I participated in a Reddit thread about Office 365 shared mailboxes recently and thought it would be a good opportunity to write an article here as well, since this is a topic that comes up fairly often.
As the name suggests, a shared mailbox is one that is used by multiple users to receive or send email. You’ve probably seen shared mailboxes used for situations such as an IT help desk, a HR department, payroll enquiries, and reception desks.
A shared mailbox also has a calendar, so they can be used to coordinate team schedules or anything else where multiple people may need to look at a common calendar (except for meeting rooms which should use a room mailbox, and pool equipment which should use an equipment mailbox).
Shared mailboxes do not consume an Office 365 license, and they can’t be logged into directly. This is a good thing, since most organizations would not want to pay for extra licenses for shared mailboxes, but it means they are not a way to get a “free” license for generic/shared user accounts (eg a shared “reception” account).
The licensing point is important, because in a staged or cutover Office 365 migration you will end up with mailboxes that were shared mailbox on-premises being migrated as regular user mailboxes into Exchange Online. User mailboxes will work without a license for 30 days after which they will be deleted. Fortunately you can convert them from a user mailbox to a shared mailbox without assigning a license, which I’ll cover later in this article.
But first, let’s look at creating new shared mailboxes in Exchange Online (Office 365).
Creating New Shared Mailboxes in Exchange Online
There are three methods you can use to create new shared mailboxes in Exchange Online:
- Office 365 admin center
- Exchange admin center
- PowerShell
Creating a Shared Mailbox in the Office 365 Admin Center
The Office 365 admin center is located at https://portal.office.com. After logging in look for the Shared Mailboxes item in the left menu. Click the + icon to create a new shared mailbox.
Give the new shared mailbox a name and email address, and choose one or more users who need access to open and send as the shared mailbox.
Click Create to complete the task.
For the users that you granted access to the mailbox, it should appear in Outlook automatically for them after they restart their Outlook application (perhaps after a few minutes delay).
Create a New Shared Mailbox on the Exchange Admin Center
The Exchange admin center for Exchange Online is located at https://outlook.office365.com/ecp. After logging in navigate to Recipients and then Shared. Click the + icon to create a new shared mailbox.
Enter a name and email address for the shared mailbox, and add any users that need access to open and send mail as the shared mailbox.
Click Save to complete the task.
As with the previous method, any user you granted access to the mailbox should see it appear automatically after restarting Outlook, or they can add it manually.
Creating a New Shared Mailbox using PowerShell
Naturally we can also create shared mailboxes using PowerShell. First connect to Exchange Online from a PowerShell session. Then run the New-Mailbox cmdlet with the -Shared switch, for example:
PS C:\> New-Mailbox -Shared -Name "Social Club" -PrimarySmtpAddress socialclub@office365bootcamp.com Name Alias ServerName ProhibitSendQuota ---- ----- ---------- ----------------- Social Club SocialClub sixpr04mb0621 49.5 GB (53,150,220,288 bytes)
To add permissions for a user to access the mailbox use Add-MailboxPermission:
PS C:\> Add-MailboxPermission -Identity "Social Club" -User Alan.Reid@office365bootcamp.net -AccessRights FullAccess Identity User AccessRights IsInherited Deny -------- ---- ------------ ----------- ---- Social Club APCPR04A001Alan.... {FullAccess} False False
Finally, to add Send As permissions use Add-RecipientPermission:
PS C:\> Add-RecipientPermission -Identity "Social Club" -Trustee Alan.Reid@office365bootcamp.net -AccessRights SendAs Confirm Are you sure you want to perform this action? Adding recipient permission 'SendAs' for user or group 'Alan.Reid@office365bootcamp.net' on recipient 'Social Club'. [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y Identity Trustee AccessControlType AccessRights Inherited -------- ------- ----------------- ------------ --------- Social Club Alan.Reid Allow {SendAs} False
Once again, the shared mailbox should appear automatically for the user after they restart Outlook, or they can add it manually.
Now that we’ve covered how to create new shared mailboxes, let’s take a look at converting existing user mailboxes to shared mailboxes.
