Introducing the Exchange Recipient Admin Center

Microsoft released Exchange Server 2019 Cumulative Update 12, which allows you to remove your last Exchange Server so that you can run Active Directory with Azure AD Connect and manage Exchange-related attributes in a supported way.

However, because the user interface, the Exchange Admin Center, is part of Exchange Server, it means that the management tools are PowerShell-only. Knowing that not everyone prefers to manage their Exchange-related attributes with PowerShell scripts, I developed an open source GUI to help you manage your mailboxes.

Called the Exchange Recipient Admin Center (ERAC), it’s a free, open source GUI that uses the new cmdlets under the hood, and is designed to run locally for you on-demand when you need it. For the first release it is primarily designed for companies with less than 200 mailboxes. But first, let me set the stage.

Preparing for your post-Exchange Active Directory

For as long as you run Azure AD Connect to synchronize your AD users to Azure AD, and therefore Microsoft 365 and Exchange Online, you are running in a hybrid identity state. This means that the master of your Exchange Online mailbox attributes is the local Active Directory.

Microsoft requires Exchange-related attributes to be set and managed properly so that they can support you if there are issues. Until recently, this meant that you needed to run an Exchange Server on-premises to manage the Exchange Online mailboxes, distribution groups, contacts and other associated items (like email address policies). The changes you make using the Exchange Server on-premises would be stored in the local AD, then Azure AD Connect synchronizes them to the cloud. Managing the attributes directly using AD tools like ADSIEDIT risks potential issues, and as such, remains unsupported.

Exchange Server 2019, Cumulative Update 12 (and above) allow for the installation of just the Management Tools, and also allow you to permanently remove (not uninstall) your last Exchange Server 2019. And, if you are building out a new greenfield environment that includes Active Directory and Azure AD Connect, you can now extend the schema and prepare the AD forest for Exchange attributes, but then only install the management tooling.

The management tooling itself is only a subset of recipient management tools designed for use after migrating from Exchange your last mailboxes to Exchange Online. The tooling is designed for managing remote mailboxes, distribution groups, mail contacts, accepted domains and email address policies.

Removing the last on-premises Exchange Server isn’t for everyone though. Even if you moved all your mailboxes to Exchange Online, you are likely to keep one or more Exchange Servers for ongoing SMTP mail relay for legacy on-premises application servers, at least for now. If you aren’t sure whether you can remove your last Exchange Server yet, read more about removing the last Exchange Server.

Register here for TEC 2022 and gain more essential info about removing the last Exchange Server during a session hosted by Jeff Guillet.

If you are happy to remove the last Exchange Server, but managing recipients solely using PowerShell isn’t for you, and you’d prefer to have a GUI, then I hope you’ll find the Exchange Recipient Admin Center useful.

The ERAC is written in PowerShell, so you can check what it will do, but you don’t have to employ PowerShell to use it.

First, a word of warning: Because the ERAC is local-only, it runs as the user you would run the Exchange recipient management tools as. Once you launch it, it launches a local web browser for access and doesn’t require a login. Therefore, do not run this on a shared VDI environment or leave it running on any multi-user machine. It is not designed as a secure web server, so if you want to run a network-accessible server with a web-based interface for Exchange Management: keep running Exchange Server 2019.

If all this sounds good and you want to test the first version either clone or download the ZIP and extract from the GitHub site:

Exchange Recipient Admin Center on GitHub

Pre-Requisites

To use the ERAC, you must have followed Microsoft’s instructions to install the standalone Exchange Management Tools for managing recipients in Exchange Online, released as part of Exchange Server 2019 CU12. You then must be signed in as (or launch the script as) a user who’s a member of the Recipient Management EMT security group in AD.

The tool itself doesn’t require any additional software, so you can simply right-click and run the PowerShell script. Like many PowerShell scripts, you might need to unblock the file first.

A New Tool to Manage Exchange-related Attributes Without Exchange Server
Figure 1: Launching the Exchange Recipient Admin Center

When you launch the ERAC, it creates a localhost-only web server on a random high port. It is written in PowerShell, loosely based upon the PowerShell Web Server project and uses the open-source Bootstrap front-end toolkit.

