Forum Discussion
Tips to use Azure AD Connect with online Exchange management
Hi all, I've a question about setting up Azure AD Connect and maintenance of Exchange Online.
We're a MSP with allot of customers running an on-prem AD and using Exchange Online (Office365 bundles) for their e-mail.
For the convenience of the end-users we would like to enable password sync through Azure AD Connect. But when we set this up we have to do the Exchange management on-prem. And that's something we want to move away from (even with the free Exchange license key....).
How are you guys/girls dealing with this issue? Or do I miss something and can I just sync the passwords and still do the management of Exchange Online?
If all you want is password synchronization you can look at deploying the Windows Server Essentials role (not the server edition, just the server role) and connect on-prem AD accounts with Office 365 accounts. This will sync password changes to the cloud, but isn't the full directory sync that you get with Azure AD Connect. This works for small customers, which I imagine are the ones most feeling the pain of having to keep an on-prem Exchange server.
If you want the full directory sync experience, for now you need an on-prem Exchange server. Microsoft made announcements at Ignite 2016 and again at Ignite 2017 with their plans to create a "hybrid connector" that will do away with the on-prem Exchange server requirement, but that is still probably at least a year away (perhaps we'll get the good news at Ignite 2018).
It's a very common ask, but unfortunately there's no other way. At least for the time being, if you want to manage/sync password from your AD, you have to do the management of Exchange attributes there as well.
- Paul CunninghamSteel Contributor
If all you want is password synchronization you can look at deploying the Windows Server Essentials role (not the server edition, just the server role) and connect on-prem AD accounts with Office 365 accounts. This will sync password changes to the cloud, but isn't the full directory sync that you get with Azure AD Connect. This works for small customers, which I imagine are the ones most feeling the pain of having to keep an on-prem Exchange server.
If you want the full directory sync experience, for now you need an on-prem Exchange server. Microsoft made announcements at Ignite 2016 and again at Ignite 2017 with their plans to create a "hybrid connector" that will do away with the on-prem Exchange server requirement, but that is still probably at least a year away (perhaps we'll get the good news at Ignite 2018).
- Joris van der SligteCopper ContributorThanks all. This is also a problem for us as MSP because we now have to maintain an extra server with its complexity. But we will be patiƫnt!
- John TwohigIron Contributor
I am curious about what the issue is. We use Azure AD Connect. We turned off our on-premise Exchange server a year ago and haven't had any issues.
Before we did it I was a bit concerned because I read that you should keep an on-premise Exchange server but our IT people said it would be fine and it has been.
What specifically is supposed to break if you don't have an on-premise exchange server?
- Joris van der SligteCopper ContributorHi John, in my understanding youre Cloud users are locked for serveral e-mail changes. They've to be made from the onprem environment. So changes to the emailadres for example have to be made from onprem Exchange or using Adsiedit.