-
Notifications
You must be signed in to change notification settings - Fork 247
Find Name Conflict ‐ Shared Mailbox Diagnostic Tool
The find-name-conflict.ps1 script is an ultra-deep diagnostic tool designed to identify why a mailbox name or alias cannot be created in Exchange Online. It performs an exhaustive search across Exchange Online and Azure AD to find any conflicting objects that may be blocking mailbox creation.
Script: find-name-conflict.ps1
Version: 2.0
Author: CIAOPS
Date: October 14, 2025
Source: https://github.com/directorcia/ciaops
When attempting to create a shared mailbox in Exchange Online, you may encounter this error:
"The name is already being used. Please try another name."
This error occurs even when you can't find any obvious conflicts. This script performs a comprehensive scan to identify the hidden conflict.
- PowerShell 5.1 or later
- ExchangeOnlineManagement module installed
- Exchange Administrator role, or
- Global Administrator role
- Active connection to Exchange Online (script will attempt to connect if not already connected)
- Internet connectivity to Microsoft 365 services
- Valid tenant credentials
If not already installed:
Install-Module -Name ExchangeOnlineManagement -Force -AllowClobberDownload find-name-conflict.ps1 from the CIAOPS repository.
| Parameter | Type | Required | Description |
|---|---|---|---|
SearchName |
String | No | The name/alias you're trying to create (e.g., 'treasurer', 'sales', 'info'). If not provided, you'll be prompted interactively. |
DomainName |
String | No | Your organization's domain name (e.g., 'contoso.com'). Used for generating suggested email addresses. If not provided, you'll be prompted (or it will auto-detect from Exchange Online). |
Run the script without parameters and follow the prompts:
.\find-name-conflict.ps1You will be prompted to enter:
- The name/alias you're trying to create
- Your domain name (or it will auto-detect)
Specify both the search name and domain:
.\find-name-conflict.ps1 -SearchName "treasurer" -DomainName "contoso.com"Specify just the search name and let it prompt for or auto-detect the domain:
.\find-name-conflict.ps1 -SearchName "sales"Troubleshooting 'treasurer' mailbox:
.\find-name-conflict.ps1 -SearchName "treasurer" -DomainName "company.org"Troubleshooting 'info' mailbox:
.\find-name-conflict.ps1 -SearchName "info" -DomainName "business.com"Troubleshooting 'admin' mailbox:
.\find-name-conflict.ps1 -SearchName "admin" -DomainName "domain.com"The script performs 14 comprehensive checks to identify conflicts:
- Verifies existing connection to Exchange Online
- Automatically attempts to connect if not connected
- Checks for ExchangeOnlineManagement module
- Provides clear error messages if connection fails
- Scans ALL recipient objects in the organization
- Searches for exact matches (critical - will block creation)
- Also identifies partial/word matches (informational reference)
- Checks: DisplayName, Name, Alias, PrimarySmtpAddress
- Distinguishes between critical exact matches and reference matches
What to look for:
- 🚫 EXACT MATCH = Will block mailbox creation
- ℹ Partial match = Reference only, won't block
- Searches for soft-deleted mailboxes with matching names
- Most common cause of "name already in use" errors
- Mailboxes remain in soft-deleted state for 30 days after deletion
Why this matters: Soft-deleted mailboxes retain their names and aliases, blocking creation of new mailboxes with the same name.