The ERAC is designed with a familiar interface so it will be familiar if you use the new Exchange Admin Center in Microsoft 365:

Exchange-related attribute management UI
Figure 2: The ERAC home page

The ERAC user interface is designed to give you access to the new management cmdlets, with sections for managing remote mailboxes, distribution groups, contacts, email address policies and accepted domains.

For remote mailbox management, the initial version allows you to view recipients, accepted domains and email address properties, enable new remote mailboxes for existing AD users, and shortly, manage existing remote mailboxes. For new AD users, continue to use Active Directory Users and Computers, then enable the new user as a Remote Mailbox in the ERAC.

ERAC tooling
Figure 3: Remote Mailbox management and enabling new users for Exchange Online

The concept is repeated across each section. You have the ability to view objects across each, and shortly, enable existing AD contacts as mail contacts and manage groups, accepted domains and email address policies.

Exchange-related attribute management for removing the last Exchange Server 2019
Figure 4: Additional recipient and configuration sections, aligned to recipient management cmdlets

Because this is the first release, expect more features in the near future.

You can report issues and make feature requests via my GitHub repo or in the comments below.

On my initial list for upcoming features:

  • Moving the web-based UI to a local app, using Electron (like Teams does today) or WebView2 to remove the need to run a web server using PowerShell.
  • Adding controls for result size, search/filtering and pagination to Remote Mailbox, Distribution Group and Contact management sections
  • Adding the ability to create and delete AD users, if you have permissions to do so.
  • Adding a configuration file to store customizations, such as pagination and maximum results or default OUs for object creation.
  • Adding the ability to see the “What If” result of an action
  • Adding an EAC-style PowerShell cmdlet log to help you learn what cmdlets to use
  • Adding in the ability to connect to Exchange Online as part of initialization, so you can see the combined results, manage cloud-side configuration such as permissions and client access settings, and see when a change is replicated to Exchange Online

Feel free to me know which of those you’d find most useful; and add a comment below if you find the Exchange Recipient Admin Center tool useful.

Register here for TEC 2022 and gain more essential info about removing the last Exchange Server during a session hosted by Jeff Guillet.

About the Author

Steve Goodman

Chief Editor for Audio and Video Content and Technology Writer for Practical 365, focused on Microsoft 365. A nine-time Microsoft MVP, author of several Exchange Server books and regular conference speaker, including at Microsoft conferences including Ignite, TechEd and Future Decoded. Steve has worked with Microsoft technology for over 20 years beginning and has been writing about Exchange and the earliest iterations of Office 365 since its inception. Steve helps customers plan their digital transformation journey and gets hands on with Microsoft Teams, Exchange and Identity projects.

Comments

  1. RichardA

    Could you please add a section for Requirements before installing this tool??
    E.G is Exchange 2019 CU12 already installed a requirement?
    Any minimum requirements for the install, E.G PowerShell 7, .NET xx, minimum memory, disk space?
    Minimum schema version?
    Thanks very much for the great tool. Microsoft should buy it from you and provide support in the future.

    1. Steven Goodman

      The minimum requirements are outlined in Microsoft’s documentation. I’ll update the article to make that clear in a few minutes.

      Memory & Disk Space are minimal – the tool is a PowerShell script and HTML, JS and CSS files to show the UI. However the pre-reqs from Microsoft require you to have a particular schema level.

      It will always be a free tool – I wrote it to complement the PowerShell cmdlets Microsoft have created so they have done the “hard work”.

  2. Chris

    Hi,
    This tool looks very interesting. We removed our last Exchange server many years ago after we migrated all of our mailboxes to 365. Also, at that time we installed Azure AD Connect and we still use that today for syncing users, groups, passwords, password writebacks, etc. Further, we manage user attributes within Users and Computers (attr. editor) from time to time (which I’m assuming has been in an unsupported way). BTW, we do not have the Recipient Management EMT security group in our environment. With all this said…would we be a good candidate for this tool?