Converting User Mailboxes to Shared Mailboxes in Office 365
As I described earlier, a shared mailbox migrated to Office 365 using a staged or cutover migration will be created in Exchange Online as a user mailbox. User mailboxes require licenses or they are deleted in 30 days. To avoid consuming an Office 365 license you can convert the user mailbox to a shared mailbox very easily.
In the Exchange admin center navigate to Recipients and then Mailboxes, and find the mailbox you wish to convert. After selecting the mailbox you’ll notice a Convert to Shared Mailbox option to the right of the page.
Click Convert, then click Yes to confirm. The conversion process takes just a few moments, and no data is lost in the conversion. When the conversion is complete click Close.
When you refresh the Mailboxes view you should no longer see the converted mailbox. Instead you can look in the Shared view to see it. Notice also that there is an option to convert it back to a regular mailbox if you need to.
Click the Edit icon and then Mailbox Delegation to add permissions for any users who need to access or send as the converted shared mailbox. Alternatively you can do this using the PowerShell commands demonstrated earlier in this article.
As a final step, if the user/mailbox had been assigned an Office 365 license before the conversion you can remove the license. However, do not delete the user account, as that will delete the mailbox as well.
Summary
As you can see shared mailbox creation and conversion in Office 365 is quite simple. This is an important concept to understand because of the implications for licensing. If your company is spending Office 365 licenses on shared mailboxes they are quite possibly wasting money, and you have the opportunity to save some of those costs by using the correct mailbox type instead.
If you’ve created a mailbox as a Shared Mailbox, and you convert it to a Regular mailbox, does it create an associated User account?
The reason we’re asking is because we’ve got a Shared Mailbox that needs to be connected to a Distribution list with an Exchange-Hybrid setup, with on-Prem Active Directory. We have removed our on-Prem Exchange server, so we’re not sure if updating our Azure Connect would allow Group Writeback to make the change.
Wondering if converting our Shared Mailbox would create an associated User account, which we could then use to make the connection before converting back to a Shared Mailbox? Would save us from having to export the e-mail in the current shared mailbox, delete it, re-create the account in Active Directory first & convert it to a Shared Mailbox, and import our exported emails…
Hi Paul,
Wondering if there is a way to create an Office365 shared mailbox from an existing Office 365 user that is unlicensed with no mailbox.
Reason being, currently it appears one can only create a shared mailbox by licensing the user, then converting, then removing the license. Pretty much meaning one must keep a spare license up your sleeve. Small clients do not like this.
Cheers
Unable to add functional Mailbox in outlook.
After adding from account setting it is asking for password.
ExchangeUseraccount Control For mailbox is Account disabled
ExchangeUserAccountControl : AccountDisabled
Should i change it ot None and if Yes do you have Powerhsell Command for it ?
Pingback: Общие ящики и О365 — IT in realworld
How can we create a security group in AD and assign that group access to the shared mailbox?
The idea behind this is to control access to the shared mailbox via AD and not have to log in to Office 365 via powershell or the web and simply to add and remove users from the group in AD
Hi Paul
Can you please advise if I can convert regular mailbox to shared mailbox using powershell command?
if yes, what would be the command? Thanks.
HI Paul,
I wanted to convert cloud shared mailbox to Federated domain user mailbox.. It gets converted but when i try to assign the license it giving me an error..
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
I guess you could start by googling the error message that you’re seeing.
Is there any way we could find who has created shared mailbox ?
How does one convert an On-Prem shared box to an Outlook group in O365?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
No direct conversion as far as I know. It would need to be a manual process.
Paul,
I could really use your insight on something that needs action tonight.
When we upgraded some confrence rooms, as a licensed room account, in Exchange Online. Some, not all show “ExchangeUserAccountControl” as “AccountDisabled” where half show “None” and can log in to the conf room devices (panels and phones) work as normal.
This is the common formality we are finding to be different.
How can we simply modify this in exchange? So it will work?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
The account for a room mailbox is supposed to be disabled. Are you trying to re-enable them?