Solution provided: Commands to permanently delete soft-deleted mailboxes
- Checks for inactive mailboxes (requires retention/litigation hold)
- These can also block name reuse
- Requires appropriate licensing to check
- Uses
Get-EXOMailboxfor detailed property search - Includes all properties: DisplayName, Name, Alias, EmailAddresses, LegacyExchangeDN
- Identifies exact vs. partial matches
- Shows Azure AD ObjectId for cross-reference
- Scans all distribution group types
- Checks for exact and partial name matches
- Includes: SecurityGroups, MailUniversalDistributionGroups
- Checks all M365 Groups (Teams-connected groups)
- These groups reserve email addresses
- Can block shared mailbox creation
- Checks dynamic distribution groups
- These auto-populate based on rules
- Can have conflicting names/aliases
- Searches for external mail contacts
- These can reserve names and aliases
- Often overlooked in manual searches
- Checks mail-enabled user objects
- Different from regular mailboxes
- Used for external email routing
- Checks for remote mailboxes (hybrid environments)
- Only relevant if you have Exchange hybrid
- Mailboxes hosted on-premises but mail-enabled in cloud
- Searches system mailboxes
- Arbitration mailboxes (used for approval workflows)
- Rarely cause conflicts but checked for completeness
- Checks public folder mailboxes
- These can reserve names
- Usually named differently but checked anyway
- Searches Azure AD user objects via
Get-User - Critical check for Name and mailNickname (SamAccountName) conflicts
- Shows all matching fields:
- DisplayName
- Name (most common blocker)
- SamAccountName/mailNickname (Alias equivalent)
- WindowsEmailAddress
- UserPrincipalName
- Provides automated fix commands for conflicts
Why this is critical: The Azure AD Name property and mailNickname (Alias) are the most common sources of conflicts that block shared mailbox creation.
- Uses
Get-Recipientwith exact filters - Double-checks for exact DisplayName, Alias, and Name matches
- Shows all email addresses and GUIDs
- Confirms which property is causing the conflict
- Analyzes all findings to determine which will actually block creation
- Categorizes findings as CRITICAL vs. REFERENCE
- Provides conflict reasons for each finding
- Summary count of critical vs. reference conflicts
- Attempts to create the mailbox with
-WhatIf - Shows what would happen without actually creating it
- Confirms if name is blocked
The script provides color-coded, formatted output:
| Color | Meaning |
|---|---|
| Cyan | System messages, section headers, check numbers |
| Green | Success messages, no conflicts found |
| Yellow | Warnings, prompts, findings |
| Red | Critical errors, exact matches that block creation |
| Gray | Informational messages, reference items |
| Magenta | Summary sections |
- Header - Script title and purpose
- Interactive Prompts - Requests for search name and domain (if not provided)
- Search Info - Displays what you're searching for
- 14 Diagnostic Checks - Each numbered with results
- Summary - Total findings, critical vs. reference counts
- Resolution Steps - Numbered action plan to fix conflicts
- Export Notification - Location of exported results
File Location: %TEMP%\NameConflict_YYYYMMDD_HHMMSS.xml
Contents:
- All findings in structured XML format
- Can be re-imported for analysis:
$results = Import-Clixml "C:\Temp\NameConflict_20251014_143022.xml" $results | Format-Table
✓ NO CONFLICTS FOUND!
The name 'treasurer' appears to be available.
You should be able to create your shared mailbox with:
New-Mailbox -Shared -Name 'treasurer' -Alias 'treasurer' -PrimarySmtpAddress '[email protected]'
Next Steps:
- Try creating the mailbox
- If still fails, wait 5-10 minutes for replication
- Check for reserved names (admin, postmaster, etc.)
✓ NO CRITICAL CONFLICTS FOUND!
Only partial/reference matches were found - these should NOT block creation.
Meaning: Objects were found that contain your search term as part of their name, but don't have an exact match on critical fields. These should not block creation.
╔════════════════════════════════════════════════════════════════════════════════╗
║ CONFLICTS IDENTIFIED ║
╚════════════════════════════════════════════════════════════════════════════════╝
Followed by:
- List of conflicting objects grouped by type
- Detailed information about each conflict
- Resolution steps numbered 1, 2, 3...
