Unable to perform Exchange Online management actions using ADManager Plus

Unable to perform Exchange Online management actions using ADManager Plus

Issue description   

ADManager Plus simplifies Exchange Online management by providing a centralized platform to perform essential administrative tasks. Administrators can create, modify, or delete mailboxes, configure mailbox features, set permissions, and apply retention policies for mailboxes. They can also manage mailbox visibility, forwarding rules, storage limits, audit settings, and more. These capabilities streamline routine operations, enhance security, and ensure compliance, all from a single interface.  

However, users may sometimes encounter failures when performing these actions, such as errors during mailbox creation, modification, or configuration of settings like delegation, retention, or auditing. Such issues can disrupt administrative workflows and delay essential tasks, requiring prompt troubleshooting to restore full functionality.

Possible causes   

NotesNote: Steps 1 to 3 apply only to builds below 8010. It is recommended to upgrade to ADManager Plus build 8010 or later for improved Exchange Online connectivity and security compliance.

  1. Missing Exchange Online PowerShell module: The required module is not installed on the ADManager Plus server.

  2. Service account lacks Exchange admin permissions: The account does not have the Exchange administrator permissions to manage Exchange Online.

  3. Service account has Multi-Factor Authentication (MFA) enabled: MFA can block automated connections; an exclusion may be required.

  4. API permissions in App Registration are insufficient: Missing permissions in Entra ID App Registration.

  5. Connectivity issues: The server is unable to establish a connection with Exchange Online.

  6. Firewall restrictions: Network restrictions are blocking access to necessary Microsoft endpoints.

  7. Outdated or incorrect PowerShell version: Using an unsupported version of PowerShell may cause connection failures.

Prerequisites  

Before proceeding, ensure:

  • The service account has an Exchange administrator.

  • PowerShell 5.1 or later is installed on the ADManager Plus server.

  • An active internet connection is available for connecting to Exchange Online.

Resolution   

Follow these steps to troubleshoot and resolve the issue.

Step 1: Verify Microsoft 365 configuration

  1. Log in to ADManager Plus as an admin.

  2. Navigate to Directory/Application settings > Microsoft 365.

  3. Verify the configuration page for any password or certificate error.

  4. If the credentials are incorrect or expired, update them and save the changes.

Step 2: Ensure the Exchange Online PowerShell module is installed   

To troubleshoot Exchange Online management issues, confirm that the Exchange Online PowerShell module is properly installed and configured by following these steps:

  1. Check for module installation: Open PowerShell as administrator and run:

    • Get-Module ExchangeOnlineManagement -ListAvailable

  2. Install the module if missing: If the module is not found, install it using:

    • Install-Module ExchangeOnlineManagement -Force

  3. Confirm installation: Verify the installation by running:

    • Get-Module ExchangeOnlineManagement -ListAvailable

  4. Restart ADManager Plus: Once verified, restart the ADManager Plus service to apply changes and retry the Exchange Online operation.

Step 3: Verify service account Exchange admin permissions  

  1. Sign in to the Microsoft 365 admin center.

  2. Navigate to Roles > Admin roles.

  3. Ensure the service account has the Exchange administrator role.

  4. If missing, assign the required role and save the changes.

Step 4: Run Connect-ExchangeOnline to verify connectivity  

  1. Open PowerShell as an administrator and run:

  2. If prompted, enter the credentials.

  3. If the connection fails, verify the firewall rules and service availability.

  4. Refer to the official Microsoft 365 firewall requirements and allow the listed domains.

 Tips 

  • Set up an Entra ID application with API permissions to bypass MFA issues.

  • Check the Microsoft 365 service health dashboard for outages before troubleshooting.

  • Allow necessary Microsoft endpoints in the firewall to prevent connectivity issues.

How to reach support 

If the issue persists, contact our support team here

                  New to ADSelfService Plus?