https://www.itpromentor.com/link-aduser-365/ 

In a hybrid environment, users should (ideally) be created from the on-premises Exchange server, not from the Office 365 portal, and not even from Active Directory Users & Computers. Better is to do it right from the EAC on-premises (New > Office 365 mailbox).

I know, it’s so convenient and habitual to create a new user account by simply copying an old one out of ADUC. But guess what else is convenient? PowerShell. And if you have a good script that is using the New-RemoteMailbox cmdlet, among others, then you aren’t going to miss certain crucial Exchange attributes (which is what happens when you are blindly copying pre-existing user accounts via ADUC).

In an upcoming post, I will share a more detailed automation script for doing this the proper way, in bulk (including mirroring group memberships from a template user & even adding your MSOL licensing). But here is a one-liner to get you started, anyway (equivalent to the above GUI method but allows you to add accounts in bulk):

IMPORT-CSV NewHybridUsers.csv | FOREACH {New-RemoteMailbox -Alias $_.Alias -Name $_.DisplayName -FirstName $_.FirstName -LastName $_.LastName -OnPremisesOrganizationalUnit $_.OU -UserPrincipalName $_.EmailAddress -Password (ConvertTo-SecureString -String $_.Password -AsPlainText -Force) -ResetPasswordOnNextLogon:$true }

You would of course require a CSV file named NewHybridUsers.csv that has these attributes listed out, with one user described per line.

Alias,DisplayName,FirstName,LastName,OU,EmailAddress,Password AWilliams,Ash Williams,Ash,Williams,corp.local/users,awilliams@corp.com,this1$myB00m$tick!

Note that in this example, the user would have to sign into the on-premises domain first, to reset their password, before syncing to the cloud and logging into their 365 services. (Also you have to license the account once it syncs–the next script I share will do this for you–stay tuned for it).

What to do if your stuff is already borked

Here is what you need to do, if you have already created a user account, for example, via AD Users & Computers, and then the account was subsequently licensed in the cloud, and given a mailbox (but without the on-premises EAC being aware of it). When you look at the list of mailboxes in the on-premises EAC, one or several accounts are missing. Start by connecting a PowerShell session to Office 365 Exchange Online.

Then run this:

Get-Mailbox user | fl ExchangeGuid

You need to copy this GUID and paste in it later–it has to be matched & input into your on-premises account’s attributes. Open the Exchange management shell on-premises and enter:

Enable-RemoteMailbox username -RemoteRoutingAddress username@domain.mail.onmicrosoft.com 
Set-RemoteMailbox username -ExchangeGuid <ExchangeGuid from above>

This will “hybrid mail-enable” the on-premises account and add the RemoteRoutingAddress (targetAddress attribute), for mail flow and coexistence with Exchange Online. Furthermore, you will have the same GUID on-premises as you do in the cloud to represent that mailbox, which makes it mobile between the environments (so you could pull it back down to on-premises if needed).