When conflicts are found, the script provides automated resolution commands:
Problem: User account has Name or mailNickname matching your desired mailbox name
Solution provided by script:
# Fix Name property
Set-User -Identity '[email protected]' -Name 'John Doe'
# Fix mailNickname/Alias
Set-Mailbox -Identity '[email protected]' -Alias 'john.doe'
# Verify changes
Get-User -Identity '[email protected]' | Select-Object DisplayName, Name, SamAccountName, UserPrincipalNameProblem: A deleted mailbox still exists in soft-deleted state
Solution provided by script:
Remove-Mailbox -Identity '[email protected]' -PermanentlyDelete -Confirm:$falseImportant: Wait 5-10 minutes after deletion before trying to create new mailbox
Option 1 - Remove:
Remove-Mailbox -Identity '[email protected]' -Confirm:$falseOption 2 - Rename:
Set-Mailbox -Identity '[email protected]' -Alias 'new-alias-name'Remove Unified Group (M365 Group):
Remove-UnifiedGroup -Identity '[email protected]' -Confirm:$falseRemove Distribution Group:
Remove-DistributionGroup -Identity '[email protected]' -Confirm:$falseAfter making ANY changes:
- Wait 5-10 minutes for Azure AD and Exchange Online synchronization
- Re-run this diagnostic script to verify conflict is resolved
- Then attempt to create your shared mailbox
Symptom: You deleted a mailbox last week, now can't create one with the same name
Cause: Mailbox is soft-deleted (retained for 30 days)
Solution:
- Script will identify the soft-deleted mailbox
- Run provided
Remove-Mailbox -PermanentlyDeletecommand - Wait 5-10 minutes
- Create new mailbox
Symptom: Error says name is in use, but you don't see a mailbox
Cause: An Azure AD user object has the Name property set to your desired mailbox name
Solution:
- Script identifies the user account
- Script provides
Set-Usercommand to change Name property - Run the command
- Wait 5-10 minutes
- Create new mailbox
Symptom: Can't create mailbox with specific alias
Cause: Another object has the same mailNickname (SamAccountName)
Solution:
- Script identifies the conflicting object
- Script provides
Set-Mailbox -Aliascommand - Run the command to change the conflicting object's alias
- Wait for sync
- Create new mailbox
Symptom: Name blocked by existing group
Cause: Distribution group or M365 Group with same name/alias
Solution:
- Script identifies the group
- Decide: rename or remove the group
- Run provided command
- Wait for sync
- Create new mailbox
Symptom: Script finds no conflicts, but creation still fails
Possible Causes:
- Reserved name: Some names are reserved by Microsoft (admin, postmaster, administrator)
- Replication delay: Recent deletion hasn't fully propagated (wait 30 minutes)
- Special characters: Name contains invalid characters
- Permission issues: Your account lacks proper permissions
Troubleshooting:
- Try a completely different name to test permissions
- Wait 30 minutes and try again
- Check name against Microsoft reserved names list
- Verify your admin role assignments
The script distinguishes between different types of matches:
- Property value exactly equals the search name
- Examples:
- DisplayName = "treasurer" (when searching "treasurer")
- Name = "treasurer"
- Alias = "treasurer"
- PrimarySmtpAddress = "[email protected]"
These WILL block mailbox creation
- Property value contains the search term as a word
- Examples:
- DisplayName = "Assistant Treasurer" (when searching "treasurer")
- Name = "Treasurer Department"
- Alias = "treasurer-team"
These typically WON'T block mailbox creation
The script uses word boundary matching to avoid false positives:
- Searching "sure" WON'T match "treasurer" (not a word boundary)
- Searching "treasurer" WILL match "Assistant Treasurer" (word boundary)
Error: "Not connected to Exchange Online"
Solutions:
- Ensure ExchangeOnlineManagement module is installed:
Install-Module -Name ExchangeOnlineManagement -Force
- Manually connect first:
Connect-ExchangeOnline - Check internet connectivity
- Verify your credentials and MFA setup
- Check for Conditional Access policies blocking connection
Possible Causes:
- Not enough permissions: Your account may not have permission to see all objects
- Wrong search term: Ensure you're searching for the exact name that's failing
- Case sensitivity: Script is case-insensitive, but verify spelling
- Timing issue: Object might have been recently removed (try again in 10 minutes)
