This account doesn't have an Outlook Web App mailbox in Office 365

Problem:

You're currently signed in as <User Principal Name>. Please sign out, then sign in to Outlook Web App with the account you use to read your organization's email. Click <here> to sign out.

The problem is mailbox is created in exchange online with few missing attributes. The attributes are SKUAssigned.



Causes:

1. The target resource like Exchange Online attributes are not synchronized with Office 365 Azure AD. The synchronized attributes are SKUAssigned, and ExternalObjectID.

2. The ExchangeUserAccountControl  attribute value is AccountDisabled in the Exchange Online Office 365. The ExchangeUserAccountControl value always None.


Solution:

There are two solutions are available to resolve the issue. They are

Solution 1: The User doesn't have any data in exchange online.

1. Login to the Office 365 Portal.
2. Search the User
3. Remove the Licenses to the User
4. Usually it takes 5 minutes to replicates the changes from Azure AD  to Exchange Online.In worst case  you need to wait 24 Hours to replicate the changes from Azure AD to Exchange Online.
5. After re-assign the licenses to the user and the issue will be resolved.

Solution 2: The User have data in exchange mailbox and you need to restore the mailbox.

The Following procedure is being used to restore the Mailbox in the Exchange Online integrated with Federated environment. They are

1. Finding the PendingInput Status user in Office 365

$users = Get-MsolUser -UserPrincipalName <User Principal Name>

foreach($user in $users)
{
    $licenses = $user.Licenses[0].ServiceStatus
    foreach($license in $licenses)
    {
         if($License.ProvisioningStatus -eq "PendingInput")
         {
            Write-Host $user.UserPrincipalName " - " $License.ServicePlan.ServiceName "-"  $License.ProvisioningStatus
         }
         else
         {
            Write-Host $user.UserPrincipalName " - " $License.ServicePlan.ServiceName "-"  $License.ProvisioningStatus
         }
    }
}

2. Finding the Exchange Online SKUAssigned value for the User

Get-Mailbox <User Principal Name> | Select SKUAssigned

The SKUAssigned value should be empty because the azure ad licensing info was not replicated from azure ad to exchange online. 


3. Removing the User from the Office 365 Azure AD

The following commands needs to be executed to remove the user from Windows Azure AD.

Remove-MsolUser -UserPrincipalName <User Principal Name> -force
Remove-MsolUser -UserPrincipalName <User PrinciplaName> -force -RemoveFromRecycleBin




4. Verifying the Azure AD user replicated to exchange online removal state

Usually the replication process from azure AD to Office 365 time duration is 5 minutes to 24 hours. The following commands being used to retrieve the removal state mailbox.

$rmb=Get-RemovedMailbox <User Principal Name> | Select Guid

 The guid is required to relinking the existing mailbox in the exchange online. 

5. Linking the Existing MailBox in exchange online

New-MailBox -Name <Name> -RemovedMailbox <GUID> -FirstName <FirstName> -LastName <LastName> -DisplayName <DisplayName> -MicrosoftOnlineServicesID <UPN>  -PrimarySmtpAddress <upn> -ImmutableId <immutable Id> -FederatedIdentity <federated id> 

6. Testing the Mailbox Accepting the Messages

Test-MAPIConnectivity <User Principal Name>

This command move the mailbox disconnected state to active state.

7. Update the Country Location in Office 365 

   set-msoluser -UserPrincipalName <User Principal Name> -UsageLocation "US"

8. Assign the A2 Licenses to the user in office 365 using power shell.

 Set-MsolUserLicense -UserPrincipalName <UserPrincipalName> -AddLicenses tests:STANDARDWOFFPACK_STUDENT

9. Update the Immutable ID or Source Anchor in the Office 365

 Set-MsolUserPrincipalName -UserPrincipalName <FederatedDomainUPN> -NewUserPrincipalName <NonFederatedUPN>.

For example Federated Domain UPN is testid@testfed.com and non federated domain is testid@test.onmicrosoft.com

Set-MsolUser -UserPrincipalName <NonFederatedUPN> -ImmutableId <Unique ID> 

Set-MsolUserPrincipalName -UserPrincipalName <NonFederatedUPN>. -NewUserPrincipalName <FederatedDomainUPN>

Office 365 OverallProvisioningStatus : PendingInput

Problem:

1. After assigning the licenses to the user in office 365 and the provisioning status of the user is OverallProvisioningStatus  :  PendingInput

Cause:

The target resource like Exchange Online, Lync, Sharepoint Resource attributes are not synchronized with Office 365 Azure AD.

