Fix: “Not valid SMTP address” while adding migrated mailbox permissions

A customer recently came to me with an issue leaving them unable to add permissions for a migrated user to an on-prem calendar. Upon attempting to do this, they received the below error:

The user "[email protected]" is either not valid SMTP address, or there is no matching information.
+ CategoryInfo : NotSpecified: (:) [Add-MailboxFolderPermission], InvalidExternalUserIdException
+ FullyQualifiedErrorId : [Server=EX01,RequestId=ea74abf4-2273-4212-9941-b23c72a15907,TimeStamp=16/09/2022 1
3:54:43] [FailureCategory=Cmdlet-InvalidExternalUserIdException] 7CD94505,Microsoft.Exchange.Management.StoreTasks
.SetMailboxFolderPermission
+ PSComputerName : EX01.contoso.com

A very confusing issue as the mailbox Exchange is looking for most certainly does exist.

A quick check using the below command revealed that ACLable object synchronisation was not enabled which is crucial for cross-premises delegated permissions to function correctly.

Get-OrganizationConfig | fl ACLableSyncedObjectEnabled

Reviewing the problematic mailbox’s msExchRecipientDisplayType also confirms the incorrect configuration. Note the value of -2147483642 rather than -1073741818:

To resolve this, you have 2 options, only one of which is logical. I’ll start with the other. All commands are ran from on-prem Exchange.

To resolve the issue for a single mailbox only, run the below command, replacing [email protected] with the desired mailbox:

Get-AdUser [email protected] | Set-AdObject -Replace @{msExchRecipientDisplayType=-1073741818}

For the more logical solution, run the below command to update all migrated mailboxes:

Get-RemoteMailbox -ResultSize unlimited | where {$_.RecipientTypeDetails -eq "RemoteUserMailbox"} | foreach {Get-AdUser -Identity $_.Guid | Set-ADObject -Replace @{msExchRecipientDisplayType=-1073741818}}

Finally, run the below command to ensure any mailboxes migrated in the future have the correct configuration with no additional configuration:

Set-OrganizationConfig -ACLableSyncedObjectEnabled $True

Leave a comment