Yep, I have the same issue. Converted it several times. Progress bar seems odd, it moves from a little green to full in one second. No errors visible, and no mailbox converted.
I just filed a support ticket and they called me within 30 mins. I had a friendly guy who talked me through it and I let him see that it did not work. I was already logged in with Powershell so he gave me the powershell command Set-Mailbox -Type shared
After a short wait it was converted to a shared mailbox.
I’ve been converting mailboxes for a few months now in the console, but I’ve come across an individual mailbox which refuses to convert! I have no idea why it won’t do it.
I click on the “covert to shared mailbox” link, but comes up with the progress bar, and then says it’s completed the conversion process.
I then go to shared mailboxes and it’s not there, I then go to the mailbox list and there it is, still a regular mailbox.
Anyone else had this issue before?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Anything unusual about the mailbox? Archive-enabled? Has a hold in place? Anything else that might be different from the others?
Useful article.
I have a question. Can I create shared mailboxes from migrated accounts, while the cut-over migration is still running or can this only be achieved once the AD-Connector is active and the migration batch stopped?
“As a final step, if the user/mailbox had been assigned an Office 365 license before the conversion you can remove the license. However, do not delete the user account, as that will delete the mailbox as well.”
So the unlicensed users must remain in the active users section in order to keep the shared mailbox? There is no way to remove them? It is cluttering up our user list. I noticed in another reply you said “shared mailboxes still need an associated user object.” If I create a shared mailbox from scratch it doesn’t need one, so why can’t I removed that association?
Thank you!
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
All shared mailboxes have an associated user account. I see all user accounts for my shared mailboxes no matter how they were created/converted. You can apply a filter to your user view in the Office 365 admin portal to only show you licensed users if it’s that much of a problem.
Hi Paul, currently an Exchange mailbox migration in hybrid at the moment. We have user mailboxes on-premise that are being used as shared mailboxes (dont’ ask 🙂 ). I found this out after a pilot batch, but got around this by simply converting it from a user mailbox to a shared mailbox AFTER the migration via PowerShell. I confirmed this worked by viewing RecipientTypeDetails which was then SharedMailbox. It just led to delays in users being able to access the mailbox.
My question is, can we pre-empt this with the remaining “user” mailboxes by running the same Powershell to convert them to shared BEFORE migration? Will AAD Connect sync these up correctly to save me the job and tight timescales post migration batch completing?
Also, have the issue of full access/send as permissions, which I’m thinking of pre-empting too, just not sure if these all get synced with the tenant…
I couldn’t anything on the user/shared mailbox issue in Office365 for IT Pros (which has been amazing by the way!)
Thanks
Dan
Hey Paul,
How can I go the other way! ie I setup a shared mailbox, but now I want to have this as a complete licenced mailbox? I have tried by just ‘enabling the licenced’ features in the Web console, but it still appears in the shared mailbox list and will not allow some features to work (mailbox permissions etc).
Any thoughts would be apprecaited.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Select the shared mailbox, look for the convert link in the same place you found it before.
For converting a hosted O365 mailbox to shared in a hybrid setup, there was a few attributes that needed to be changed on your on-prem AD account. Originally Microsoft had this info in their article but changed it and now recommends moving it back to on-prem, converting to shared, then moving it back which is ridiculous (https://support.microsoft.com/en-us/kb/2710029).
I *think* the correct way to do this is convert to a shared mailbox in O365, then run these commands on an AD Module Powershell session:
Disable-AdAccount
Set-AdUser -Replace @{msExchRemoteRecipientType=”100″}
Set-AdUser -Replace @{msExchRecipientTypeDetails=”34359738368″}
If you don’t change the attributes, Dirsync or whatever name they are calling it this month (Azure Sync/Azure Connect/etc) will change the attributes back to a normal mailbox and after 30 days you might lose the mailbox if you take out the license.
How do you convert a cloud user mailbox into a shared mailbox in a Hybrid solution? I recently converted one from the O365 portal, but local Exchange still shows the mailbox as a “Remoter User Mailbox” instead of “Remote Shared Mailbox”.
Ricordo – did you ever get answer for this question? I have the same issue.
