You can list all mail-enabled users by typing get-mailuser at the Exchange Management Shell prompt. Get-MailUser cmdlet syntax and usage provides the full syntax and usage for Get-MailUser.

Syntax
Get-MailUser [-Identity Identifier | -Anr Name] [-AccountPartition
PartitionId] [-Credential Credential] [-DomainController DCName]
[-Filter FilterString] [-IgnoreDefaultScope {$true | $false}]
[-Organization OrgName] [-OrganizationalUnit OUName]
 [-ReadFromDomainController {$true | $false}] [-ResultSize Size]
 [-SortBy Value]

Usage
Get-MailUser -Identity "aaronl" | fl
Get-MailUser -OrganizationalUnit "marketing" | fl

Note

By default, Get-MailUser lists the name and recipient type for matches. In the example, fl is an alias for Format-List and is used to get detailed information about matching entries.

You can create a new mail-enabled user account using the New-MailUser cmdlet. New-MailUser cmdlet syntax and usage shows the syntax and usage. When prompted, provide a secure password for the user account.

Note

The syntax and usage are entered on multiple lines for ease of reference. You must enter the command-line values for a cmdlet on a single line.

Syntax
New-MailUser -Name CommonName -ExternalEmailAddress EmailAddress
[-Password Password] [-UserPrincipalName LoginName] {AddtlParams1}
New-MailUser -Name CommonName -FederatedIdentity FederatedId
-WindowsLiveID WindowsLiveId [-EvictLiveId <$true | $false>]
[-ExternalEmailAddress EmailAddress] [-NetID NetID] {AddtlParams2}
New-MailUser -Name CommonName -FederatedIdentity FederatedId
-MicrosoftOnlineServicesID WindowsLiveId [-NetID NetID] {AddtlParams2}
New-MailUser -Name CommonName -ImportLiveId <$true | $false>
-WindowsLiveID WindowsLiveId [-ExternalEmailAddress EmailAddress]
[-UsageLocation CountryInfo] {AddtlParams2}
New-MailUser -Name CommonName [-MicrosoftOnlineServicesID WindowsLiveId]
{AddtlParams2}
New-MailUser -Name CommonName -MicrosoftOnlineServicesID WindowsLiveId
-Password Password [-ExternalEmailAddress EmailAddress] [-UsageLocation
CountryInfo] {AddtlParams2}
New-MailUser -Name CommonName -Password Password -WindowsLiveID
WindowsLiveId [-EvictLiveId <$true | $false>] [-ExternalEmailAddress
EmailAddress] [-UsageLocation CountryInfo] {AddtlParams2}
New-MailUser -Name CommonName -UseExistingLiveId <$true | $false>
-WindowsLiveID WindowsLiveId [-BypassLiveId <$true | $false>]
[-ExternalEmailAddress EmailAddress] [-NetID NetID]
[-UsageLocation CountryInfo] {AddtlParams2}
{AddtlParams1}
[-Alias ExchangeAlias] [-ArbitrationMailbox ModeratorMailbox]
[-DisplayName Name] [-DomainController FullyQualifiedName] [-FirstName
FirstName] [-Initials Initials] [-LastName LastName]
[-MacAttachmentFormat <BinHex | UuEncode | AppleSingle | AppleDouble>]
[-MessageBodyFormat <Text | Html | TextAndHtml>] [-MessageFormat <Text |
Mime>] [-ModeratedBy Moderators] [-ModerationEnabled <$true | $false>]
[-Organization OrgName] [-OrganizationalUnit OUName] [-PrimarySmtpAddress
}SmtpAddress] [-ResetPasswordOnNextLogon <$true | $false>]
}[-SamAccountName PreWin2000Name] [-SendModerationNotifications <Never |
Internal | Always>] [-UsageLocation CountryInfo] [-UsePreferMessageFormat
<$true | $false>]
{AddtlParams2}
[-Alias ExchangeAlias] [-ArbitrationMailbox ModeratorMailbox]
[-DisplayName Name] [-DomainController FullyQualifiedName] [-FirstName
FirstName] [-Initials Initials] [-LastName LastName] [-ModeratedBy
Moderators] [-ModerationEnabled <$true | $false>] [-Organization OrgName]
[-OrganizationalUnit OUName] [-PrimarySmtpAddress SmtpAddress]
[-RemotePowerShellEnabled <$true | $false>] [-ResetPasswordOnNextLogon
<$true | $false>] [-SamAccountName PreWin2000Name]
[-SendModerationNotifications <Never | Internal | Always>]

Usage
New-MailUser -Name "Frank Miller" -Alias "Frankm"
-OrganizationalUnit "cpandl.com/Technology"
-UserPrincipalName "[email protected]" -SamAccountName "Frankm"
-FirstName "Frank" -Initials "" -LastName "Miller"
-ResetPasswordOnNextLogon $false
-ExternalEmailAddress "SMTP:[email protected]"

Mail-enabling existing user accounts

When a user already has an account in Active Directory, you can mail-enable the account using Exchange Admin Center and Exchange Management Shell. In Exchange Admin Center for your on-premises organization, you can mail-enable an existing user account by completing the following steps:

Select Recipients in the feature pane and then select Contacts.
Tap or click New and then select Mail User. This opens the New Mail User dialog box.
In the Alias text box, type an alias for the mail-enabled user. This alias should uniquely identify the mail-enabled user in the Exchange organization. Alias names cannot contain spaces.
In the External Email Address text box, type the mail user’s external email address. By default, the address is configured as a standard SMTP email address. If you are working with on-premises Exchange, you can specify a custom address type by selecting the related option and then entering a prefix that identifies the custom type. Use X.400, GroupWise or Lotus Notes for X.400, GroupWise, and Lotus Notes address types respectively.
The Existing User option is selected by default, as shown in Figure 6-6. Tap or click Browse. This displays the Select User dialog box.
Figure 6-6. Configuring mail for an existing user.
In the Select User dialog box, select the user account you want to mail-enable and then tap or click OK. User accounts that are not yet mail-enabled or mailbox-enabled for the current domain are listed by name and organizational unit.
Tap or click Save. Exchange Admin Center mail-enables the user account you previously selected. If you’re working in a synced, hybrid organization, the mail-enabled user will be synced to Exchange Online as well. If an error occurs, the user account will not be mail-enabled. You will need to correct the problem and repeat this procedure. Tap or click Finish.

You can mail-enable an existing user account using the Enable-MailUser cmdlet. Enable-MailUser cmdlet syntax and usage shows the syntax and usage. For the identity parameter, you can use the user’s display name, logon name, or user principal name.

