Create user mailbox in Office 365?

Question

We just finalize the purchase to our software license company and I want to try to automate more with Adaxes.

Is there a way that it can automatically create mailboxes in Office 365, or should I continue to create them in our on-premise Exchange 2010 server (that relays out to 365) and set up a script to migrate them to Office 365?

Answer 1

Hello,

You will not be able to create user mailboxes in Office 365 with the built-in Adaxes functionality, but you can use PowerShell scripts for this purpose. You can use the PowerShell scripts in Business Rules, Custom Commands and Scheduled Tasks with the help of the Run a program or PowerShell script action. For example, you can create a Business Rule triggered after creating a user and create mailboxes in Office 365 for all newly created users or use the script in a Custom Command to be able to create a mailbox for any user on demand.

For information on how to create a Business Rule that runs a script automatically after creating a user, see the following tutorial: http://www.adaxes.com/tutorials_Automat ... ngUser.htm.

To be able to create mailboxes, Adaxes needs the credentials of a user with the rights to create mailboxes in your Office 365 organization. You have two options for this: you can either store the credentials directly in the body of the script or store them in a secure storage.

The following script creates Office 365 mailboxes for users in your Active Directory. The credentials are stored directly in the body of the script:

# Credentials required to create mailboxes in your cloud-based organization
$userID = "user@domain.com" # TODO: modify me
$password = ConvertTo-SecureString -AsPlainText -Force -String "Password" # TODO: modify me
# Domain name in your cloud-based organization
$userDomainName = "domain.com" # TODO: modify me
# Password to the newly created mailbox
$userPassword = ConvertTo-SecureString -String 'password' -AsPlainText -Force # TODO: modify me

$credential = New-Object System.Management.Automation.PsCredential($userID,$password)

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" `
    -Credential $credential -Authentication Basic -AllowRedirection

Import-PSSession $session

New-MailUser -Name "%fullname%" -MicrosoftOnlineServicesID "%username%@$userDomainName" -Password $userPassword

Remove-PSSession $session

In the script, $userID and $password specify the credentials of a user who has sufficient permissions to create mailboxes in your Office 365 organization, $userDomainName specifies the name of the domain that is registered in your Office 365 organization and that will be used for the newly created mailboxes, and $userPassword specifies the default password that will be set initially for all mailboxes.

The following script creates Office 365 mailboxes for users in your Active Directory. The credentials are imported from the secure storage in the folder specifies by $credentialDirectoryPath:

$credentialDirectoryPath = "C:\ScriptDirectory\Credentials" # TODO: modify me

# Domain name in your cloud-based organization
$userDomainName = "domain.com" # TODO: modify me
# Password to the newly created mailbox
$userPassword = ConvertTo-SecureString -String 'password' -AsPlainText -Force # TODO: modify me

# Check credentials directory path
if(!(Test-Path -Path $credentialDirectoryPath))
{
    $Context.LogMessage("The credentials folder was not found. Make sure that $credentialDirectoryPath exists.", "Error") # TODO: modify me
    return
}
# Read credentials from the file
$file = Get-ChildItem -Path $credentialDirectoryPath
if(!$file)
{
    $Context.LogMessage("The credentials file was not found.", "Error") # TODO: modify me
    return
}

$userID = (Get-Content -Path $file.FullName)[0]
$passwordEncryptedString = (Get-Content -Path $file.FullName)[1]
$password = ConvertTo-SecureString -String $passwordEncryptedString

$credential = New-Object System.Management.Automation.PsCredential($userID,$password)

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" `
    -Credential $credential -Authentication Basic -AllowRedirection

Import-PSSession $session

New-MailUser -Name "%fullname%" -MicrosoftOnlineServicesID "%username%@$userDomainName" -Password $userPassword

Remove-PSSession $session

In the script, $credentialDirectoryPath specifies the path to the secure storage that stores the credentials of a user who has sufficient permissions to create mailboxes in your Office 365 organization, $userDomainName specifies the name of the domain that is registered in your Office 365 organization and that will be used for the newly created mailboxes, and $userPassword specifies the default password that will be set initially for all mailboxes.

To be able to use the script, first you need to create a secure storage with credentials of a user who has sufficient permissions to create mailboxes in your Office 365 organization. To do this:

1. Create a new text file. The text file should contain only two lines:

   • ID of the user who has sufficient permissions to create mailboxes in your Office 365 organization.