Hello Paul,
How do we convert a lot of mailboxes at the same time. I assume there is a way to do this via PowerShell. The current gui method is time consuming. Considering we have more shared mailboxes than users.
Hello Paul,
What if we created the shared mailboxes directly on the cloud instead of Active Directory ; As we are using DIR SYNC but we are not creating the shared mailboxes in AD and then converting them to shared after DIRSYNC. Directly into the Cloud so is their harm in this approach ?
The question regarding the fate of the user object in on-prem AD above. If I migrate a user to Exch Online in a hybrid scenario, then convert the mailbox to shared, the user object remains enabled I have noticed, however I don’t necessarily want this. On Prem, the user object is auto disabled. Can I disable and/or remove the user object in a hybrid setup and will the shared mailbox remain intact in cloud or does there remain a reliance on the ad synced object forever and it remaining enabled. If so, without looking at the inactive mailbox option, which may be more effective, leaving users mail accounts would have to stay enabled with password changes or we would have to look at legal holds etc… For compliance.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
You should be able to disable the user object on-prem without impacting the shared mailbox in Exchange Online. Don’t remove the user object; shared mailboxes still need an associated user object.
Cheers Paul. Also looking forward to the day when a shared conversion keeps the archive intact automatically. The conversion option I like much better than inactive due to the ease of providing delegate access if required at a later date. Great site. I’ve learnt heaps from you over the years.
Keep in mind that after converting from a User Mailbox with an Archive to a Shared Mailbox and removing the license, the Archive Mailbox will be lost. You must export the Archive Mailbox to PST before the conversion if you want to keep it.
I wish this that would change, as we convert User Mailboxes to Shared when users are terminated, so that we can retain the mail for access by management. Because of this, we cannot take advantage of Archive Mailboxes because the work required to export archives to PST and then re-import is just to time consuming.
I’ve spoke about this at Ignite 2015 with a Microsoft Program Manager who works specifically on Archive. She was going to share it as feedback with the Engineering team, but I haven’t heard of anything in the pipeline to address this.
I can understand, on one hand, why they’d not want to allow this without a license, but given the massive size allowed for Shared Mailboxes, I wonder if it would make that big of a difference on the MS side of things.
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
There’s no need to convert them to shared mailboxes. You can use inactive mailboxes instead.
https://technet.microsoft.com/en-au/library/dn798632(v=exchg.150).aspx
But does the functionality of a Inactive Mailbox match the functionality of a shared mailbox? Yes, the inactive will preserve the mailbox – but it doesn’t appear that you can share it out again, until you reactivate it.
BTW… Thanks for the article, Paul.
In a hybrid environment, how do we go about doing this? More importantly, do we have to manually disable the user account on-prem after converting the O365 mailbox to shared (and having the cloud user account be disabled)?
We have a hybrid environment and what we do is we create the AD object with mailbox on-premise. We then migrate to the cloud and license, convert to a shared mailbox, and then unlicensed afterwards.
Since we also want to keep permission administration in AD and not in O365 admin console, We have created mail-enabled security groups. We grant these groups full access and send on behalf to the migrated mailbox and we simply add usernames to the groups in AD.
This method has worked for us for years now.
FloRod,
With hybrid, couldn’t you create a shared mailbox on premise first before migrating to cut out all of the conversion and “unlicensing” process in O365?
Does the mail-enabled security groups require a license in Office365?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
Groups do not consume a license.
We also have a hybrid environment and are running MS-DirSync between On-prem and Cloud. We create a normal user account in AD with On-Prem mailbox. Then we run DirSync, license for O365, migrate, convert to Shared Mailbox, then unlicense the account in O365. The final step for us is to disable the AD account. The shared mailbox does not require an O365 license expense, but we have several 3rd party applications which charge us per active user account. Disabling the AD account solves that problem and does not affect email flow or delegate access to the shared account.
For On-Prem shared mailboxes to get moved, we had to first enable the accounts, then convert them to normal user accounts, DirSync, license, migrate, convert back to shared, unlicense, and disable in AD.