Syntax
Enable-MailUser -Identity Identity -ExternalEmailAddress EmailAddress
[-Alias ExchangeAlias] [-DisplayName Name] [-DomainController
FullyQualifiedName] [-MacAttachmentFormat <BinHex | UuEncode |
AppleSingle | AppleDouble>] [-MessageBodyFormat <Text | Html |
TextAndHtml>] [-MessageFormat <Text | Mime>] [-PrimarySmtpAddress
SmtpAddress] [-UsePreferMessageFormat <$true | $false>]

Usage
Enable-MailUser -Identity "cpandl.com/Marketing/Frank Miller"
-Alias "Frankm" -ExternalEmailAddress "SMTP:[email protected]"

Managing mail-enabled user accounts

You can manage mail-enabled users in several ways. If a user account should no longer be mail-enabled, you can disable mail forwarding. To disable mail forwarding in Exchange Admin Center for your on-premises organization, select Recipients in the feature pane and then select the Contacts tab. Next, select the user you want to disable. Click the More button (the button with three dots) and then select Disable. When prompted to confirm, select Yes. If you’re working in a synced, hybrid organization, this change will be synced to Exchange Online as well.

At the Exchange Management Shell prompt, you can disable mail forwarding using the Disable-MailUser cmdlet, as shown in Disable-MailUser cmdlet syntax and usage.

Syntax
Disable-MailUser -Identity Identity [-DomainController
FullyQualifiedName] [-IgnoreDefaultScope {$true | $false}]

Usage
Disable-MailUser -Identity "Frank Miller"

If you no longer need a mail-enabled user account, you can permanently remove it from Active Directory. To remove a mail-enabled user account in Exchange Admin Center for your on-premises organization, select the mail user and then select the Delete option. When prompted to confirm, tap or click Yes. If you’re working in a synced, hybrid organization, this change will be synced to Exchange Online as well.

At the Exchange Management Shell prompt, you can remove a mail-enabled user account by using the Remove-MailUser cmdlet, as shown in Remove-MailUser cmdlet syntax and usage.

Syntax
Remove-MailUser -Identity "Identity" [-DomainController DCName]
[-IgnoreDefaultScope {$true | $false}]
[-KeepWindowsLiveID {$true | $false}]

Usage
Remove-MailUser -Identity "Frank Miller"

Creating domain user accounts with mailboxes

You can create a new domain user account with a mailbox in several ways. If you are using a hybrid configuration and want the user created in Active Directory and the mailbox created in Exchange online, you can use the techniques discussed earlier under “Understanding on-premises and online recipient management.” Otherwise, you can create a new domain user account and a mailbox for that account using only your on-premises Exchange administration tools. To do this, complete the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Tap or click New and then select User Mailbox. This opens the New User Mailbox dialog box, shown in Figure 6-7.
Figure 6-7. Creating a new domain user account with a mailbox.
In the Alias text box, type an alias for the mailbox user. This alias should uniquely identify the user in the Exchange organization. Alias names cannot contain spaces.
Note
The alias and domain suffix are combined to create the email address for the user. For example, if the alias is tedc and the domain suffix is pocket-consultant.com, the email address is set as [email protected].
Select New User. Type the user’s first name, middle initial, and last name in the text boxes provided. These values are used to create the Display Name entry as well as the Active Directory name with on-premises Exchange.
The Display Name and Name properties can’t exceed 64 characters. As necessary, make changes to the Display Name, Name, or both text boxes. For example, you might want to type the name in LastName FirstName MiddleInitial format or in FirstName MiddleInitial LastName format.
Important
The difference between the Display Name and the Name properties is subtle but important. The Display Name property sets the name displayed in Exchange and Outlook. The Name property sets the display name in Active Directory and is the Common Name (CN) value associated with the user.
The user account is created in the default user container, which typically is the Users container. Because you’ll usually need to create new user accounts in a specific organizational unit rather than in the Users container, click Browse to the right of the Organizational Unit text box. In the Select An Organizational Unit dialog box, shown in Figure 6-8, choose the location to store the account and then click OK.
Figure 6-8. Selecting the organizational unit for the new user.
In the User Logon Name text box, type the user’s logon name. Use the drop-down list to select the domain with which you want to associate the account. This sets the fully qualified logon name, such as [email protected].
Type and then confirm the password for the account. This password must follow the conventions of your organization’s password policy. Typically, this means that the password must include at least eight characters and must use three of the four available character types: lowercase letters, uppercase letters, numbers, and symbols.
You can select the Require Password Change On Next Logon check box to ensure that the user changes the password at next logon.
Tap or click More Options. At this point, you do the following:
- Specify the mailbox database. Exchange uses the mailbox provisioning load balancer to select a database to use when you create a mailbox and do not specify the mailbox database to use. If you want to specify the database to use, tap or click Browse to the right of the Mailbox Database box. In the Select Mailbox Database dialog box, you’ll see a list of available mailbox databases listed by name, server, and Exchange version. Select the mailbox database to use and then select OK.
- Create an archive mailbox. If you want to create an archive mailbox for the user, select the related check box. Items in the user’s mailbox will be moved automatically to the archive mailbox based on the default retention policy. You also can chose a mailbox database for the archive. If you don’t chose a mailbox database for the archive, Exchange chooses one for you.
- Assign an address book policy. By default, a user has access to the full address book information in the organization. Using address book policies, you can create customized address books. To apply an available policy, select it from the drop-down list.
Tap or click Save. Exchange Admin Center creates the new mailbox user. If an error occurs, neither the user nor the mailbox will be created. You will need to tap or click OK, correct the problem, and then tap or click Save again.

Creating the user account and mailbox isn’t necessarily the final step. You might also want to do the following:

Add detailed contact information for the user, such as a business phone number and title
Add the user to security and distribution groups
Enable or disable mailbox features for the account
Modify the user’s default delivery options, storage limits, and restrictions on the account
Associate additional email addresses with the account

Note

For all mailbox-enabled accounts, an SMTP email address is configured automatically. You can also add more addresses of the same type. For example, if Brian Johnson is the company’s human resources administrator, he might have the primary SMTP address of [email protected] and an alternate SMTP address of [email protected].

You may also want to apply appropriate policies to the mailbox. Various types of policies control how users access their mailboxes and how mailbox data is stored. These policies include:

Address book policy. Controls access to the address book information in the organization and allows you to create custom views for various users. A default address book policy is not created when you install Exchange 2013. You can check to see if any address book policies have been created by entering get-addressbookpolicy in Exchange Management Shell.
Mobile device mailbox policy. Controls security settings for mobile devices. When you install Exchange Server, a default mobile device mailbox policy is created and applied automatically to all new mailboxes you create unless you specify a different policy to use. To view the settings for the default policy, enter get-mobiledevicemailboxpolicy –identity “Default” in Exchange Management Shell.
Retention policy. Specifies the delete and move-to-archive rules that are applied to items in mailboxes. Exchange Server 2013 uses retention policies and retention tags as part of the Messaging Records Management feature. When you install Exchange 2013 a default retention policy is created but is not applied to new mailboxes by default. Therefore, you must explicitly assign a retention policy. To view the settings for the default policy, enter get-retentionpolicy –identity “Default MRM Policy” | fl in Exchange Management Shell.
Role assignment policy. Controls management roles assigned to users. When you install Exchange Server, a default role assignment policy is created and applied automatically to all new mailboxes you create unless you specify a different policy to use. To view the settings for the default policy, enter get-roleassignmentpolicy –identity “Default Role Assignment Policy” in Exchange Management Shell.
Sharing policy. Controls how users can share calendar and contact information with users outside your organization. When you install Exchange Server, a default sharing policy is created and applied automatically to all new mailboxes you create unless you specify a different policy to use. To view the settings for the default policy, enter get-sharingpolicy –identity “Default Sharing Policy” in Exchange Management Shell.