   • Password to the account of the user.
     For example:

       ```powershell
       user@domain.com
       P@$$w0rd
     
       ```

2. Run the following script in PowerShell. The script will import the credentials specified in the text file to a secure storage. The secure storage will be located in the same folder as the text file, in the Credentials subfolder. The password will be encrypted using the standard Windows Encryption API, which means that only the user whose credentials were used to launch the script will be able to read the credentials in the secure storage. Since Adaxes uses the account of the default service administrator to perform all operations in Active Directory (including launching scripts), you will need to run the script with the credentials of Adaxes default service administrator to be able to use the credentials stored in the secure storage.

   To import credentials from the text file created on the previous step, you need to launch the script with the -credentialFilePath full_file_path parameter, where full_file_path is the path to the text file that you've created on the previous step, for example:
   .ImportCredentinal.ps1 -credentialFilePath C:\ScriptDirectory\credentials.txt

   Optionally, you can also specify the -deleteOldCredentials parameter. If this parameter is specified, the script will purge the directory with credentials before creating any new files.

   Here's the text of the script that imports credentials to a secure storage:

    Param($credentialFilePath, [switch]$deleteOldCredentials) # Run the script with command line parameter -credentialFilePath (credentials file path) and optional parameter -deleteOldCredentials
   
    $scriptDirectoryPath = [System.IO.Path]::GetDirectoryName($myInvocation.MyCommand.Definition)
   
    # Create a directory for files with credentials
    $credentialDirectoryPath = $scriptDirectoryPath + "\Credentials"
    if ($deleteOldCredentials)
    {
        if ((Test-Path -Path $credentialDirectoryPath))
        {
            Get-Item -Path $credentialDirectoryPath | Remove-Item -Force -Recurse
        }
    }
   
    if (!(Test-Path -Path $credentialDirectoryPath))
    {
        New-Item -ItemType directory -Path $credentialDirectoryPath | Out-Null
    }
    $credentialDirectory = Get-Item -Path $credentialDirectoryPath
   
    $filePath = $credentialDirectory.FullName + "\" + "credentials.data"
    if((Test-Path -Path $filePath))
    {
        Get-Item -Path $filePath | Remove-Item -Force -Recurse
    }
    $file = New-Item $filePath -Type file
   
    Set-Content -Path $file.FullName -Value (Get-Content $credentialFilePath)[0]
    ConvertTo-SecureString  (Get-Content $credentialFilePath)[1] -AsPlainText -Force | ConvertFrom-SecureString | Add-Content $file
   
    Write-Host "Import complete"
   

3. When credentials are imported into the secure storage, you no longer need the text file. You may safely delete it.

Comments

I tried this the first option and received the below:

The parameters passed to the cmdlet represent a managed account, which doesn't match the namespace state, which is federated.

I think it has something to do the %fullname% being passed but not sure. Can you confirm?

Thanks

---

Hello,

We've asked our script guys to investigate the issue. We'll update the forum topic as soon as they come up with something.

---

Hello,

To help us troubleshoot the issue, can you describe your environment in more detail? What type is your domain in Office 365, is it a managed domain or federated domain? Because if your domain in Office 365 is a federated domain, you cannot create mailboxes in that domain directly. Instead, you should create a mailbox for the user in your on-premises domain, and only then synchronize it to your Office 365 federated domain using the Windows Azure Active Directory Sync Tool.

---

Hi-

What do you mean by federated? Are you referring to ADFS?

---

Hello,

Yes, ADFS is a technology that supports creation and management of federated domains.

So, is your domain in Office 365 a federated domain?

---

yes we are federated.

---

Hello,

Then, as we've mentioned in our Create user mailbox in Office 365?, you cannot create mailboxes in a federated domain directly. Instead, you should create a mailbox for the user in your on-premises Exchange Server, and only then synchronize it to your cloud domain in Office 365.

---

ok, thanks.

---

would we be able to migrate an existing user mb to O365 via adaxes using a script, business rule or something else?

---

Yes, this can be done with the help of PowerShell scripts. You can use a PowerShell script that will initiate migration of Exchange mailboxes from your on-premises organization to the cloud. You can execute the script when a certain operation is performed in AD, with the help of Business Rules, on request, with the help of a Custom Command, or on Schedule, with the help of a Scheduled task.

However, currently all our script guys are very busy with final tasks for the new release to be available this Thursday. So, they won't be able to proceed to the task until next week. Can you wait?

---

thank you.
Yes, next week should be fine.

---

Hello,

OK, we've scheduled the task for our script guys. We'll update this topic as soon as soon as they come up with something.

