<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008OLC0wSAHOkta Classic EngineOkta Integration NetworkAnswered2025-03-30T09:03:33.000Z2018-09-25T23:42:54.000Z2019-07-05T20:25:33.000Z

MichaelF.87478 (Customer) asked a question.

September 25, 2018 at 11:42 PM
How do we convert or manage Orphaned AD objects after switching to Universal Sync - Shared Mailboxes

We previously were in an Exchange hybrid environment with AADC, using Exchange on-prem to manage shared mailboxes . We have recently moved to Universal sync but managing shared mailboxes has now become a pain. Since Universal Sync doesn't sync disabled objects (the shared mailboxes) how can we manage these shared mailboxes? We now have orphaned AD objects for the mailboxes that are essentially disconnected from our cloud mailboxes.

 

We can't make changes through the online portal - since O365 sees these as "Synced with Active Directory". I have read articles describing deleting the user and then restoring in powershell to make it "in-cloud" but doing the restore, restores it to its original state (aka "Synced with Active Directory"). Is there anyway to get Universal Sync to delete a user from O365, so I can do a restore as "in cloud"? Or how have other people got around this?

  • 5 answers
  • 3.06K views

  • fabian.bahna1.5102194373023474E12 (Okta, Inc.)

    Hi Michael,

    The only way to make changes is from AD as everything is synced from it. You cannot make any changes in Okta or O365.

    The only recommendation I have is to delete those shared mailboxes using powershell, then remove them from the recycle bin and create them again and sync them using an email address which exist in O365. As you are using universal sync, any change you make needs to be done from AD and it will be synced downstream.

    Expand Post
    Selected as Best

  • fabian.bahna1.5102194373023474E12 (Okta, Inc.)

    Hi Michael,

    The only way to make changes is from AD as everything is synced from it. You cannot make any changes in Okta or O365.

    The only recommendation I have is to delete those shared mailboxes using powershell, then remove them from the recycle bin and create them again and sync them using an email address which exist in O365. As you are using universal sync, any change you make needs to be done from AD and it will be synced downstream.

    Expand Post
    Selected as Best

  • mike.davie1.5312945692819849E12 (Customer First Programs)

    Hello Michael,

     

    Thanks for posting your inquiry in Okta Community Portal.

     

    If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer."

     

    Thank you,

    Mike Davie

    Okta Help Center

    Expand Post

  • MichaelF.87478 (Customer)

    Thanks Fabian, I had a feeling there was no direct, easy way to do it. I think at this stage, it’s a matter of us just finding our process to manage these mailboxes – which might involve what you suggest.

    Thanks for the input.

    Michael


    [cid:bcnulogo_8faa53c8-ecaf-4680-b662-837d2810cfbd.jpg]|


    Michael Fong
    Assistant Manager of Information Technology
    BC Nurses' Union


    P: 604 433 2268 Ex. 2155 | 1 800 663 9991
    F: 604 433 7945 | 1 888 284 2222
    C: 604 209 2072
    E:     mfong@bcnu.org<mailto:mfong@bcnu.org>

    4060 Regent St | Burnaby, BC V5C 6P5
    www.bcnu.org<http://www.bcnu.org>

    This email is intended only for the person(s) to whom it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. Any other distribution, copying or disclosure is strictly prohibited. If you received this transmission in error, we apologize but we would appreciate you notifying the sender of this circumstance by replying to this email and deleting the original.



    We respectfully acknowledge that we live and work on the traditional and unceded territories of Indigenous Peoples.
    Expand Post

  • cfjzc (cfjzc)

    Hi Michael,

     

    How did you end up managing this?

  • MichaelF.87478 (Customer)

    Hi Aidan,

     

    So we decided one a two pronged approach. 

     

    1. For managing existing objects, we couldn’t find a simple approach so we had to work within the framework. Basically for objects like Shared mailboxes, we had to convert it to a user account (assign it a temporary EO license), activate the account in AD, make sure they synced up. Make the changes required,sync, and then reverse the process to get it back to a shared mailbox. Not the most elegant solution but it worked for the changes we needed to make.
    2. Going forward, create everything directly in the cloud so it can be managed without relying on the on-prem infrastructure for these types of scenarios. 

     

    Hopefully this is of some help to you.

     

    Michael

    Expand Post
This question is closed.
Loading
How do we convert or manage Orphaned AD objects after switching to Universal Sync - Shared Mailboxes