In Exchange Management Shell, you can create a user account with a mailbox by using the New-Mailbox cmdlet. New-Mailbox cmdlet syntax and usage provides the syntax and usage. When you are prompted, enter a secure password for the new user account.

Syntax
New-Mailbox -Name Name -Password Password -UserPrincipalName
UserNameAndSuffix {AddtlParams} {CommonParams} {ModParams}
New-Mailbox -Name Name -Room <$true | $false> [-Office OfficeName]
[-Password Password] [-Phone PhoneNumber] [-ResourceCapacity Capacity]
[-UserPrincipalName UserNameAndSuffix] {CommonParams} {ModParams}
New-Mailbox -Name Name -Password Password -WindowsLiveID WindowsLiveId
[-EvictLiveId <$true | $false>] {AddtlParams} {CommonParams}
{ModParams}
New-Mailbox -Name Name -UseExistingLiveId <$true | $false> -WindowsLiveID
WindowsLiveId [-BypassLiveId <$true | $false>] [-NetID NetID]
{AddtlParams} {CommonParams} {ModParams}
New-Mailbox -Name Name -UserPrincipalName UserNameAndSuffix [-MailboxPlan
MailboxPlanId] {CommonParams} {ModParams}
New-Mailbox -Name Name -AccountDisabled <$true | $false> [-MailboxPlan
MailboxPlanId] [-Password Password] [-UsageLocation Location]
[-UserPrincipalName UserNameAndSuffix] {CommonParams} {ModParams}
New-Mailbox -Name Name -ImportLiveId <$true | $false> -WindowsLiveID
WindowsLiveId {AddtlParams} {CommonParams} {ModParams}
New-Mailbox -Name Name -RemovedMailbox RemovedMailboxId [-MailboxPlan
MailboxPlanId] [-Password Password] {CommonParams} {ModParams}
New-Mailbox -Name Name -FederatedIdentity FederatedId -WindowsLiveID
WindowsLiveId [-EvictLiveId <$true | $false>] [-NetID NetID]
{AddtlParams} {CommonParams}
New-Mailbox -Name Name -FederatedIdentity FederatedId
-MicrosoftOnlineServicesID WindowsLiveId [-NetID NetID]
{AddtlParams} {CommonParams}
New-Mailbox -Name Name -ArchiveDomain SmtpDomain -Password Password
-UserPrincipalName UserNameAndSuffix [-MailboxPlan MailboxPlanId]
[-RemoteArchive <$true | $false>] [-RemovedMailbox RemovedMailboxId]
{CommonParams} {ModParams}
New-Mailbox -Name Name -MicrosoftOnlineServicesID WindowsLiveId -Password
Password {AddtlParams} {CommonParams} {ModParams}
New-Mailbox -Name Name [-UserPrincipalName UserNameAndSuffix]
{CommonParams} {ModParams}
New-Mailbox -Name Name -LinkedDomainController DCName -LinkedMasterAccount
Identity [-LinkedCredential Credential] [-UserPrincipalName
UserNameAndSuffix] {CommonParams} {ModParams}
New-Mailbox -Name Name -Equipment <$true | $false> [-Password Password]
[-UserPrincipalName UserNameAndSuffix] {CommonParams} {ModParams}
New-Mailbox -Name Name -Shared <$true | $false> [-Password Password]
[-UserPrincipalName UserNameAndSuffix] {CommonParams} {ModParams}
New-Mailbox -Name Name [-Password Password] [-UserPrincipalName
UserNameAndSuffix] {CommonParams} {ModParams}
New-Mailbox -Name Name -Arbitration <$true | $false> -UserPrincipalName
UserNameAndSuffix [-Password Password] {CommonParams}
New-Mailbox -Name Name [-Password Password] [-UserPrincipalName
UserNameAndSuffix] {CommonParams} {ModParams}
New-Mailbox -Name Name -Discovery <$true | $false> [-Password Password]
[-UserPrincipalName UserNameAndSuffix] {CommonParams}
New-Mailbox -Name Name -EnableRoomMailboxAccount <$true | $false>
-Room <$true | $false> [-MicrosoftOnlineServicesID WindowsLiveId]
[-RoomMailboxPassword Password] [-UserPrincipalName UserNameAndSuffix]
{CommonParams}
New-Mailbox -Name Name -PublicFolder <$true | $false> [-HoldForMigration
<$true | $false>] [-IsExcludedFromServingHierarchy <$true | $false>]
{CommonParams}
{AddtlParams}
[-MailboxPlan PlanID] [-RemovedMailbox RemovedMailboxId]
[-UsageLocation Location]
{ModParams}
[-ArbitrationMailbox ModeratorMailbox] [-ModeratedBy Moderators]
[-ModerationEnabled <$true | $false>] [-SendModerationNotifications
<Never | Internal | Always>]
{CommonParams}
[-ActiveSyncMailboxPolicy MailboxPolicyId] [-AddressBookPolicy ABPolicyId]
[-Alias ExchangeAlias] [-Archive {$true | $false}] [-ArchiveDatabase
DatabaseId] [-Database DatabaseId] [-DisplayName Name]
[-DomainController DCName] [-ExternalDirectoryObjectID ObjectID]
[-FirstName FirstName] [-ImmutableId Id] [-Initials Initials] [-LastName
LastName] [-ManagedFolderMailboxPolicy MailboxPolicyId]
[-ManagedFolderMailboxPolicyAllowed {$true | $false}]
[-Organization OrgName] [-OrganizationalUnit OUName]
[-OverrideRecipientQuotas {$true | $false}] [-PrimarySmtpAddress
SmtpAddress] [-QueryBaseDNRestrictionEnabled <$true | $false>]
[-RemoteAccountPolicy PolicyId] [-RemotePowershellEnabled
<$true | $false>] [-ResetPasswordOnNextLogon <$true | $false>]
[-RetentionPolicy PolicyId] [-RoleAssignmentPolicy PolicyId]
[-SamAccountName PreWin2000Name] [-SharingPolicy PolicyId]
[-TargetAllMDBs <$true | $false>] [-ThrottlingPolicy PolicyId]

Usage
New-Mailbox -Name "Shane S. Kim" -Alias "shanek"
-OrganizationalUnit "cpandl.com/Engineering"
-Database "Engineering Primary"
-UserPrincipalName "[email protected]" -SamAccountName "shanek"
-FirstName "Shane" -Initials "S" -LastName "Kim"
-ResetPasswordOnNextLogon $true -Archive $true

Creating online user accounts with mailboxes

You can create user accounts with mailboxes in Exchange Online. These accounts are then available in the online organization.

