Forum Discussion
David Machula
Dec 03, 2018Copper Contributor
Azure AD Connect and "Exchange hybrid deployment" write-back
At a management level, one of the assumptions (correct or incorrect) when opting for Office 365 was that synchronization would be one-way (from our Active Directory to the Office 365/Azure). Unless otherwise configured, there would be no way for possible changes in the Office 365 to be written back to local Active Directory.
Because of this, when we first configured Azure AD Connect, we did not select the optional feature "Exchange hybrid deployment" even though we plan to run the Exchange hybrid configuration wizard later (and thus have an Exchange hybrid environment).
Is selecting this optional feature... mandatory... for Exchange hybrid environments?
I was told that if the Exchange attributes that are synced back to local Active Directory are not required for our environment, the feature is optional.
We are evaluating the need for these features and the related attributes synced to local Active Directory but, assuming we did not need them, what negative effect could that have on the general hybrid environment?
For example, Exchange attributes from local Active Directory to Azure AD / Exchange Online would be synced regardless, correct?
Thank you in advance!
Why the need not to writeback?
If you have mailboxes both and in 365, you'll want that writeback enabled.
For example the legacyExchangeDN of a moved mailbox is written back as an X500 address on-prem to the remote mailbox .
If you dont have that, its going to cause issues for your Outlook clients with cached values and public folders.
- RNalivaikaIron Contributorif you have less than several thousand users, best to avoid exchange hybrid. go for cutover migration instead.
- londupsterCopper Contributor
Can the Exchange Hybrid writeback option be chosen at a later stage in AD Connect when the organization is ready to implement Exchange Hybrid and perform migrations?
- Manoj94Copper ContributorYep, You can enable the Exchange Hybrid deployment feature when you are ready for migrating mailboxes from On-premises to Exchange online.
- Tech10Copper Contributor
Enabling Exchange hybrid deployment in AAD connect allows Exchange Online and Exchange on-premise to learn where exactly the mailbox is hosted. If this is not turned on and if a license that allows an Exchange mailbox is assigned to the user in O365, let's say an E3, a mailbox will be provisioned in O365. To avoid this situation, it makes sense to do so before license allocation in O365. Another option is to select specific services under the license to avoid creating a cloud mailbox if you want to consider enabling this optional feature at a later stage.
Cheers,
Azhar Syed
Why the need not to writeback?
If you have mailboxes both and in 365, you'll want that writeback enabled.
For example the legacyExchangeDN of a moved mailbox is written back as an X500 address on-prem to the remote mailbox .
If you dont have that, its going to cause issues for your Outlook clients with cached values and public folders.
- David MachulaCopper Contributor
Why the need not to writeback?
When the Office 365 product was evaluated, the assumption was made that nothing from the "Cloud" would make changes to our local environment (so we would be "safe" ). Features like password writeback to local AD were thought to be strictly optional. This is what security and management understood at the time. I was asked to confirm that Exchange writeback is necessary for a hybrid environment (Yes, we do intend to run the HCW and setup a hybrid environment). Details on mailbox moves being written back to on-premises seems to be a compelling reason to enable this feature.
- DubC85Copper Contributor
David Machula ChrisWebbTech Andy David
Wanted to add that if you're in an AD greenfield with Exchange Online only, AzureAD Connect will not writeback the mail attribute to the user account. The mail attribute would be quite necessary for many OnPrem applications/services.
- Those Attributes write up to AzureAD/365 because all your changes should happen onprem :P. But he's referring to not having any users in 365 yet. In that case I don't see a requirement. But as you start adding any kind of Office 365 groups or anything of that nature you are definatley going to want a hybrid setup.
Yep, I was responding to his comment "Is selecting this optional feature... mandatory... for Exchange hybrid environments?"
- It really depends on what you're planning on making use of in Office 365. Some things will have more affect than others by not having exchange Online. Not setting hybrid isn't required initially unless you are going to host mailboxes in both locations at the same time. Nothing writes back via Azure AD unless you have premium P1 and configure it too. The only thing that writes back in a hybrid setup is the migration jobs, they will talk back and tell your migration endpoint to basically inform your on-prem server that the mailbox was moved and mark it as in the cloud, but that's not AzureAD doing that, that's Exchange Services.