Solutions:
- Verify you have Exchange Administrator or Global Administrator role
- Double-check the exact name that's failing
- Try searching for a partial name
- Wait and re-run
Problem: Script shows many findings, but none seem to exactly match
Explanation: Script shows both exact matches (critical) and partial matches (reference)
Solution:
- Look for items marked "EXACT MATCH" or "BLOCKS CREATION"
- Ignore items marked "Partial" or "Reference only"
- Check the summary section for critical vs. reference counts
Error: "Access Denied" or similar during specific checks
Explanation: Some checks require specific permissions or licenses
Impact: These errors can be ignored if other checks complete successfully
Examples:
- Inactive mailboxes require retention policies
- Some cmdlets may not be available in all licenses
Problem: Made recommended changes, but still can't create mailbox
Cause: Azure AD and Exchange Online synchronization delay
Solution:
- Wait 5-10 minutes minimum
- Re-run this diagnostic script to verify conflict is gone
- If conflict still shows, wait up to 30 minutes
- Check if you have multiple domain controllers (longer sync time)
- ✅ Gather Information: Know the exact name/alias that's failing
- ✅ Note the Error: Copy the exact error message you're receiving
- ✅ Check Permissions: Ensure you have admin rights
- ✅ Connect First: Consider connecting to Exchange Online manually first
- ✅ Test Connection: Run
Get-OrganizationConfigto verify connectivity
- ✅ Read the Output: Don't skip sections, read what's being checked
- ✅ Note Exact Matches: Focus on "EXACT MATCH" findings
- ✅ Save the Output: Export location is shown at the end
- ✅ Copy Commands: Copy the provided resolution commands
- ✅ Take Screenshots: Capture the summary section for documentation
- ✅ Review Summary: Check the diagnostic summary section
- ✅ Execute Fixes One by One: Don't run all commands at once
- ✅ Wait Between Changes: Allow 5-10 minutes for sync after each change
- ✅ Re-run Diagnostic: Verify conflict is resolved before creating mailbox
- ✅ Document Changes: Keep a record of what was changed
- ✅ Create Naming Convention: Establish standards to avoid conflicts
- ✅ Clean Up Regularly: Remove old soft-deleted mailboxes
- ✅ Use Prefixes/Suffixes: Consider using "shared-" prefix for shared mailboxes
- ✅ Maintain Inventory: Keep a list of reserved names
- ✅ Automate Cleanup: Schedule periodic cleanup of soft-deleted items
Create a wrapper script to check multiple names:
$namesToCheck = @("treasurer", "secretary", "info", "sales")
foreach ($name in $namesToCheck) {
Write-Host "`n`n=== Checking: $name ===" -ForegroundColor Cyan
.\find-name-conflict.ps1 -SearchName $name -DomainName "contoso.com"
Start-Sleep -Seconds 5
}Warning: Review carefully before running automated fixes!
# Run diagnostic and capture output
$results = .\find-name-conflict.ps1 -SearchName "treasurer" -DomainName "contoso.com"
# Review the XML export
$findings = Import-Clixml "C:\Temp\NameConflict_*.xml" | Sort-Object LastWriteTime | Select-Object -Last 1
# Implement fixes based on findings (with caution!)
foreach ($finding in $findings) {
if ($finding.Type -like "*SOFT-DELETED*") {
Write-Host "Would remove: $($finding.Object.PrimarySmtpAddress)"
# Uncomment to execute:
# Remove-Mailbox -Identity $finding.Object.PrimarySmtpAddress -PermanentlyDelete -Confirm:$false
}
}Export results to a central location for tracking:
.\find-name-conflict.ps1 -SearchName "treasurer" -DomainName "contoso.com"
# Copy results to network share
$latestResult = Get-ChildItem $env:TEMP\NameConflict_*.xml | Sort-Object LastWriteTime | Select-Object -Last 1
Copy-Item $latestResult -Destination "\\server\share\diagnostics\"Run periodically to identify potential conflicts before they cause issues:
# Check common shared mailbox names weekly
$commonNames = @("info", "support", "sales", "admin", "reception")
$task = {
foreach ($name in $commonNames) {
.\find-name-conflict.ps1 -SearchName $name -DomainName "company.com"
}
}
# Register scheduled task (requires admin rights)
# Configure appropriately for your environmentWhen creating a shared mailbox, Exchange Online checks:
- Name property in Azure AD
- mailNickname (Alias) in Azure AD
- DisplayName in directory
- PrimarySmtpAddress in directory
- Soft-deleted objects in recycle bin
If ANY of these match exactly, creation fails.