To create an online user account, follow these steps:

From the dashboard in Office 365 Admin Center, select Add New Users. This starts the New User Wizard, shown in Figure 6-9.
Figure 6-9. Providing the name details for the new user.
Type the user’s first name and last name in the text boxes provided. These values are used to create the Display Name entry.
The Display Name and Name properties can’t exceed 64 characters. As necessary, make changes to the Display Name. For example, you might want to type the name in LastName FirstName format or in FirstName LastName format.
In the User Name text box, type the user’s logon name. Use the drop-down list to select the domain with which you want to associate the account. This sets the fully qualified logon name, such as [email protected] (which is referred to as the logon ID with Exchange Online).
Tap or click Next. On the Settings page, specify a user location, such as United States. Note that due to certain licensing restrictions some online features may not be available in certain locations.
Tap or click Next. On the Assign Licenses page, select a license to assign to the user.
Important
The available licenses will depend on the license types previously purchased for your organization. While you don’t have to assign a license when you create a user, users are assigned a mailbox only when you assign a license. Therefore, if you don’t assign a license, no mailbox is created for the user.
Tap or click Next. When you tap or click Create, Office 365 Admin Center creates the new online user. On the Results page, shown in Figure 6-10, note the full user name and temporary password assigned to the user and then tap or click Finish.
Figure 6-10. Confirming the account creation.

Creating the online user account and mailbox isn’t necessarily the final step. You might also want to do the following:

Add detailed contact information for the user, such as a business phone number and title
Add the user to security and distribution groups
Enable or disable mailbox features for the account
Modify the user’s default delivery options, storage limits, and restrictions on the account
Associate additional email addresses with the account

In Exchange Management Shell, you can create an online user account using the New-Mailbox cmdlet. Keep in mind that a mailbox is created only when you use the -MailboxPlan parameter to assign a mailbox plan to the new user.

Adding mailboxes to existing domain user accounts

You don’t have to create an Exchange mailbox when you create a user account. You can create a mailbox for a user account any time you determine the mailbox is needed.

You can add a mailbox to an existing domain user account in several ways. If you are using a hybrid configuration and want the mailbox created in Exchange Online, you can use the techniques discussed earlier under “Understanding on-premises and online recipient management.” Otherwise, you can add a mailbox to a domain user account using only your on-premises Exchange administration tools. To do this, complete the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Tap or click New and then select User Mailbox. This opens the New User Mailbox dialog box, shown in Figure 6-11.
Figure 6-11. Adding a mailbox to an existing domain user account.
In the Alias text box, type an alias for the mailbox user. This alias should uniquely identify the user in the Exchange organization. Alias names cannot contain spaces.
Note
The alias and domain suffix are combined to create the email address for the user. For example, if the alias is tedc and the domain suffix is pocket-consultant.com, the email address is set as [email protected].
The Existing User option is selected by default. Tap or click Browse. This displays the Select User dialog box.
In the Select User dialog box, shown in Figure 6-12, select the user account you want to mailbox-enable and then tap or click OK. User accounts that are not yet mail-enabled or mailbox-enabled for the current domain are listed by name and organizational unit.
Figure 6-12. Finding the user account you want to mailbox-enable.
Tap or click More Options. You can now:
- Specify the mailbox database. Exchange uses the mailbox provisioning load balancer to select a database to use when you create a mailbox and do not specify the mailbox database to use. If you want to specify the database to use, tap or click Browse to the right of the Mailbox Database box. In the Select Mailbox Database dialog box, you’ll see a list of available mailbox databases listed by name, server, and Exchange version. Select the mailbox database to use and then click OK.
- Create an archive mailbox. If you want to create an archive mailbox for the user, select the related check box. Items in the user’s mailbox will be moved automatically to the archive mailbox based on the default retention policy. You also can choose a mailbox database for the archive. If you don’t choose a mailbox database for the archive, Exchange chooses one for you.
- Assign an address book policy. By default, a user has access to the full address book information in the organization. Using address book policies, you can create customized address books. To apply an available policy, select it from the drop-down list.
Tap or click Save. Exchange Admin Center creates the mailbox for the selected user. If an error occurs, the mailbox will not be created. You will need to tap or click OK, correct the problem, and then tap or click Save again.

In Exchange Management Shell, you can add a mailbox to individual user accounts using the Enable-Mailbox cmdlet. Enable-Mailbox cmdlet syntax and usage provides the syntax and usage. If you want to create mailboxes for multiple accounts, you need to enter a separate command for each account.

Syntax
Enable-Mailbox [-AccountDisabled <$true | $false>] [-MailboxPlan
MailboxPlanId] [-UsageLocation Location] {AddtlParams} {CommonParams}
Enable-Mailbox -LinkedDomainController DCName -LinkedMasterAccount Identity
[-Database DatabaseId] [-LinkedCredential Credential]
[-TargetAllMDBs <$true | $false>] {CommonParams}
Enable-Mailbox -Discovery <$true | $false> [-Database DatabaseId]
[-TargetAllMDBs <$true | $false>] {CommonParams}
Enable-Mailbox [-AccountDisabled <$true | $false>] [-MailboxPlan
MailboxPlanId] [-UsageLocation Location] {AddtlParams} {CommonParams}
Enable-Mailbox -Equipment <$true | $false> [-AccountDisabled <$true |
$false>] {AddtlParams} {CommonParams}
Enable-Mailbox -Room <$true | $false> [-AccountDisabled <$true | $false>]
{AddtlParams} {CommonParams}
Enable-Mailbox -PublicFolder <$true | $false> [-Database DatabaseId]
[-HoldForMigration <$true | $false>] {CommonParams}
Enable-Mailbox -Arbitration <$true | $false> [-Database DatabaseId]
[-TargetAllMDBs <$true | $false>] {CommonParams}
Enable-Mailbox -Shared <$true | $false> [-AccountDisabled <$true | $false>]
{AddtlParams} {CommonParams}
Enable-Mailbox [-Archive <$true | $false>] [-ArchiveDatabase DatabaseId]
[-ArchiveGuid <Guid>] [-ArchiveName <MultiValuedProperty>]
[-BypassModerationCheck <$true | $false>] {CommonParams}
Enable-Mailbox -ArchiveDomain SmtpDomain [-RemoteArchive <$true |
$false>] {CommonParams}
{AddtlParams}
[-BypassModerationCheck <$true | $false>] [-Database DatabaseId]
[-TargetAllMDBs <$true | $false>]
{CommonParams}
[-ActiveSyncMailboxPolicy MailboxPolicyId] [-Alias ExchangeAlias]
[-DisplayName Name] [-DomainController FullyQualifiedName]
[-ManagedFolderMailboxPolicy MailboxPolicyId]
[-ManagedFolderMailboxPolicyAllowed {$true | $false}]
[-OverrideRecipientQuotas {$true | $false}]
[-PrimarySmtpAddress SmtpAddress]
[-RetentionPolicy PolicyId] [-RoleAssignmentPolicy PolicyId]

Usage
Enable-Mailbox -Identity "cpandl.com/Engineering/Oliver Lee"
-Alias "Oliverl" -Database "Engineering Primary"

Setting or changing the common name and logon name for domain user accounts

All domain user accounts have a common name stored in Active Directory and a logon name used for logging on to the domain. These names can be different from the mailbox display name and mailbox alias used by Exchange Server.