Solution:

1. Remove the existing licenses to the Office 365 User in office 365 portal or power shell and Wait for   24 hours to De-provision the resources in the target system.
2. Re-Assign the Licenses to the user in Office 365 portal or Power Shell.
3. After assigning the licenses to the user, the issue will be resolved.

SchedulerService API Example

The SchedulerService interface API being used to retrieve, manipulate the schedule task parameters and also execute the schedule task job pro-grammatically in OIM repository as follows:

Pre-Requisite:

Initial Setup.

Please follow the link and setup the OIM client environment to use to create the OIM Objects.


Client Code Setup

SchedulerService  API Usage:

1. Retrieving the Schedule Task Job Parameters.

2. Update the Schedule Task Parameters.

3. Executing the Schedule Task Pro-grammatically. 

4. Retrieving the Job History.

5. Retrieving the Last Job History.

Tasks Needs to be Performed:

1.    Create the OIMClient Handle

OIMClient client= new OIMClient();
client.login(username,password.toCharArray());

2.    Get SchedulerService service object

SchedulerService schedulerService = client.getService(SchedulerService.class);

3.  Retrieving the Schedule Task Job Parameters. 

String scheduleJobName="AD User Target Recon";
JobDetails jobdetails=schedulerService.getJobDetail(scheduleJobName);
HashMap<String, JobParameter> params= jobdetails.getParams();
           

4.  Updating the Schedule Task Parameter. 

String parameterName="Search Filter";
String parameterValue="(objectclass=inetorgperson)";
//Retrieving the Job Parameter Object
JobParameter jobParam= params.get(parameterName);
//Updating the Job Parameter Value in the Object
jobParam.setValue(parameterValue);
params.put(parameterName, jobParam);

//Udating the Schedule Task Parameters in OIM
schedulerService.updateJob(jobdetails);

5.  Executing the Schedule Task. 

// Invoking the Schedule Task

schedulerService.triggerNow(scheduleJobName);

6.  Retrieving the Schedule Job History

        List<JobHistory> history= schedulerService.getHistoryOfJob(jobName);
        if(history != null && !history.isEmpty())
        {
            for (JobHistory jobHistory : history)
            { // Retrieving the Error Data
                System.out.println("Error Data :"+new String(jobHistory.getErrorData() != null ? jobHistory.getErrorData() : "Success".getBytes()));
                try
                {
                   //Retrieving the Error Message
                    Exception exp=jobHistory.getExceptionObject();
                    if(exp != null)
                    {
                       System.out.println("Exception Message :"+.getMessage());
                    }
                   
                } catch (Exception e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            }
        }

7. Retrieving the Schedule Job Last Run History.

        JobHistory  history = schedulerService.getLastHistoryOfJob(jobName);
        if(history != null){
        // Retrieving the Error Data
        System.out.println("Error Data :"+new String(history.getErrorData() != null ? history.getErrorData() : "Success".getBytes()));
        // Exception Message
        System.out.println("Exception Message :"+history.getExceptionObject() != null ? history.getExceptionObject().getMessage() : "Empty");
                   
       }

              

tcFormInstanceOperationsIntf API Example

The tcFormInstanceOperationsIntf inteface API being used to retrieve and manipulate the the Active Directory Process form data and also child data. In my example I have used first name to update data in the AD Process form in OIM, and also Adding, Updating, and Removing group Names in OIM using the process child form as Follows:

Retrieving the Process Parent and Child Form Data, Updating the Parent and Process Child Form Data, Adding the Process Form Child Data, Removing the Process Form Child Data, and Retrieving the Parent and Child Process Form Definition Keys, and Retrieving the Process Form Active Version  in the Oracle Identity Manager repository.

Pre-Requisite:

Initial Setup.

Please follow the link and setup the OIM client environment to use to create the OIM Objects.


Client Code Setup

tcFormInstanceOperationsIntf  API Usage:

Process Form Data Example:

1. Retrieving the Process Form Data,
2. Updating the Process Form Data,

Process Form Child Data Example:

3. Retrieving the Process Form Definition Key,
4. Retrieving the Process Form Active Version,
5. Retrieving the Process Form Child Definition Key,
6. Retrieving the Process Form Child Data,
7. Adding the Process Form Child Data,
8. Updating the Process Form Child Data,
9. Removing the Process Form Child Data.

