Exchange Online Name Attribute change creates some inconsistencys
Hi All,
Back in April 2022 Microsoft has anounced in theyr Exchange Team Blog, that they will change the Name Attribute of the Objects to the ExternalDirectoryObjectId (EDOID). After some Feedback from Customers and the Community they stopped the Rollout for Reflection as you can read on the Blog post of Tony Redmond.
Some of the Comments indicate that the since 1. November the Rollout has started again - even the Banner of the Article says it’s stopped until 23. January 2023.
I’ve created a new Mailenabled Security Group.
As you can see the new one has only the ExternalDirectoryObjectId (EDOID) as the Name unlike the Object that exists already a while.
I have added the new Mailenabled Security Group to the FullAccess for a Shared Mailbox in Exchange Admin Center
After you reopen the the Full Access Dialog in Exchange Admin Center you can only see the ExternalDirectoryObjectId (EDOID)
Let’s view the Full Access Permission in ExchangeOnline PowerShell. You can see the diffrence in the two Groups
Get-MailboxPermission -Identity Sharedmbx@icewolf.ch | where {$_.User -ne "NT AUTHORITY\SELF"} | fl
Aldough you can resolve the Group with the ExternalDirectoryObjectId (EDOID)
Get-Recipient c5607117-7e0f-47de-b731-6fd923c5d892
Get-Recipient c5607117-7e0f-47de-b731-6fd923c5d892 | fl
Now let’s try to add a User to Full Access in Exchange Admin Center
The Name Attribute of the Mailbox is also the ExternalDirectoryObjectId (EDOID)
Get-Mailbox -Identity c.kent | Format-List Name, Alias, DisplayName, UserPrincipalName, *id*
Interesting that the Exchange Admin Center in the case of a user can resolve the Identity to UserPrincpalName
If you look at the Permissions the User Attribute is correct for the Mailbox
Get-MailboxPermission -Identity Sharedmbx@icewolf.ch | where {$_.User -ne "NT AUTHORITY\SELF"} | fl
Seems that there are still some inconcistencys all around that change. Hopefully that will be fixed until end of January.
Regards
Andres Bohren