You can set this information for a domain user account by completing the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Double-tap or double-click the mailbox entry for the user with which you want to work. This opens a properties dialog box for the user.
On the General page, shown in Figure 6-13, use the following text boxes to set the user’s common name and logon name:
Figure 6-13. Changing the user’s naming information for Active Directory.
- First Name, Initials, Last Name. Sets the user’s full name.
- Name. Sets the user’s display name as seen in logon sessions and in Active Directory.
- User Logon Name. Sets the user’s logon name.
Tap or click Save to apply your changes.

Setting or changing contact information for user accounts

You can set contact information for a user account by completing the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Double-tap or double-click the mailbox entry for the user with which you want to work.
On the Contact Information page, use the text boxes provided to set the user’s business address or home address. Normally, you’ll want to enter the user’s business address. This way, you can track the business locations and mailing addresses of users at various offices.
Note
You need to consider privacy issues before entering private information, such as home addresses and home phone numbers, for users. Discuss the matter with the appropriate groups in your organization, such as the human resources and legal departments. You might also want to get user consent before releasing home addresses.
Use the Work Phone, Mobile Phone, and Fax text boxes to set the user’s primary business telephone, mobile phone, and fax numbers.
Tap or click More Options. Use the Office text box to set the user’s office and the Web Page text box to set the URL of the user’s home page, which can be on the Internet or the company intranet.
On the Organization page, as appropriate, type the user’s title, department, and company.
To specify the user’s manager, tap or click Browse. In the Manager dialog box, select the user’s manager and then tap or click OK. When you specify a manager, the user shows up as a direct report in the manager’s account. Tap or click Save to apply the changes.

Changing logon ID or logon domain for online users

For Exchange Online, the fully-qualified logon ID is the user’s name followed by the @ symbol and the user’s logon domain. You can modify this information for an online user account by completing the following steps:

In the dashboard for Office 365 Admin Center, select Users And Groups in the feature pane and then select Active Users.
Double-tap or double-click the mailbox entry for the user with which you want to work. This opens a properties dialog box for the user.
On the Details page, use the User Name text boxes to set the user’s logon name and domain.
Tap or click Save to apply your changes.

Changing a user’s Exchange Server alias and display name

Each mailbox has an Exchange alias and display name associated with it. The Exchange alias is used with address lists as an alternative way of specifying the user in the To, Cc, or Bcc text boxes of an email message. The alias also sets the primary SMTP address associated with the account.

Tip

Whenever you change the Exchange alias in an on-premises organization, a new email address is generated and set as the default address for SMTP. The previous email addresses for the account aren’t deleted. Instead, these remain as alternatives to the defaults. To learn how to change or delete these additional email addresses, see “Adding, changing, and removing email and other addresses” later in this chapter.

With Exchange Online, changing a user’s Exchange alias doesn’t normally change the primary SMTP address for the user.

To change the Exchange alias and mailbox name on a user account, complete the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Double-tap or double-click the mailbox entry for the user with which you want to work.
On the General page, the Display Name text box sets the mailbox name. Change this text box if you’d like the mailbox to have a different display name.
The Alias text box sets the Exchange alias. If you’d like to assign a new alias, enter the new Exchange alias in this text box.
Tap or click Save.

Note

Often, the user logon name and the Exchange alias are set to the same value. If you’ve implemented this practice in your organization, you may also want to modify the user logon name. However, this is not a best practice when security is a concern.

Adding, changing, and removing email and other addresses

When you create a mailbox-enabled user account, default email addresses are created. Any time you update the user’s Exchange alias in an on-premises Exchange organization, a new default email address is created. However, the old addresses aren’t deleted. They remain as alternative email addresses for the account.

With Exchange Online, changing a user’s Exchange alias doesn’t normally change the email address for the user. You can, however, modify the primary SMTP address or add additional SMTP addresses.

Exchange also allows you to create non-SMTP addresses for users:

Exchange Unified Messaging (EUM) addresses used by the Unified Messaging service to locate UM-enabled users within the Exchange organization
Custom addresses for legacy Exchange (Ex) as well as these non-Exchange mail organizations: X.400, X.500, MSMail, CcMail, Lotus Notes, and Novell GroupWise

To add, change, or remove an email or other address, follow these steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Double-tap or double-click the mailbox entry for the user with which you want to work.
On the Email Address page, shown in Figure 6-14, you can use the following techniques to manage the user’s email addresses:
Figure 6-14. Configuring the email addresses for the user account.
- Create a new SMTP address. Tap or click Add. Because the address type SMTP is selected by default, enter the SMTP email address, and then tap or click OK to save your changes.
- Create a new EUM address. Tap or click Add, and then select the EUM option. Enter the custom address or extension. Next, tap or click Browse and then select a dial plan. Tap or click OK to save your changes.
- Create a custom address. Tap or click Add, and then select the Custom Address Type option. Enter the custom address type in the text box provided. Valid types include: X.400, X.500, EUM, MSMail, CcMail, Lotus Notes, and NovellGroupWise. Next, enter the custom address. This address must comply with the format requirements for the address type. Tap or click OK to save your changes.
  Tip
  Use SMTP as the address type for standard Internet email addresses. For custom address types, such as X.400, you must enter the address in the proper format.
- Edit an existing address. Double-tap or double-click the address entry, or select the entry and then select Edit on the toolbar. Modify the settings in the Address dialog box, and then tap or click OK.
- Delete an existing address. Select the address, and then tap or click Remove.

Note

You can’t delete the primary SMTP address without first promoting another email address to the primary position. Exchange Server uses the primary SMTP address to send and receive messages.

Setting a default reply address for a user account

Each email address type has one default reply address. This email address sets the value of the Reply To text box. To change the default reply address, follow these steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Double-tap or double-click the mailbox entry for the user with which you want to work.
On the Email Address page, current default email addresses are highlighted with bold text. Email addresses that aren’t highlighted are used only as alternative addresses for delivering messages to the current mailbox.
To change the current default settings, select an email address that isn’t highlighted and then tap or click Edit.
In the Email Address dialog box, select the Make This The Reply Address checkbox. Tap or click OK to save the changes.

