Introducing the Exchange Recipient Admin Center
Microsoft released Exchange Server 2019 Cumulative Update 12, which allows you to remove your last Exchange Server so that you can run Active Directory with Azure AD Connect and manage Exchange-related attributes in a supported way.
However, because the user interface, the Exchange Admin Center, is part of Exchange Server, it means that the management tools are PowerShell-only. Knowing that not everyone prefers to manage their Exchange-related attributes with PowerShell scripts, I developed an open source GUI to help you manage your mailboxes.
Called the Exchange Recipient Admin Center (ERAC), it’s a free, open source GUI that uses the new cmdlets under the hood, and is designed to run locally for you on-demand when you need it. For the first release it is primarily designed for companies with less than 200 mailboxes. But first, let me set the stage.
Preparing for your post-Exchange Active Directory
For as long as you run Azure AD Connect to synchronize your AD users to Azure AD, and therefore Microsoft 365 and Exchange Online, you are running in a hybrid identity state. This means that the master of your Exchange Online mailbox attributes is the local Active Directory.
Microsoft requires Exchange-related attributes to be set and managed properly so that they can support you if there are issues. Until recently, this meant that you needed to run an Exchange Server on-premises to manage the Exchange Online mailboxes, distribution groups, contacts and other associated items (like email address policies). The changes you make using the Exchange Server on-premises would be stored in the local AD, then Azure AD Connect synchronizes them to the cloud. Managing the attributes directly using AD tools like ADSIEDIT risks potential issues, and as such, remains unsupported.
Exchange Server 2019, Cumulative Update 12 (and above) allow for the installation of just the Management Tools, and also allow you to permanently remove (not uninstall) your last Exchange Server 2019. And, if you are building out a new greenfield environment that includes Active Directory and Azure AD Connect, you can now extend the schema and prepare the AD forest for Exchange attributes, but then only install the management tooling.
The management tooling itself is only a subset of recipient management tools designed for use after migrating from Exchange your last mailboxes to Exchange Online. The tooling is designed for managing remote mailboxes, distribution groups, mail contacts, accepted domains and email address policies.
Removing the last on-premises Exchange Server isn’t for everyone though. Even if you moved all your mailboxes to Exchange Online, you are likely to keep one or more Exchange Servers for ongoing SMTP mail relay for legacy on-premises application servers, at least for now. If you aren’t sure whether you can remove your last Exchange Server yet, read more about removing the last Exchange Server.
Cybersecurity Risk Management for Active Directory
Discover how to prevent and recover from AD attacks through these Cybersecurity Risk Management Solutions.
Exchange-related attribute management: The Exchange Recipient Admin Center (ERAC)
If you are happy to remove the last Exchange Server, but managing recipients solely using PowerShell isn’t for you, and you’d prefer to have a GUI, then I hope you’ll find the Exchange Recipient Admin Center useful.
The ERAC is written in PowerShell, so you can check what it will do, but you don’t have to employ PowerShell to use it.
First, a word of warning: Because the ERAC is local-only, it runs as the user you would run the Exchange recipient management tools as. Once you launch it, it launches a local web browser for access and doesn’t require a login. Therefore, do not run this on a shared VDI environment or leave it running on any multi-user machine. It is not designed as a secure web server, so if you want to run a network-accessible server with a web-based interface for Exchange Management: keep running Exchange Server 2019.
If all this sounds good and you want to test the first version either clone or download the ZIP and extract from the GitHub site:
Exchange Recipient Admin Center on GitHub
Pre-Requisites
To use the ERAC, you must have followed Microsoft’s instructions to install the standalone Exchange Management Tools for managing recipients in Exchange Online, released as part of Exchange Server 2019 CU12. You then must be signed in as (or launch the script as) a user who’s a member of the Recipient Management EMT security group in AD.
The tool itself doesn’t require any additional software, so you can simply right-click and run the PowerShell script. Like many PowerShell scripts, you might need to unblock the file first.
