We have local AD synced to AzureAD and an on-premises Exchange server for expanding AD schema (mailboxes are hosted in Office 365 Exchange Online). In other words, hybrid Exchange environment.

From time to time, when we deprovision employee mailbox using Disable-Mailbox command we encounter an error: "Microsoft.Exchange.Configuration.DualWrite.LocStrings.UnableToWriteToAadException: An Azure Active Directory call was made to keep object in sync between Azure Active Directory and Exchange Online. However, it failed. Detailed error message: Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration.". It is the same problem as described on Reddit where I've also found the solution for fixing this problem. But I hate manual work, so I've created PowerShell function Remove-O365OrphanedMailbox (part of O365Stuff module) to solve this issue.

Remove-O365OrphanedMailbox function will:

- move user account to OU that is not synchronized to AzureAD
- initialize dir-sync, so the user account gets deleted in AzureAD
- restore a user in AzureAD, but now it is not dir-synced i.e. we can modify it in AzureAD
- remove litigation hold settings
- remove user mailbox
- clear user connection-with-mailbox data
- clear immutableId
- move the account to the original OU
- attach on-premises account with AzureAD account

Therefore you have to run it with appropriate permissions!

---

How to use Remove-O365OrphanedMailbox function

Install-Module O365Stuff
Import-Module O365Stuff
Remove-O365OrphanedMailbox -samAccountName <problematicMailbox> -notSyncedOUDN <DistinguishedNameToOUNotSyncedTOAAD>

Have fun 👍