---

With Office 365...if you create a mailbox, it creates the AD account for you. where does adaxes fit into this?
Will the update address this and how it will work?

---

Hello,

Adaxes is primarily focused on Active Directory management. This means that in Adaxes you first need to create a user account, and only then you can create a mailbox for the user.

Since you have a federated domain in Office 365, you can create users and provision them with mailboxes in your on-premises Exchange organization, after that you can synchronize them to the cloud. Since Adaxes allows you to to create and configure mailboxes for new users automatically, you can create a Business Rule triggered after creating a new user that will:

1. Automatically create a mailbox for the users in your on-premises Exchange organization.
   For information on how to create mailboxes for users automatically, see Automate Exchange Mailbox Creation for New Users.
2. Configure the mailbox to match your internal standards and rules.
   For information on how to automatically configure mailboxes, see Automate Exchange Mailbox Configuration.
3. Using a script that our script guys will make for you, initiate synchronization of the new user to Office 365.
   

---

Hi-

Just checking to see if the script to initiate synchronizations is available.

Thanks.

---

Hello,

Our script guys have already proceeded to the task, but it'll take quite a lot of time to complete. We'll update the topic as soon as they come up with something.

---

thanks a lot!

---

Hello,

It took our script guys quite a while to set up an environment in Office 365, but finally the script is ready. For the script to be able to perform the necessary operations, you need to specify the following:

• Credentials of a user with sufficient permissions to provision users for Office 365. The credentials are specified directly in the script by $office365AdminName and $office365AdminPassword.
• Credentials of your local Exchange domain administrator. They are specified using the Run As function of the Run a program or PowerShell script action (see below) that launches the script.
• The name of your Office 365 domain. It is specified directly in the script by $office365DeliveryDomain.

How to add the script to a Business Rule and specify the credentials of the local Exchange domain administrator:

1. Launch Adaxes Administration Console.

2. Expand the service node that represents your Adaxes service.

3. Locate the Business Rule that you would like to add the script to. For example, you can select a Business Rule that creates mailboxes in your local on-premises Exchange organization.

4. Right-click the set of actions and conditions that you would like to add the script to and click Add Action. We recommend adding the script to the same action/condition set that creates mailboxes in the on-premises Exchange organization.
   

5. Select the Run a program or PowerShell script action.

6. Paste the following script in the Script field.
   

    # Credentials of a user who has sufficient permissions to provision users for Office 365
    $office365AdminName = "administrator@example.onmicrosoft.com" # TODO: modify me
    $office365AdminPassword = ConvertTo-SecureString -AsPlainText -Force -String "Password" # TODO: modify me
   
    $office365DeliveryDomain = "example.mail.onmicrosoft.com" # TODO: modify me
   
    $office365Credentials = New-Object -TypeName System.Management.Automation.PSCredential($office365AdminName, $office365AdminPassword)
   
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $office365Credentials -Authentication Basic -AllowRedirection
    Import-PSSession $session
   
    # Credentials of the local Exchange domain administrator
    $localAdminName = $Context.RunAs.UserName + "@" + $Context.RunAs.Domain
    $localAdminPassword = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password 
    $localAdminCredentials = New-Object -TypeName System.Management.Automation.PSCredential($localAdminName, $localAdminPassword)
   
    $localDomain = $Context.GetObjectDomain("%distinguishedName%")
   
    try
    {
        $result = New-MoveRequest -Identity "%username%" -Remote -RemoteHostName $localDomain -TargetDeliveryDomain $office365DeliveryDomain -RemoteCredential $localAdminCredentials -ErrorAction Stop
    }
    catch
    {
        $Context.LogMessage($_.Exception.Message, "Error")
    }
   
    Remove-PSSession $Session
   
    if ($result -ne $NULL)
    {
        $Context.LogMessage("Mailbox move request created successfully. Check Exchange logs for details." , "Information")
    }
   

7. Now, you need to specify the credentials of your local Exchange domain administrator. To do this, switch the radio button in the Run as section to This account and click Specify.
   

8. Specify the credentials of a local Exchange domain administrator. The script will import credentials securely stored in the Run As section and use them when synchronizing a local mailbox to Office 365.

9. Click OK.

10. Enter a short description for the script and click OK.

11. With the help of the up and down arrow buttons at the bottom, place this action after the action that creates mailboxes, because the script only synchronizes existing mailboxes to Office 365. Thus, a local mailbox should already exist.
    

12. Save the modified Business Rule.

---

Possibly the best support of any software ever = }

---

Hello,

Thank you for your good words, we really appreciate it! :)