Tasks Needs to be Performed:

1.    Create the OIMClient Handle

OIMClient client= new OIMClient();
client.login(username,password.toCharArray());

2.    Get tcFormInstanceOperationsIntf service object

tcFormInstanceOperationsIntf formInstanceIntf = client.getService(tcFormInstanceOperationsIntf.class);

Process Form Data Example:

3.  Retrieving the Process Form Data. 

// This Key is Getting from the Process Definition Task 

long processInstanceKey= 123456

tcResultSet trs = formInstanceIntf.getProcessFormData(processInstanceKey);

int count=trs.getRowCount();

for(int i=0;i<count;i++){
                trs.goToRow(i);
 

        String columnNames[] = trs.getColumnNames();
        for (String string : columnNames)
        {
            try {
                System.out.println(string + " - " + trs.getStringValue(string));
            } catch (tcAPIException | tcColumnNotFoundException e)

           {
                e.printStackTrace();
            }
        }
}

4.  Updating the Process Form Data. 

// Updating the Users First Name

String adColumnName="AD_USER_FNAME";

Map updateData=new HashMap();

updateData.put(adColumnName, "Liyaqat");

formInstanceIntf.setProcessFormData(pkey, updateData);

Process Form Child Data Example:

5.  Retrieving the Process Form Definition Key.

long processDefKey = formInstanceIntf.getProcessFormDefinitionKey(processInstanceKey);

6.  Retrieving the Process Form Active Version.

int formActiveVersion=formInstanceIntf.getActiveVersion(processDefKey);

7.  Retrieving the Process Form Child Definition Key.

String childFormName="UD_ADUSRC";
tcResultSet childTrsDef=formInstanceIntf.getChildFormDefinition(processDefKey, formActiveVersion);
int childCount=childTrsDef.getRowCount();
long childDefKey=-1;

for(int i=0;i<childCount;i++)
{
    childTrs.goToRow(i);
    //Retreiving the Child Table Name and Child Table Definition Key
    String tableName=childTrsDef.getStringValue("Structure Utility.Table Name");
    childDefKey = childTrsDef..getLongValue("Structure Utility.Child Tables.Child Key");
    if(tableName.equalsIgnoreCase(childFormName))
    {
       break;
    }
}

8.  Retrieving the Process Form Child Data.

getProcessFormChildData
tcResultSet childTrs=formInstanceIntf.getChildFormDefinition(processDefKey, formActiveVersion);
int childCount=childTrs.getRowCount();
Map<String,Long> childData= new HashMap<String,Long>();
for(int i=0;i<childCount;i++)
{

            childTrs.goToRow(i);
            try 

           {
    String groupName=childTrs.getStringValue("UD_ADUSRC_GROUPNAME");
    long groupKey = childTrs..getLongValue("UD_ADUSRC_KEY");
    childData.put(groupName,groupKey);
            } catch (tcAPIException | tcColumnNotFoundException e)

           {
                e.printStackTrace();
            }
}

9.  Adding the Process Form Child Data.

String groupName="cn=Admin,ou=groups,dc=test,dc=com";
String childColumnName="UD_ADUSRC_GROUPNAME";
Map<String, String> childData= new HashMap<String,String>();
data.put(childColumnName, groupName);
formInstanceIntf.addProcessFormChildData(childDefKey,processInstanceKey,childData);

10.  Updating the Process Form Child Data.

// Updating AD Group Names are not supported by OIM. First you need to remove the existing group Name and add the new group Name.

Supported Option:

 

String updateGroupName="cn=Admin1,ou=groups,dc=test,dc=com";

 If(childData.ContainsKey(groupName))

{

   // Remove the Existing Group Member Ship for the user

   long adGroupKey =   childData.get(groupName);

   formInstanceIntf.removeProcessFormChildData(childDefKey, adGroupKey);

// Adding the  Group Member Ship for the user

Map<String, String> childData= new HashMap<String,String>();
data.put(childColumnName, updateGroupName);
formInstanceIntf.addProcessFormChildData(childDefKey,processInstanceKey,childData);
}

Un-Supported Option:

If using this option, it will only update in the OIM repository and not updated in the target resource. In our example is Active Directory.

 

 If(childData.ContainsKey(groupName))

{

   // Remove the Existing Group Member Ship for the user

   long adGroupKey =   childData.get(groupName);

// Updating the  Group Member Ship for the user in OIM Repository only.

Map<String, String> childData= new HashMap<String,String>();
data.put(childColumnName, updateGroupName);
formInstanceIntf.updateProcessFormChildData(childDefKey,adGroupKey,childData); 

}

11.  Removing the Process Form Child Data.

String removeGroupName="cn=Admin1,ou=groups,dc=test,dc=com";

 If(childData.ContainsKey(removeGroupName))

{

   // Remove the Existing Group Member Ship to the the user in OIM and also target resource

   long adGroupKey =   childData.get(groupName);

   formInstanceIntf.removeProcessFormChildData(childDefKey, adGroupKey);

}