Changing a user’s web, wireless service, and protocol options

When you create user accounts with mailboxes, global settings determine the web, wireless services, and protocols that are available. You can change these settings for individual users at any time by completing the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Double-tap or double-click the mailbox entry for the user with which you want to work.
Tap or click the Mailbox Features tab. As shown in Figure 6-15, configure the following web, wireless services, and protocols for the user:
Figure 6-15. Changing wireless service and protocol options for users in the Properties dialog box for each user.
- Exchange ActiveSync. Allows the user to synchronize the mailbox and to browse wireless devices. Properties allow you to specify an Exchange ActiveSync policy. When you enable Exchange ActiveSync, the account uses the default mobile device mailbox policy. To set an alternative policy, tap or click the related View Details option.
- Outlook Web App. Permits the user to access the mailbox with a web browser. Properties allow you to specify an Outlook Web App mailbox policy.
- Unified Messaging. Allows the user to access unified messaging features, such as the voice browser. In a standard configuration of Exchange 2013, all new mailbox users have unified messaging enabled. However, a default UM Mailbox policy is required to fully activate the feature. If one hasn’t been assigned, tap or click Enable to display a dialog box where you can specify the required policy.
- MAPI. Permits the user to access the mailbox with a Messaging Application Programming Interface (MAPI) email client.
- POP3. Permits the user to access the mailbox with a Post Office Protocol version 3 (POP3) email client.
- IMAP4 Permits the user to access the mailbox with an Internet Message Access Protocol version 4 (IMAP4) email client.
- Litigation Hold. Indicates whether a mailbox is subject to litigation hold where users can delete mail items but the items are retained by Exchange. Properties allow you to provide a note to users about litigation hold and the URL of a webpage where they can learn more.
- Archive. Indicates whether an in-place archive mailbox has been created for the user. When you enable an in-place archive, you can specify the mailbox database to use. Properties allow you to specify the name of the folder in the user’s mailbox that contains the archive. You also can set an archive quota limit and warning value.
Select an option and then tap or click Enable or Disable, as appropriate, to change the status. If an option has required properties, you’ll be prompted to configure these properties when you enable the option. If an option has additional configurable properties, tap or click the related View Details option to configure them.
Tap or click Save to close the Properties dialog box.

Requiring domain user accounts to change passwords

Group Policy settings typically require users to periodically change their passwords. Sometimes, you might have to ensure that a user changes her password the next time she logs on. For example, if you have to reset a password and give it to the user over the phone, you might want the user to change the password the next time she logs on.

To set a user account to require the password be changed on next logon complete the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Double-tap or double-click the mailbox entry for the user with which you want to work.
On the General page, select the Require Password Change On Next Logon check box. Tap or click OK.

You can use the Set-User cmdlet to perform the same task, following the syntax shown in Requiring a user password change.

Syntax
Set-User -Identity UserIdentity
-ResetPasswordOnNextLogon <$false|$true>

Usage
Set-User -Identity "Oliver Lee" -ResetPasswordOnNextLogon $true

Deleting mailboxes from user accounts

When you disable a mailbox for a domain user account using the Exchange management tools, you permanently remove all Exchange attributes from the user object in Active Directory and mark the primary mailbox for deletion. Exchange Server then deletes the mailbox according to the retention period you set on the account or on the mailbox database. Because you only removed the user account’s Exchange attributes, the user account still exists in Active Directory.

In Exchange Admin Center, you can delete a mailbox from a domain user account and delete all related Exchange attributes by completing the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Select the mailbox entry for the user with which you want to work.
Select the More button (the button with three dots) and then select Disable.
When prompted to confirm this action, select Yes. The mailbox is then in the disconnected state and will be removed when the retention period expires. If the account was subject to litigation hold, mail items subject to litigation hold are preserved as recoverable items until the litigation hold period expires.

If you remove the Exchange Online license for an online user account, the user’s account is marked as an unlicensed account. Exchange Online deletes mailboxes from unlicensed accounts automatically after the grace period expires. By default, this grace period is 30 days. As with on-premises Exchange, retention hold, archiving and litigation hold settings determine whether some or any mailbox data is held.

You can remove a license from an online user account by completing the following steps:

In the dashboard for Office 365 Admin Center, select Users And Groups.
Select the user whose license you want to remove and then tap or click Edit.
On the Assign Licenses page, uncheck the box for the license that you want to remove.
When prompted to confirm this action, select Yes. The license that was previously assigned to this user will become available to be assigned to another user.

You can use the Disable-Mailbox cmdlet to delete mailboxes while retaining the user accounts as well. Disable-Mailbox cmdlet syntax and usage shows the syntax and usage.

Syntax
Disable-Mailbox -Identity Identifier [-DomainController DCName]

Usage
Disable-Mailbox -Identity "Oliver Lee"

Deleting user accounts and their mailboxes

When you delete a domain user account and its mailbox using the Exchange management tools, you permanently remove the account from Active Directory and mark the primary mailbox for deletion. Exchange Server then deletes the mailbox according to the retention period you set on the account or on the mailbox database. Further, if the account was subject to litigation hold, mail items subject to litigation hold are preserved as recoverable items until the litigation hold period expires.

After you delete an account, you can’t create an account with the same name and have the account automatically retain the same permissions as the original account. This is because the SID for the new account won’t match the SID for the old account. However, that doesn’t mean that after you delete an account, you can never again create an account with that same name. For example, a person might leave the company only to return a short while later. You can create an account using the same naming convention as before, but you’ll have to redefine the permissions for that account.

Because deleting built-in accounts could have far-reaching effects on the domain, Windows doesn’t let you delete built-in user accounts. In Exchange Admin Center, you can remove other types of accounts and the mailboxes associated with those accounts by following these steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Select the user that you want to delete and then click Delete.
When prompted to confirm this action, select Yes.

Note

Because Exchange security is based on domain authentication, you can’t have a mailbox without an account. If you still need the mailbox for an account you want to delete, you can disable the account using Active Directory Users And Computers. Disabling the account in Active Directory prevents the user from logging on, but you can still access the mailbox if you need to. To disable an account, press and hold or right-click the account in Active Directory Users And Computers and then select Disable Account. If you don’t have permissions to use Active Directory Users And Computers, ask a domain administrator to disable the account for you.

Important

If your organization synchronizes user accounts to Exchange Online from your on-premises Active Directory environment, you must delete and restore synced user accounts using the on-premises tools. You can’t delete or restore them in the online organization.

If you delete the corresponding Office 365 user account for a mailbox, the online user’s mailbox is marked for deletion and the account is marked as a deleted account.

Deleted online users aren’t removed immediately. Instead, the accounts are inactivated and marked for deletion. By default, the retention period is 30 days. When the retention period expires, a user and all related data is permanently deleted and is not recoverable. As with on-premises Exchange, retention hold, archiving, and litigation hold settings determine whether some or any mailbox data is held.

