blog.icewolf.ch

Let's talk about IT!
posts - 2247, comments - 295, trackbacks - 0

My Links

Archives

Post Categories

icewolf

Exchange Online Name Attribute change creates some inconsistencys

Hi All,

Back in April 2022 Microsoft has anounced in theyr Exchange Team Blog, that they will change the Name Attribute of the Objects to the ExternalDirectoryObjectId (EDOID).
After some Feedback from Customers and the Community they stopped the Rollout for Reflection as you can read on the Blog post of Tony Redmond.

Exchange Online Plans Changes to Make Mailbox Identification More Effective

Change in naming convention of user’s Name parameter

Some of the Comments indicate that the since 1. November the Rollout has started again - even the Banner of the Article says it's stopped until 23. January 2023.


I've created a new Mailenabled Security Group.
As you can see the new one has only the ExternalDirectoryObjectId (EDOID) as the Name unlike the Object that exists already a while.


I have added the new Mailenabled Security Group to the FullAccess for a Shared Mailbox in Exchange Admin Center


After you reopen the the Full Access Dialog in Exchange Admin Center you can only see the ExternalDirectoryObjectId (EDOID)


Let's view the Full Access Permission in ExchangeOnline PowerShell. You can see the diffrence in the two Groups

Get-MailboxPermission -Identity Sharedmbx@icewolf.ch | where {$_.User -ne "NT AUTHORITY\SELF"} | fl


Aldough you can resolve the Group with the ExternalDirectoryObjectId (EDOID)

Get-Recipient c5607117-7e0f-47de-b731-6fd923c5d892
Get-Recipient c5607117-7e0f-47de-b731-6fd923c5d892 | fl


Now let's try to add a User to Full Access in Exchange Admin Center


The Name Attribute of the Mailbox is also the ExternalDirectoryObjectId (EDOID)

Get-Mailbox -Identity c.kent |  Format-List Name, Alias, DisplayName, UserPrincipalName, *id*


Interesting that the Exchange Admin Center in the case of a user can resolve the Identity to UserPrincpalName


If you look at the Permissions the User Attribute is correct for the Mailbox

Get-MailboxPermission -Identity Sharedmbx@icewolf.ch | where {$_.User -ne "NT AUTHORITY\SELF"} | fl



Seems that there are still some inconcistencys all around that change. Hopefully that will be fixed until end of January.

Regards
Andres Bohren


Print | posted on Wednesday, November 30, 2022 1:48 PM | Filed Under [ Exchange ]

Powered by:
Powered By Subtext Powered By ASP.NET