EXO migration and NotAcceptedDomainException in Hybrid

When it comes to Exchange Online migration and you have a lot of SMTP namespace, you might run into issues

• when you’re trying to migrate the user
• when you try to grant Send As permissions

User migration

Usually you will create a MigrationBatch to onboard your users as outlined in this article. When you’re in hybrid, make sure you fulfill the prerequisites here.

When you have a user with a SMTP address, which is not listed as an accepted domain, you won’t be able to create either a MigrationBatch or a move request for.

Grant Send As permission

Even with the latest improvements, which are really huge steps forward for manager delegate scenarios, there are some permissions, which needs more attention:

Send As

As of today these permissions won’t be migrated and won’t be synced with AAD Connect.

(One) Solution

If you have only a few domains, you might not run into this issue at all. But there are deployments where the number is in hundreds. Sadly the error above won’t tell you which domain is missing.

As urgently needed I wrote the following function this morning:

function Verify-RecipientDomain () {
    [CmdletBinding()]
    param
    (
        [parameter(ValueFromPipelineByPropertyName=$true,Mandatory=$true, Position=0)]
        [Alias('PrimarySmtpAddress','Identifier')]
        [string[]]$Recipient
    )
    Begin
    {
        #get accepted domains
        $AcceptedDomain = @()
        $AcceptedDomain = Get-AcceptedDomain | Select-Object -ExpandProperty DomainName
        #create variable for output
        $objcol = @()
    }
    Process
    {
        ForEach ($Rec in $Recipient)
        {
            Write-Verbose "Verifying $($Rec)"
            #create object for output
            $data = New-Object -TypeName PSObject
            $data | add-member -type NoteProperty -Name Recipient -Value $Rec
            #create 
            [Boolean]$BadDomainExists = $false
            #get EmailAddresses from recipient
            $RecAddresses = @()
            $RecAddresses = Get-Recipient $Rec | Select-Object -ExpandProperty EmailAddresses
            $BadDomains = @()
            #check SMTP address domain
            ForEach ($Address in $RecAddresses)
            {
                If ($Address.StartsWith("smtp") )
                {
                    If ($AcceptedDomain -notcontains $($Address.Split('@')[1]))
                    {
                        Write-Verbose "Missing domain found:$($Address.Split('@')[1])"
                        $BadDomainExists = $true
                        $BadDomains += $Address.Split('@')[1]
                    }
                }
            }
            If ($BadDomainExists)
            {
                Write-Verbose "Adding missing domains to object"
                $data | add-member -type NoteProperty -Name MissingDomain -Value $(($BadDomains | Select-Object -Unique) -join ",")
                $objcol += $data
            }
        }
    }
    End
    {
        If ($objcol.Count -ge 1)
        {
            $objcol
        }
    }
}

The function needs to be run within an EXO PowerShell session and support pipelining of Get-Recipient or Get-MigrationUser. The output will be 2 properties per invalid recipient:

• Recipient: Contains recipient’s SMTP address
• MissingDomain: Contains a comma separated string for each missing domain

Conclusion

I hope this helps you identifying either missing domains or old SMTP addresses, which aren’t needed anymore.