When you launch the ERAC, it creates a localhost-only web server on a random high port. It is written in PowerShell, loosely based upon the PowerShell Web Server project and uses the open-source Bootstrap front-end toolkit.
The ERAC is designed with a familiar interface so it will be familiar if you use the new Exchange Admin Center in Microsoft 365:
The ERAC user interface is designed to give you access to the new management cmdlets, with sections for managing remote mailboxes, distribution groups, contacts, email address policies and accepted domains.
For remote mailbox management, the initial version allows you to view recipients, accepted domains and email address properties, enable new remote mailboxes for existing AD users, and shortly, manage existing remote mailboxes. For new AD users, continue to use Active Directory Users and Computers, then enable the new user as a Remote Mailbox in the ERAC.
The concept is repeated across each section. You have the ability to view objects across each, and shortly, enable existing AD contacts as mail contacts and manage groups, accepted domains and email address policies.
Because this is the first release, expect more features in the near future.
You can report issues and make feature requests via my GitHub repo or in the comments below.
On my initial list for upcoming features:
- Moving the web-based UI to a local app, using Electron (like Teams does today) or WebView2 to remove the need to run a web server using PowerShell.
- Adding controls for result size, search/filtering and pagination to Remote Mailbox, Distribution Group and Contact management sections
- Adding the ability to create and delete AD users, if you have permissions to do so.
- Adding a configuration file to store customizations, such as pagination and maximum results or default OUs for object creation.
- Adding the ability to see the “What If” result of an action
- Adding an EAC-style PowerShell cmdlet log to help you learn what cmdlets to use
- Adding in the ability to connect to Exchange Online as part of initialization, so you can see the combined results, manage cloud-side configuration such as permissions and client access settings, and see when a change is replicated to Exchange Online
Feel free to me know which of those you’d find most useful; and add a comment below if you find the Exchange Recipient Admin Center tool useful.
Hello, any updates on this tool? thanks
There is a dev branch in github. looks to be some activity…we all are crossing fingers!
last comment is from over 2 years. Definitely looks as though this project is now dead.
It had potential but I can understand work commitments would take priority.
I wonder if it is still valid to use this original implementation, or has too much changed / too much time passed. (Ie. we are just now starting to process the hell that is migrating to powershell7…)
All:
We at Practical365.com would very much like to see progress with this tool. However, the author’s attention has been taken by other matters and they haven’t been able to dedicate any time to fixing the reported bugs. This happens with software…
My advice is to master PowerShell. You’ll need it elsewhere and it’s a great skill to have.
TR
The Real Person!
The Real Person!
I just installed it, it does install but only partially works, it does work to “Enable a remote Mailbox” for a user in AD. Would be nice if it would show and allow to add or remove users from Distribution Groups.
Hi Steve, I have an environment with AADConnect, all mailboxes in the cloud, the local AD prepped with the admin tools for managing recipients. There has never been an on-premises Exchange server. Extended the AD schema when I installed the management tools.
Instead of using PowerShell to connect on-premises AD accounts to their cloud mailboxes, I was hoping to use ERAC.
Running Enable-RemoteMailbox correctly connects the local account to the cloud mailbox and populates the relevant AD properties. Management with PowerShell cmdlets works well. ERAC, however, doesn’t show any of the local accounts (and cloud accounts to that matter) in any of its modules/categories/not-sure-what-to-call-them.
The tools and ERAC are installed on a domain controller.
What might be the problem?
Thanks,
Zoltan
This is an absolutely incredible tool – and the vision is solid! A few bugs should be expected – which would also prompt users to get under the hood and learn some things for themselves as well 🙂 Thank you for such a great tool that really opens up some great possibilities – and all the hard work going into the tool!
Bugs? Most of the needed functionality does not work (nor has it ever worked). Do not mislead admins into thinking this is a solution.
