Exchange · Office 365

Support On-Premises Users Accessing Office 365 Site Mailboxes

Time after time, Microsoft decided to change their company presentation to “mobile first – cloud first”. There are currently many Office 365 features, which are reserved for cloud-only users, such as Delve (Office Graph), Groups, Sway, Yammer, etc. and there are no plans to make them for on-premise customers available. This depends, among other things, on the complex configuration and the customer needs; not all on-premise users will have Exchange, SharePoint, and Lync installed.

In this topic, I will discuss the possibility to connect an Exchange Hybrid deployment with Office 365 to use site mailboxes.

Site mailboxes are used to gather relevant team or project email conversations or collaborate together; either with communication and collaboration. This means, you will be able to send email messages to that site mailbox and share documents. Everyone who has Contribute permissions to your site will be able to open the site mailbox and view the messages and shared documents.

In this article, I will not further discuss about the features of site mailboxes or the architectural design. If you would be interested to learn more about site mailboxes, I prefer the following blog article from Alfons Staerk and Andrew Friedman: http://blogs.technet.com/b/exchange/archive/2012/08/22/site-mailboxes-in-the-new-office.aspx (Site Mailboxes in the new Office).

My main goal is to show you how to connect your Exchange 2013 Hybrid deployment with an Office 365 site mailbox in SharePoint Online.

As far as you know, SharePoint and Exchange servers for a site mailbox have to be on the same premise (users can be on cross-premise). With one difference: Microsoft published a long time ago (2013/9/4) the “Microsoft Exchange 2013 Site Mailbox Directory Sync Support Scripts”. This enables synchronizing site mailbox objects from Office 365 cloud into on-premise Active Directory to support access for on-premise users.

Note: This is a temporally solution to enable on-premise users access site mailbox created in Office 365. When DirSync with user object creation feature enabled in future release, this script will be abandoned.

Before we start, let’s take a look at my testlab:

lab environment

I installed a Domain Controller “DC01”, AD FS and DirSync on “SRV01”, and an Exchange Hybrid server “EX01”.

Note: this configuration is only for lab environments and not suitable for production!

Download the “Microsoft Exchange 2013 Site Mailbox Directory Sync Support Scripts” here: http://www.microsoft.com/en-us/download/details.aspx?id=38406

The following scripts will be used:

  • SyncSiteMailbox.ps1: Running the script daily as part of a scheduled task to ensure seamless experience with site mailboxes when they are created in Office 365.
  • Export-SyncSiteMailbox.ps1: This script will export sync site mailboxes in cached file into local on-premises Active Directory. It will use Exchange local PowerShell to commit the changes.
  • Import-SyncSiteMailbox.ps1: This script is used to support hybrid scenario that site mailbox is created in Office 365 directly. It pulls delta changes from Office 365 and merge into a local cache file in the working folder.
  • SyncSiteMailboxLibrary.ps1: This script provides methods for import and export sync site mailbox script.

Prerequisites:

  • An Exchange 2013 server on-premises
  • An account with read-write permission to on-premises Active Directory
  • Microsoft Azure Active Directory Module for Windows PowerShell
  • An account with organization and recipient read-only permissions to Exchange Online and read-only permissions to Microsoft Online Service

1.      Create a site mailbox in Office 365

Login into your Office 365 Tenant and on the home screen, click the “Sites” tile:

dashboard

On the “Sites” screen, click on the “Team Site” tile:

Next, click on “Keep email in context” tile:

The next and last step is to create the site mailbox (fully automatically):

The site mailbox is created and you can access it via the Site menu directly:

Note: it can take up to 30 minutes if the site mailbox is available. To give a new user access to the site mailbox, share the site with that user. Security groups won’t be added to the site mailbox.

In this lab, I created a site mailbox “exchange-lab” with the automatically assigned email address SMO-exchange-lab@exchange-lab.de.

2.      Prepare the Exchange Hybrid environment

Prepare the Exchange Hybrid environment for accessing site mailboxes for Office 365 and on-premise user mailboxes.

First, let’s check which user can access the site mailbox in Office 365:

Andreas (Office 365 user mailbox) can successfully access the site mailbox:

Dennis (on-prem user mailbox):

As you can see, Dennis and his on-prem user mailbox locally on Exchange 2013 Hybrid can’t see or access the Office 365 Site Mailbox.

To make site mailboxes, which were created in Office 365, available to on-premise users, follow these steps on your local Hybrid Exchange 2013 server:

  1. Create a folder on your on-premise Hybrid Exchange 2013 server to host the log files and cached site mailbox csv file. In my case I use the path “C:\local_files\”.
  2. Go to control panel and open the Credential Manager. You have to add a generic credential for your Exchange Online account; use your tenant name as key, like “sharepointeurope”.

3. Create a scheduled task (run whether user is logged on or not) to run the script daily once a day to automatically update your created site mailboxes in Office 365.

  • Start a program/script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  • Add arguments: .\SyncSiteMailbox.ps1 -WorkingFolder “C:\local_files\” -TenantCredentialKey sharepointeurope
  • Start in: C:\Scripts\SyncSiteMailbox.ps

4. The script SyncSiteMailbox.ps1 triggers the following actions:

  • Runs the Import-SyncSiteMailbox.ps1 script to pull changes from Office 365 to a local cache csv file in your working directory. In our case C:\local_files\.
  • Runs the Export-SyncSiteMailbox.ps1 script to export site mailbox changes to on-premise active directory.
  • Runs the SyncSiteMailboxLibrary.ps1 script to provide methods for import and export sync site mailbox script.

Of course you would be able to run the script manually with the Azure Active Directory PowerShell Module for Windows PowerShell:

The scripts creates the following files in your working directory:

5. Check if Dennis (on-premise) can now access the site mailbox which was created in Office 365:

Site mailboxes will be auto-mapped via Autodiscover service.Hopefully Microsoft improves or simplify this process in future via DirSync / AAD Sync.

Because we checked the radio button “show in Outlook” Dennis can access the site mailbox in Outlook, too:

Dennis is able to access and manage the Office 365 site mailbox

Check if Dennis (on-premise) can now access the site mailbox which was created in Office 365:

12

Dennis is able to access and manage the Office 365 site mailbox!

Because we checked the radio button “show in Outlook” Dennis can access the site mailbox in Outlook, too:

13

Site mailboxes will be auto-mapped via Autodiscover service.

Hopefully Microsoft improves or simplify this process in future via DirSync / AAD Sync.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s