- Soft-deleted mailboxes remain in the system for 30 days
- They retain all properties including Name and Alias
- This prevents accidental data loss and allows recovery
- They must be permanently deleted to free up the name
| Azure AD Property | Exchange Online Property | Blocks Creation |
|---|---|---|
| Name | Name | ✅ Yes |
| mailNickname | Alias | ✅ Yes |
| displayName | DisplayName | |
| proxyAddresses | EmailAddresses | ✅ Yes (for SMTP) |
| userPrincipalName | UserPrincipalName | ❌ No |
- Azure AD changes: 5-10 minutes to propagate
- Exchange Online changes: 5-10 minutes to propagate
- Cross-service sync: Up to 30 minutes in some cases
- Soft-delete purge: Immediate for name release after permanent delete
Cause: Exact match on Name or Alias property
Fix: Run this script to identify the conflicting object
Cause: Email address already assigned to another object
Fix: Script will identify the object with that email address
Cause: Object was recently deleted but still being referenced
Fix: Wait 10-30 minutes and retry
Cause: Insufficient permissions
Fix: Verify you have Exchange Administrator or Global Administrator role
Traditional manual checking:
Get-Mailbox -Identity "treasurer"
Get-DistributionGroup -Identity "treasurer"
Get-UnifiedGroup -Identity "treasurer"Problems:
- Misses soft-deleted mailboxes
- Doesn't check Azure AD Name property
- Doesn't find partial matches in DisplayNames
- Doesn't check all recipient types
- Requires multiple commands
- No automated resolution guidance
- ✅ Comprehensive: Checks 14 different object types
- ✅ Includes Soft-Deleted: Finds the most common cause
- ✅ Azure AD Integration: Checks user Name and mailNickname
- ✅ Exact vs Partial: Distinguishes critical from reference matches
- ✅ Automated Fixes: Provides copy-paste commands
- ✅ Single Command: One script does everything
- ✅ Interactive: Guides you through the process
- ✅ Exportable: Results saved for documentation
- Website: https://www.ciaops.com
- GitHub: https://github.com/directorcia/ciaops
- Patron: http://www.ciaopspatron.com
- Microsoft Tech Community
- Reddit r/sysadmin
- Stack Overflow
| Version | Date | Changes |
|---|---|---|
| 2.0 | 2025-10-14 | Enhanced exact vs. partial match detection, improved Azure AD user conflict detection, automated fix commands, better visual formatting |
| 1.x | Earlier | Initial versions |
Script provided as is. Use at own risk. No guarantees or warranty provided.
This script is provided free of charge by CIAOPS. Always review commands before executing them in your production environment. The author and CIAOPS are not responsible for any issues arising from the use of this script.
A: Typically 2-5 minutes depending on organization size and number of objects.
A: Yes, it's read-only and doesn't make any changes. It only identifies conflicts.
A: No, it identifies the problem and provides commands for YOU to run. Always review before executing fixes.
A: These are informational and typically won't block creation. Focus on "EXACT MATCH" items.
A: No, provide the exact name you're trying to create. The script will find partial matches automatically.
A:
- Name: Azure AD object name (critical property)
- Alias: Email alias / mailNickname (critical property)
- Both must be unique across the organization
A: Azure AD and Exchange Online need time to synchronize changes across all servers and services.
A: No, it's designed specifically for Exchange Online in Microsoft 365.
A: The name might be reserved by Microsoft, or there's a replication delay. Try waiting 30 minutes or use a different name.
A: Only if you're certain you don't need to recover the data. Soft-deleted mailboxes can be recovered for 30 days.
A: Not directly, but you can run the script multiple times or create a wrapper script (see Advanced Usage section).
Last Updated: October 14, 2025
Script Version: 2.0