Too bad the main thing does not work (remote mailboxes), seems like Steve has abandoned this project. 🙁
Man I’m so sad this thing just doesn’t work at all. I guess Exchange had changes under the hood and the project got abandoned. Back to PowerShell and attribute editing. Sigh.
Steve has been busy with other commitments. It happens – life has a habit of becoming more complex at times.
Thanks Steve for the great work on this! Unfortunately I am still seeing the “Page GET /editremotemailbox not found” message when attempting to edit properties of a remote mailbox. Any chance of getting some attention on this issue? Right now this is a really interesting and compelling solution that is missing basic functionality. I (and others) would really appreciate any assistance here.
The editremotemailbox page (and most others) were never included in the files so it doesn’t work.
I have seen mention that this is being worked on but more than a year and no changes.
There have been posts stating “it’s in powershell so you can update it yourself” but the files are completely missing so there is nothing to update.
Hi Steve,
im still getting “Page GET /editremotemailbox not found”
Cheers,
Tom
Any update on this Steve?
Same here. Getting “Page GET /editremotemailbox not found”
I continue to experience the same issue.
thanks alot of informtion goodjobs….
I’ve tried running this from a Windows Server 2019 box, as well as my personal Windows 10 box. I get the following errors along with many similar ones which I have not seen mentioned here. Any idea why?
At C:\temp\Start-ExchangeRecipientAdminCenter.ps1:204 char:17
+ Sign up
+ ~
The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double
quotation marks (“&”) to pass it as part of a string.
At C:\temp\Start-ExchangeRecipientAdminCenter.ps1:209 char:209
+ … k Button–medium Button d-lg-none color-fg-inherit p-1″> <span cla …
+ ~
The '<' operator is reserved for future use.
At C:\temp\Start-ExchangeRecipientAdminCenter.ps1:427 char:13
+ CI/CD & Automation
+ ~
Never mind, it’s how I saved the powershell script.
Is this project dead?
No. But Steve’s busy. And because the project code is in PowerShell, you can update it yourself…
When I click on one of remote recipient I receive “Page GET /editremotemailbox not found”.
Any solutions?
Thank you very much
If there is only one Exchange Server and ERAC is installed on that one, does that mean that the Exchange Server cannot be deleted?
Will ERAC be installed on other servers?
Hi Steve,
Thanks for sharing this en the contribution to the Exchange community.
Is there going to be an updated release so aliases can be edited, just curious!
Can I implement the ERAC tool in an Exchange 2016-only environment?
Hey Steve,
Very nice work! When will there be a ‘new’ version released for this?
When I click on one of remote recipient I receive “Page GET /editremotemailbox not found”.
What about other/extra functionalities?
Thanks a lot!
Kind regard,
Arno
Hi Steve,
Any idea if we can install the Exchange management tools on a second server? We have an automation server, running the onboarding script, and we are unable to call commands remotely from this server on the server where EMT are currently installed.
Thanks in advance!
We migrated from Exchange 2010 to Exchange Online years ago. The Exchange 2019 installer doesn’t list installing from Exchange 2010 as supported. DO you have any suggestions for our situation?
I just completed the same migration here. You will have to upgrade your 2010 to 2013 or 2016 before you can do the 2019 bit.
If I click on one of remote recipient I receive here Page GET /editremotemailbox not found
Thanks – I will be updating – I’ve returned from holiday and will be looking at it.
Hi Steve I have the tools installed and your code, getting the same error as the others I have Exchange 2016 Hybrid and cant get at my mailboxes as the ECP is damaged so this would be a big help.
Is there any update on the Page GET /editremotemailbox not found error and Distribution lists not opening.
Thanks,
It gives me the error “Page GET /editremotemailbox not found” when I click on a Remote Mailbox on each component that I click.
Thanks – I will be updating – I’ve returned from holiday and will be looking at it.
