Can’t enable the archive for ‘User’ because this user object is synchronized with the on-premises directory

If you’re working with Office 365 and you’re enabling Online-Archiving thought Exchange Online this blog is probably going to be useful.

If you are trying to enable Online Archiving for a user using the following command:

Enable-Mailbox <User> -Archive

And you receive the response:

The following error occurred during validation in agent ‘Windows LiveId Agent’: ‘Can’t enable the archive for ‘John’ because this user object is synchronized with the on-premises directory. To enable a cloud-based archive mailbox for this user, you must use your on-premises Exchange admin center or Exchange Management Shell.’

Its because the user’s mailbox was more than likely migrated from an On-Premise exchange.

To validate this check the AD attribute of ‘msExchRemoteRecipientType’, this attribute is synchronised using AD Sync and tells exchange Online what type of mailbox the user has. An explanation of these values can be found below.

msExchRemoteRecipientType:
1 Provisioned User Mailbox
3 Provisioned User Mailbox, Provisioned Archive
4 Migrated User Mailbox
6 Migrated User Mailbox, Archive created in cloud
20 Migrated User Mailbox, deprovisioned Archive
33 Provisioned Room Mailbox
36 Migrated Room Mailbox
65 Provisioned Equipment Mailbox
68 Migrated Equipment Mailbox
100 Shared Mailbox in EXO

If you amend this attribute and force an AD Sync Exchange Online will automatically configure the Online Archive mailbox.

I wrote a script to handle this for test users and also a whole organisation based on what the msExchRemoteRecipientType is set to.

You will need exchange online admin credentials and also AD rights in order to apply these settings, you are directly modifying the attributes. If you aren’t sure what you’re doing please make sure you run in test mode and specify only 1 or 2 users.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
###Script to enable archive mailboxes for specified users

###Edit log file location in log Function below

#[string]$Path='C:\scripts\Email Archiving\log

#This option can be passed in with a command but I prefer to set it here, the date and the extension

#will be placed onto the end of the C:\Scripts\Email Archiving\log string to represent C:\Scripts\Email Archiving\log_2018-01-24.log

#Function to write a log file out

function Write-Log

{ [CmdletBinding()]

Param

(

[Parameter(Mandatory=$true,

ValueFromPipelineByPropertyName=$true)]

[ValidateNotNullOrEmpty()]

[Alias("LogContent")]

[string]$Message,

[Parameter(Mandatory=$false)]

[Alias('LogPath')]

[string]$Path='C:\scripts\Email Archiving\log',

[Parameter(Mandatory=$false)]

[ValidateSet("Error","Warn","Info")]

[string]$Level="Info",

[Parameter(Mandatory=$false)]

[switch]$NoClobber

)

Begin

{

# Set VerbosePreference to Continue so that verbose messages are displayed.

$VerbosePreference = 'Continue'

#Append the date to the migration log file

$FormattedDate = Get-Date -Format "yyyy-MM-dd"

$Path = $Path + "_" + $FormattedDate + ".log"

}

Process

{

# If the file already exists and NoClobber was specified, do not write to the log.

if ((Test-Path $Path) -AND $NoClobber) {

Write-Error "Log file $Path already exists, and you specified NoClobber. Either delete the file or specify a different name."

Return

}

# If attempting to write to a log file in a folder/path that doesn't exist create the file including the path.

elseif (!(Test-Path $Path)) {

Write-Verbose "Creating $Path."

$NewLogFile = New-Item $Path -Force -ItemType File

}

else {

# Nothing to see here yet.

}

# Write message to error, warning, or verbose pipeline and specify $LevelText

switch ($Level) {

'Error' {

Write-Error $Message

$LevelText = 'ERROR:'

}

'Warn' {

Write-Warning $Message

$LevelText = 'WARNING:'

}

'Info' {

Write-Verbose $Message

$LevelText = 'INFO:'

}

}

# Write log entry to $Path

$timeStamp = Get-Date -Format o | foreach {$_ -replace ":", "."}

"$timeStamp $LevelText $Message" | Out-File -FilePath $Path -Append

}

End

{

}

}

##########################Functions preloaded at the top of the script##########################

#Set test mode on so we can specify users

$testMode = 1

#Specify test users to run the script on - UPN should be supplied

$testUsers = "[email protected]", "[email protected]"