    1. Steven Goodman

      The Microsoft “supported” management tools that were recently released, so that you can safely remove the last Exchange Server, are needed to use this – it doesn’t run without them.

      I think a follow up on “how to install the supported management tools if you removed your last Exchange Server already” might be in order, so you can get the pre-requisites in place.

  3. Al

    Thank you for sharing this great tool!

  4. TomS

    Thanks for all your hard work. I haven’t tested this out yet but i was wondering if you built into your tools a way to see what PS command is being executed when completing a task? That becomes very helpful when trying to learn PS.

    1. Steve Goodman

      Hi Tom,

      On the list at the moment is an equivalent to the cmdlet logging in Exchange, so the cmdlet used is shown and recorded. I’d aim to have this available in the next week or two, as I think it’s extremely important to be able to easily see what cmdlets a free tool like this execute anyway.

      Steve

  5. Ulrik Andreassen

    Suggestion:
    It is not possible to enable-remotemailbox on a AD account that is disabled (not shown in the AD user list), fx for disabled accounts for SharedMailboxes.
    It would be nice to be able to do that.

    1. Steve Goodman

      At the moment it is intentionally filtering out disabled users – in the next update the option to enable/determine if it should be a shared mailbox will be included.

  6. Ulrik Andreassen

    Great work Steve! 🙂
    When clicking on a RemoteMailbox, I get this:

    Page GET /editremotemailbox not found

    1. Steve Goodman

      Hiya,

      I’ve taken the edit mailbox attribute UI out temporarily to re-factor the code – so the next update, before Monday, will include this.

      Steve

      1. Glenn

        Great work Steve! 🙂
        When clicking on a RemoteMailbox, I still get this:

        Page GET /editremotemailbox not found

      2. St.Th.

        Hello Stive,

        is there a timeframe in which you add the missing componenent?

  7. Sampson Anim

    Excellent job. You have lifted heavy burden on me and all others out there. Thank you for the contribution with this exciting tool. My question is, my last exchange was decomm year ago, can I still stage a new 2019 server and use the tool?

    1. Steve Goodman

      I would be careful – read the instructions from Microsoft on how to decom the last server and check you don’t need Microsoft support first, before you re-install. Certainly in a new forest you can though.

  8. Sampson Anim

    Excellent job Steven. Thank you for the hardwork and driving this community with exciting tools for non technical admins. My last exchange server is 2013 that is leveraging smtp relay, is it advisable to stage a new 2019 server for smtp relay with management shell, use the tool and decomm the 2013 server?

    1. Steve Goodman

      Yes – the instructions from Microsoft on doing this should allow that to happen; but obviously this requires a schema update so there may be implications on adding, say, Exchange 2016 (I haven’t double checked if that applies in this situation) at a later date.

  9. Andy L

    Hi,

    when I have just removed and uninstalled my last Exchange Server (about 1 year ago), is possible to install Exchange Management Tools 2019 CU12 only and use the tool.

    When I’ m launching the installation wizard is asking for Exchange Organization proposing “First Organization”

    Regards
    Andy

    1. Steve Goodman

      Hiya,

      Microsoft have specifically stated *not* to uninstall the last Exchange Server – there are now specific instructions to remove it.

      Whilst it is possible to prepare the AD, the impact could cause issues for your existing user objects with Exchange attributes. I would certainly call Microsoft for support (yes, I know it’s an unsupported state) as I know you won’t be the only person in this situation.

      Steve

  10. Andres Sichel

    Thanks for this great work!

  11. Stylianos Thoma

    Very nice, Thank you!

  12. Frank Carius

    Great work.

    I expected, that it would only take a few week for somebody to write a nice small UI for all the Admins, who are not happy with the PowerShell Management. Especially for smaller companies.
    Many thanks for your work and contribution to the Exchange community.

    1. Steve Goodman

      Thanks Frank !

  13. Jeremy B

    Very nice! Thanks for this.

Leave a Reply