Very nice! but same here, open manage Remote mailboxes gives a nice list og al users, but when click on the name I receive: Page GET /editremotemailbox not found
localhost:xxxx/editremotemailbox?id=email@domain.com
Thanks – I will be updating – I’ve returned from holiday and will be looking at it.
It gives me the error “Page GET /editremotemailbox not found” when I click on a Remote Mailbox
same here Page GET /editremotemailbox not found
Thanks – I will be updating – I’ve returned from holiday and will be looking at it.
Excellent work Steve! I have been waiting for a solution like this for a long time! Specifically I am interested in the Distribution Group area, but whilst everything is displayed perfectly, I seem unable to press either of the buttons at the top, or view the details of any particular group. Are these features unfinished, or is there a problem? I also need to update the Accepted domains, but am unable to click that button either.
The silence on the comments here is deafening… Has this been abandoned? If so it would be great to know so somebody else can look to fill in the gaps…
Feel free to fill gaps. The code is there for everyone to play with. I think Steve Goodman has been busy recently… and hey, it’s the summer, so everyone’s entitled to some downtime.
As Tony says – I have been busy for a few weeks – as it’s only been available for a month rest assured it is not abandoned and is top of my list for projects I am working on!
Steve, does this only work if you were in Exchange Hybrid mode and migrated mailboxes using Migration Batches within Exchange to EOL? We have many clients that have migrated using SkyKick, BitTitan, etc. We have AD Sync running for passwords. We have even installed Hybrid mode AFTER the fact. The current EAC on the On-Premises Exchange Server still shows all the users as USER and not OFFICE365 (that it would show from a migration move). So the new Recipient Admin Center doesn’t show the remote users that are in O365. What are your thoughts
Hi Adam,
It has no relationship to whether you migrated mailboxes using Hybrid. However, it does expect that you enabled the correct attributes.
As it’s using the new Exchange recipient admin cmdlets (which are a subset of existing Exchange cmdlets) then it could be that I’ve made an assumption you would set up the mailboxes as Remote Mailboxes; but if they are Mail Users, this could be why they are not showing. Are you able to manage recipients using the Mail User cmdlets in these environments?
Steve
This is great! For this to be really useful for our techs though we really need the ability to manage alias addresses against remote mailboxes, but from previous comments I can see this functionality was removed. Steve, is this coming back in soon or has this project been abandoned? I could try and code this up myself but don’t want to reinvent the wheel if you’re already on top of it.
It’s not been abandoned – it’s a new project, but I haven’t had time over the last few weeks to make changes as I need to build out a larger environment to cover off some scenarios people have raised (such as if they didn’t have a Hybrid server before a migration) which has taken some time.
So nice to see this. Big thank you to MS and yourself for getting us a step closer to not requiring a full-blown Exchange server on-prem.
We are still on 2016 Hybrid. We never moved to 2019 because it does not include a free hybrid license and we didn’t see the sense in paying for a license. Can we install just the 2019 management tools somewhere to get this functionality or is a license still required?
Thanks again!
As part of these changes from Microsoft the Exchange 2019 “free Hybrid license” became available, too, so yes.
hi,
how we can edit current users are showing (remote Mailbox) and there is no option showing to create new mailbox in remote or edit current mailbox.
Hiya – there should be – I will double check this
when edit remote mailbox
getting below error
Page GET /editremotemailbox not found
Thanks, is that consistent every time?
Could you please add a section for Requirements before installing this tool??
E.G is Exchange 2019 CU12 already installed a requirement?
Any minimum requirements for the install, E.G PowerShell 7, .NET xx, minimum memory, disk space?
Minimum schema version?
Thanks very much for the great tool. Microsoft should buy it from you and provide support in the future.
The minimum requirements are outlined in Microsoft’s documentation. I’ll update the article to make that clear in a few minutes.
Memory & Disk Space are minimal – the tool is a PowerShell script and HTML, JS and CSS files to show the UI. However the pre-reqs from Microsoft require you to have a particular schema level.