#Grab exchange online user credentials

$UserCredential = Get-Credential

#Set the exchange powershell session allowing redirection of commands

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

#Import the Powershell session

Import-PSSession $Session

#Import the Powershell session

Import-Module ActiveDirectory

#Evaluate test mode or not

if ($testMode -eq 1) {

#Loop through each test user and enable inplace archive

foreach ($user in $testUsers) {

$searchResult = get-aduser -Filter { UserPrincipalName -Eq $user }

$mailboxStatus = get-aduser $searchResult -properties * | select -property msExchRemoteRecipientType -ExpandProperty msExchRemoteRecipientType

Write-Host "$user Current Mailbox Status = $mailboxStatus"

if ($mailboxStatus -eq 3) {

Write-Host "$result Current Mailbox Status = $mailboxStatus"

Write-Log "Archiving already enabled for $user - ProvisionedMailbox, ProvisionedArchive (Cloud MBX &amp; Cloud Archive)"

Write-Log "No action performed"

}

if ($mailboxStatus -eq 4) {

Write-Host "$result Current Mailbox Status = $mailboxStatus"

Write-Log "Archiving not enabled for $user - Migrated"

set-aduser $searchResult –replace @{msExchRemoteRecipientType=6}

}

if ($mailboxStatus -eq 6) {

Write-Host "$result Current Mailbox Status = $mailboxStatus"

Write-Log "Archiving enabled for $user - Migrated, ProvisionedArchive (Migrated MBX &amp; Cloud Archive)"

Write-Log "No action performed"

}

if ($mailboxStatus -eq $null) {

Write-Host "No mailbox status in AD"

$user | Enable-Mailbox -Archive

Write-Log " Online user - enabled archiving for this user $user"

}

}

}

else {

#Loop through all user mailboxes without Archiving turned on and enable it

$searchResult = Get-Mailbox -ResultSize "unlimited" -Filter {RecipientTypeDetails -eq "UserMailbox"}

foreach ($result in $searchResult) {

$mailboxStatus = get-aduser $result.Name -properties * | select -property msExchRemoteRecipientType -ExpandProperty msExchRemoteRecipientType

if ($mailboxStatus -eq 3) {

Write-Host "$result Current Mailbox Status = $mailboxStatus"

Write-Log "Archiving already enabled for $result.Name - ProvisionedMailbox, ProvisionedArchive (Cloud MBX &amp; Cloud Archive)"

Write-Log "No action performed"

}

if ($mailboxStatus -eq 4) {

Write-Host "$result Current Mailbox Status = $mailboxStatus"

Write-Log "Archiving not enabled for $result.Name - Migrated"

set-aduser $result.Name –replace @{msExchRemoteRecipientType=6}

}

if ($mailboxStatus -eq 6) {

Write-Host "$result Current Mailbox Status = $mailboxStatus"

Write-Log "Archiving not enabled for $result.Name - Migrated, ProvisionedArchive (Migrated MBX &amp; Cloud Archive)"

Write-Log "No action performed"

}

if ($mailboxStatus -eq $null) {

Write-Host "No mailbox status in AD"

$result.Name | Enable-Mailbox -Archive

Write-Log " Online user - enabled archiving for this user $result.Name"

}

}

}

#Close connection to exchange

Remove-PSSession $Session

5 thoughts on “Can’t enable the archive for ‘User’ because this user object is synchronized with the on-premises directory”

  1. First of all thanks for you post. (y)

    The same Error-Message get a user with a limited license, for example F1.
    I run in the same error with a non sync-user and i dont understand why the error warning say that the user is sync, althougt the user is a Azure AD User.
    After investigate some attributes, i´ll find the issue with the wrong license.

    So keep in Mind if you get this Error-Warning that you also have to check the correctly license

  2. so when i moved/migrated user from hybrid without archive, which to choose to create online archive for mailbox? 4 ?

    1. To my knowledge, after having just recently having to deal with this myself, in the scenario you describe the on-premise AD account will have the attribute “msExchRemoteRecipientType” equal to the value of “4” and the Exchange Online property “RemoteRecipientType” set to “Migrated”.

      This being the case you will not be able to grant the user access to an online archive mailbox due to being in this state.

      Please view the documentation Microsoft have provided on Recipient Type Values here:
      https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_exchon-mso_o365b/recipient-type-values/7c2620e5-9870-48ba-b5c2-7772c739c651

Leave a Reply

Your email address will not be published. Required fields are marked *