You can delete an online user account by completing the following steps:

In the dashboard for Office 365 Admin Center, select Users And Groups.
Select the user whose license you want to remove and then tap or click Delete.
When prompted to confirm this action, select Yes. The license that was previously assigned to this user will become available to be assigned to another user.

You can use the Remove-Mailbox cmdlet to delete user accounts as well. Remove-Mailbox cmdlet syntax and usage shows the syntax. By default, the -Permanent flag is set to $false and mailboxes are retained in a disconnected state according to the mailbox retention policy. If you set the -Permanent flag to $true, the mailbox is removed from Exchange.

Syntax
Remove-Mailbox -Identity UserIdentity {AddtlParams}
Remove-Mailbox -Database DatabaseId -StoreMailboxIdentity StoreMailboxId
{AddtlParams}
{AddtlParams}
[-Arbitration <$false|$true>] [-DomainController DCName]
[-IgnoreDefaultScope {$true | $false}] [-KeepWindowsLiveID {$true |
$false}] [-Permanent <$false|$true>]
[-RemoveLastArbitrationMailboxAllowed {$true | $false}]

Usage
Remove-Mailbox -Identity "Oliver Lee"
Remove-Mailbox -Identity "Oliver Lee" -Permanent $true

Managing contacts

Contacts represent people with whom you or others in your organization want to get in touch. Contacts can have directory information associated with them, but they don’t have network logon privileges.

The only difference between a standard contact and a mail-enabled contact is the presence of email addresses. A mail-enabled contact has one or more email addresses associated with it; a standard contact doesn’t. When a contact has an email address, you can list the contact in the global address list or other address lists. This allows users to send messages to the contact.

In Exchange Admin Center, mail-enabled contacts and mail-enabled users are both listed in the Mail Contact node. Mail-enabled contacts are listed with the recipient type Mail Contact, and mail-enabled users are listed with the recipient type Mail User.

Creating mail-enabled contacts

You can create and mail-enable a new contact by completing the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Contacts.
Tap or click New and then select Mail Contact. This opens the New Mail Contact dialog box. Figure 6-16 shows on-premises Exchange options on the left and Exchange Online options on the right.
Figure 6-16. Creating a new mail contact for the Exchange organization
Type the contact’s first name, middle initial, and last name in the text boxes provided. These values are used to automatically create the following entries:
- Name. The common name is displayed in Active Directory (and only applies with on-premises Exchange).
- Display Name. The Display Name is displayed in the global address list and other address lists created for the organization. It is also used when addressing email messages to the contact.
Enter the Exchange alias for the contact. Aliases provide an alternative way of addressing users and contacts in To, Cc, and Bcc text boxes of email messages.
In the External Email Address text box, enter the address to associate with the contact. With on-premises Exchange, you can use both SMTP and non-SMTP addresses. With online Exchange, only standard SMTP addresses are accepted.
Note
For non-SMTP addresses, the dialog box requires that you use a prefix that identifies the address type and that the address format comply to the rules for that type. Use the prefix X400: for X.400 addresses, the prefix X500: for X.500 addresses, the prefix MSMAIL: for MSMail addresses, the prefix CCMAIL: for CcMail addresses, the prefix LOTUSNOTES: for Lotus Notes, and the prefix NOVELLGROUPWISE: for NovellGroupWise.
The Organizational Unit text box shows where in Active Directory the contact will be created. By default, this is the Users container in the current domain. Because you’ll usually need to create new contacts in a specific organizational unit rather than in the Users container, tap or click Browse. Use the Select An Organizational Unit dialog box to choose the location in which to store the contact, and then tap or click OK.
Tap or click Save. Exchange Admin Center creates the new contact and mail-enables it. If an error occurs, the contact will not be created. You will need to correct the problem and repeat this procedure.

In Exchange Management Shell, you can create a new mail-enabled contact using the New-MailContact cmdlet. New-MailContact cmdlet syntax and usage provides the syntax and usage.

Syntax
New-MailContact -Name Name -ExternalEmailAddress TYPE:EmailAddress
[-ArbitrationMailbox ModeratorMailbox] [-Alias ExchangeAlias]
[-DisplayName Name] [-DomainController DCName] [-FirstName FirstName]
[-Initials Initials] [-LastName LastName] [-MacAttachmentFormat <BinHex |
UuEncode | AppleSingle | AppleDouble>] [-MessageBodyFormat <Text | Html |
TextAndHtml>] [-MessageFormat <Text | Mime>] [-ModeratedBy Moderators]
[-ModerationEnabled <$true | $false>] [-Organization OrgName]
[-OrganizationalUnit OUName] [-PrimarySmtpAddress
SmtpAddress] [-SendModerationNotifications <Never | Internal | Always>]
[-UsePreferMessageFormat <$true | $false>]

Usage
New-MailContact -ExternalEmailAddress "SMTP:[email protected]"
 -Name "Wendy Wheeler" -Alias "WendyWheeler"
 -OrganizationalUnit "cpandl.com/Corporate Services"
 -FirstName "Wendy" -Initials "" -LastName "Wheeler"

In Exchange Management Shell, you can mail-enable an existing contact using the Enable-MailContact cmdlet. Enable-MailContact cmdlet syntax and usage provides the syntax and usage.

Syntax
Enable-MailContact -Identity ContactId -ExternalEmailAddress EmailAddress
[-Alias ExchangeAlias] [-DisplayName Name] [-DomainController
FullyQualifiedName] [-MacAttachmentFormat <BinHex | UuEncode |
AppleSingle | AppleDouble>] [-MessageBodyFormat <Text | Html |
TextAndHtml>] [-MessageFormat <Text | Mime>] [-PrimarySmtpAddress
SmtpAddress] [-UsePreferMessageFormat <$true | $false>]

Usage
Enable-MailContact -Identity "cpand.com/Sales/John Smith"
 -ExternalEmailAddress "SMTP:[email protected]"
 -Alias "JohnSmith" -DisplayName "John Smith"

Setting or changing a contact’s name and alias

Mail-enabled contacts can have the following name components:

First Name, Initials, Last Name. The first name, initials, and last name of the contact
Common Name. The name used in Active Directory for on-premises contacts
Display Name. The name displayed in the global address list
Alias. The Exchange alias for the contact

You can set or change name and alias information for a mail-enabled contact or user by completing the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Contacts.
Double-tap or double-click the name of the mail-enabled contact or user you want to work with. The Properties dialog box appears.
On the General tab, use the textboxes provided to update the first name, middle initial, and last name as necessary. Changes you make will update the display name but not the common name. Therefore, as necessary, use the Name text box to update the common name.
With mail-enabled contacts, the Alias text box sets the Exchange alias. If you’d like to assign a new alias, enter the new Exchange alias in this text box.
With mail-enabled users, the User Logon Name text box sets the name used to log on to the domain and also sets the domain suffix.
Tap or click Save to apply your changes.