It will always be a free tool – I wrote it to complement the PowerShell cmdlets Microsoft have created so they have done the “hard work”.
Hi,
This tool looks very interesting. We removed our last Exchange server many years ago after we migrated all of our mailboxes to 365. Also, at that time we installed Azure AD Connect and we still use that today for syncing users, groups, passwords, password writebacks, etc. Further, we manage user attributes within Users and Computers (attr. editor) from time to time (which I’m assuming has been in an unsupported way). BTW, we do not have the Recipient Management EMT security group in our environment. With all this said…would we be a good candidate for this tool?
The Microsoft “supported” management tools that were recently released, so that you can safely remove the last Exchange Server, are needed to use this – it doesn’t run without them.
I think a follow up on “how to install the supported management tools if you removed your last Exchange Server already” might be in order, so you can get the pre-requisites in place.
Thank you for sharing this great tool!
Thanks for all your hard work. I haven’t tested this out yet but i was wondering if you built into your tools a way to see what PS command is being executed when completing a task? That becomes very helpful when trying to learn PS.
Hi Tom,
On the list at the moment is an equivalent to the cmdlet logging in Exchange, so the cmdlet used is shown and recorded. I’d aim to have this available in the next week or two, as I think it’s extremely important to be able to easily see what cmdlets a free tool like this execute anyway.
Steve
Suggestion:
It is not possible to enable-remotemailbox on a AD account that is disabled (not shown in the AD user list), fx for disabled accounts for SharedMailboxes.
It would be nice to be able to do that.
At the moment it is intentionally filtering out disabled users – in the next update the option to enable/determine if it should be a shared mailbox will be included.
Great work Steve! 🙂
When clicking on a RemoteMailbox, I get this:
Page GET /editremotemailbox not found
Hiya,
I’ve taken the edit mailbox attribute UI out temporarily to re-factor the code – so the next update, before Monday, will include this.
Steve
Great work Steve! 🙂
When clicking on a RemoteMailbox, I still get this:
Page GET /editremotemailbox not found
Hello Stive,
is there a timeframe in which you add the missing componenent?
Excellent job. You have lifted heavy burden on me and all others out there. Thank you for the contribution with this exciting tool. My question is, my last exchange was decomm year ago, can I still stage a new 2019 server and use the tool?
I would be careful – read the instructions from Microsoft on how to decom the last server and check you don’t need Microsoft support first, before you re-install. Certainly in a new forest you can though.
Excellent job Steven. Thank you for the hardwork and driving this community with exciting tools for non technical admins. My last exchange server is 2013 that is leveraging smtp relay, is it advisable to stage a new 2019 server for smtp relay with management shell, use the tool and decomm the 2013 server?
Yes – the instructions from Microsoft on doing this should allow that to happen; but obviously this requires a schema update so there may be implications on adding, say, Exchange 2016 (I haven’t double checked if that applies in this situation) at a later date.
Hi,
when I have just removed and uninstalled my last Exchange Server (about 1 year ago), is possible to install Exchange Management Tools 2019 CU12 only and use the tool.
When I’ m launching the installation wizard is asking for Exchange Organization proposing “First Organization”
Regards
Andy
Hiya,
Microsoft have specifically stated *not* to uninstall the last Exchange Server – there are now specific instructions to remove it.
Whilst it is possible to prepare the AD, the impact could cause issues for your existing user objects with Exchange attributes. I would certainly call Microsoft for support (yes, I know it’s an unsupported state) as I know you won’t be the only person in this situation.
Steve
Thanks for this great work!
Very nice, Thank you!
Great work.
I expected, that it would only take a few week for somebody to write a nice small UI for all the Admins, who are not happy with the PowerShell Management. Especially for smaller companies.
Many thanks for your work and contribution to the Exchange community.
Thanks Frank !
Very nice! Thanks for this.