Recently I has a customer who suffered a bit of an on-premises outage after moving to Office 365. At the time of the outage the customer was using ADFS and DirSync for their Exchange Online mailboxes, and they ended up losing ADFS and DirSync. I was not involved in the recovery from this outage, but they ended removing ADFS via Convert-MsolDomainToStandard and living with a non-functional DirSync server for some time. Because of the non-functional DirSync server, they ended up creating about a dozen users directly on the Office 365 portal. These dozen users did not have corresponding on-premises AD accounts while all their other users did. A couple of months after the original outage this customer came to me and asked how to get all their users back to using accounts sync’d from their on-premises AD using password sync. After a bit of struggle, here is what we came up with...
Collect information regarding the mailbox, confirm and purge the soft deleted user from the Recycle bin, resulting in the cloud mailbox being disconnected
Run: Get-Mailbox -SoftDeletedMailbox -Identity <alias> | fl Name, Guid >old_mailbox.txt
Run: Get-MsolUser -ReturnDeletedUsers -UserPrincipalName <upn of cloud user>
Run: Remove-MsolUser -RemoveFromRecycleBin -UserprincipalName <upn of cloud user>
Create a new cloud only mailbox user with the proper domain.onmicrosoft.com address and matching domain.com address, then create the on prem user account and dirsync.
Run: New-Mailbox -Name <displayname> -RemovedMailbox <Guid value from Step 8> -MicrosoftOnlineServicesID <firstname.lastname@example.org> -Password (ConvertTo-SecureString -String 'passw0rd' -AsPlainText -Force)
Wait for cloud user object to show up in the Microsoft Online Portal
Get Properties of new cloud account, go to Licenses, and assign a license.
Go to the More tab, click on 'Change mailbox settings'
Expand E-Mail Options, add the email address which will match the primary SMTP address on the on-premise account object
Create the on premise mail user or remote mailbox user account on premises with the matching SMTP address
Run Dirsync, soft matching will link the on premise account with the cloud created user account.
If ADFS is not in place, reset the cloud user's account to match the on premise AD account password.