Setting additional directory information for contacts

You can set additional directory information for a mail-enabled contact or user by completing the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Contacts.
Double-tap or double-click the name of the mail-enabled contact or user you want to work with. The Properties dialog box appears.
On the Contact Information page, use the text boxes provided to set the contact’s business address or home address. Normally, you’ll want to enter the contact’s business address. This way, you can track the business locations and mailing addresses of contacts at various offices.
Note
You need to consider privacy issues before entering private information, such as home addresses and home phone numbers, for users. Discuss the matter with the appropriate groups in your organization, such as the human resources and legal departments. You might also want to get user consent before releasing home addresses.
Use the Work Phone, Mobile Phone, and Fax text boxes to set the contact or user’s primary business telephone, mobile phone, and fax numbers.
Use the Office text box to set the user’s Office and the Notes text box to add any important notes about the contact.
On the Organization page, as appropriate, type the contact or user’s title, department, and company.
To specify the contact or user’s manager, tap or click Browse. In the Manager dialog box, select the manager and then tap or click OK. When you specify a manager, the contact or user shows up as a direct report in the manager’s account. Tap or click Save to apply the changes.

Changing email addresses associated with contacts

Mail-enabled contacts and users have several types of email addresses associated with them:

An internal, automatically generated email address used for routing within the organization
An external email address to which mail routed internally is forwarded for delivery

With mail-enabled contacts, you can only use SMTP email addresses. You can change the SMTP email addresses associated with a mail-enabled contact by completing the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Contacts.
Double-tap or double-click the name of the mail-enabled contact you want to work with. The Properties dialog box appears.
On the General page, the external SMTP email address of the mail-enabled contact is listed. This is the primary SMTP email address for the mail-enabled contact. As necessary, enter a new email address.
Note
The primary email address is listed with the prefix SMTP. When you enter a new email address, you aren’t required to enter this prefix. Thus, you could enter SMTP:[email protected] or [email protected].
On the Email Addresses page, the primary SMTP email address is listed along with the internal email address. You can use the following techniques to manage the internal addresses:
- Create an alternative internal address. Tap or click Add. Specify the internal email address to use by entering the Exchange alias and then selecting the domain for this internal address. Tap or click OK.
- Edit an existing address. Double-tap or double-click the address entry, or tap or click Edit on the toolbar. Modify the address settings as necessary, and then tap or click OK.
- Delete an existing address. Select the address, and then tap or click Remove.
Tap or click Save to apply your changes.

With mail-enabled users, you can use SMTP and non-SMTP email addresses. You can change the email addresses associated with a mail-enabled user by completing the following steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Contacts.
Double-tap or double-click the name of the mail-enabled user you want to work with. The Properties dialog box appears.
On the Email Addresses page, you can use the following techniques to manage the mail-enabled user’s email addresses:
- Create a new SMTP address. Tap or click Add. Because the address type SMTP is selected by default, enter the SMTP email address, and then tap or click OK to save your changes.
- Create a custom address. Tap or click Add, and then select the Custom Address Type option. Enter the custom address type in the text box provided. Valid types include: X.400, X.500, EUM, MSMail, CcMail, Lotus Notes, and NovellGroupWise. Next, enter the custom address. This address must comply with the format requirements for the address type. Tap or click OK to save your changes.
- Edit an existing address. Double-tap or double-click the address entry, or select the entry and then select Edit on the toolbar. Modify the settings in the Address dialog box, and then tap or click OK.
- Delete an existing address. Select the address, and then tap or click Remove.
Note
You can’t delete the primary SMTP address without first promoting another email address to the primary position. Exchange Server uses the primary SMTP address to send and receive messages.
The external email address of the mail-enabled user is also listed on the Email Addresses page. This is the primary email address for the mail user or contact. As necessary, select an alternative email address to be the primary.
Tap or click Save to apply your changes.

Disabling contacts and removing Exchange attributes

With on-premises Exchange, you have two options for mail-enabled users and contacts that are no longer needed. You can disable the mail-enabled user or contact, or you can delete the mail-enabled user or contact. With Exchange Online, your only option is to delete the mail-enabled user or contact.

When you disable a contact using the on-premises Exchange management tools, you permanently remove the contact from the Exchange database, but you do not remove it from Active Directory.

In Exchange Admin Center, you can disable mail-enabled contacts by following these steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Contacts.
Select the contact that you want to disable.
Click the More button (the button with three dots) and then select Disable.
When prompted to confirm this action, select Yes.

You can use the Disable-MailContact cmdlet to remove Exchange attributes from contacts while retaining the contact in Active Directory. Disable-MailContact cmdlet syntax and usage shows the syntax and usage.

Syntax
Disable-MailContact -Identity ContactIdentity

Usage
Disable-MailContact -Identity "David So"

Later, if you want to re-enable the contact, you can do this using the Enable-MailContact cmdlet.

Deleting contacts

When you delete a mail-enabled user or contact from Exchange Online, the mail-enabled user or contact is permanently removed from Exchange Online. When you delete a contact using the on-premises Exchange management tools, you permanently remove it from Active Directory and from the Exchange database. In Exchange Admin Center, you can delete contacts by following these steps:

In Exchange Admin Center, select Recipients in the feature pane and then select Contacts.
Select the contact that you want to delete and then click Delete.
When prompted to confirm this action, select Yes.

You can use the Remove-MailContact cmdlet to delete contacts as well. Remove-MailContact cmdlet syntax and usage shows the syntax and usage.

Syntax
Remove-MailContact -Identity ContactIdentity

Usage
Remove-MailContact -Identity "Henrik Larsen"

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for 6. User and contact administration

Create new playlist

Sign In

Sign Up

Chapter 6. User and contact administration

Understanding users and contacts

Understanding the basics of email routing

Important

Understanding on-premises and online recipient management

Note

Managing user accounts and mail features

Note

Finding existing mailboxes, contacts, and groups

Finding synced, unlicensed, inactive, and blocked users

Creating mailbox-enabled and mail-enabled user accounts

Understanding logon names and passwords

Creating mail-enabled user accounts

Note

Important

Note

Note

Mail-enabling existing user accounts

Managing mail-enabled user accounts

Creating domain user accounts with mailboxes

Note

Important

Note

Creating online user accounts with mailboxes

Important

Adding mailboxes to existing domain user accounts

Note

Setting or changing the common name and logon name for domain user accounts

Setting or changing contact information for user accounts

Note

Changing logon ID or logon domain for online users

Changing a user’s Exchange Server alias and display name

Tip

Note

Adding, changing, and removing email and other addresses

Tip

Note

Setting a default reply address for a user account

Changing a user’s web, wireless service, and protocol options

Requiring domain user accounts to change passwords

Deleting mailboxes from user accounts

Deleting user accounts and their mailboxes

Note

Important

Managing contacts

Creating mail-enabled contacts

Note

Setting or changing a contact’s name and alias

Setting additional directory information for contacts

Note

Changing email addresses associated with contacts

Note

Note

Disabling contacts and removing Exchange attributes

Deleting contacts

Table of Contents for
6. User and contact administration