Forum Discussion
The question nobody dares to ask! How do you create a new user in a hybrid environment.
- Mar 20, 2017
The best practice is whatever works for your user management workflows. You can create it either way. In a hybrid you can move mailboxes back and forth whether they were created on-prem or in the cloud.
One caveat with New-RemoteMailbox is that it can't do Shared mailboxes. Those you need to create on-prem and then move, or, create in EXO as a user mailbox and then convert to Shared. Either way, same result.
Paul Bridges wrote:This assumes the user doesn't have an IAM process/team that uses some other user management process. In most cases, creating the user through Exchange is not an option at the larger clients and we have to powershell it somewhat through the IAM tool in place.
True, though no powershell was mentioned as a requirement in this case. In any case, (almost) everything the Exchange or AD Consoles can do via GUI is of course sriptable via powershell.
You can even auto apply licenses via Azure AD group memberships, therefore saving you one scripting step and just add a group membership.
You al have some very good answers but the question still is what is best practice. i have done al the scenarios and they al work. But what is the difference between these to options
Create user and mailbox onprem sync user and migrate ,mailbox to o365 assign license
or
Create user sync user to o365 and assign license.
I think the only difference is that when you migrate the mailbox you can migrate it back to onprem when you have a Hybrid. But i am not sure if that is still relevant when you are in Exchange online.
Remember this involves a new user so no legacy mailboxes or anything like that.
- Jerryn BunnellApr 26, 2019Copper Contributor
The answer that you are looking for is not something that is easily defined any longer. Everyone who has provided a working answer here is in part correct about what is 'best practice.'
The speed at which things change in relation to cloud-hosted services is causing us to change our perspective on concepts like "Best Practice" for administration tasks like this. What is "best practice" today is quickly changed as soon as that new feature is released. I'm inclined to reference the previous comment regarding the Exchange Admin Center update that provides the "Create New Mailbox In Exchange Online." You are spot on, that is a "Best Practice," but so is the method that the other commenter has about creating a script that does it all for him.
Conclusion.... there are 13 ways to slice the bread (administration tasks) and because things are changing faster than we can establish "Best Practice" the best way to do it is going to be the way that works best for you.
Not the answer you are looking for, and I know that... I am sorry.... : )
I would take a list of the possible ways and figure out which are most applicable to you. Try them each, and understand them each. Establish a process, and dub that YOUR BEST PRACTICE methodology.
- Brian ReidApr 29, 2019MVPAnd on the conversation that things change quickly, now with the latest CU's for Exchange Server you can create shared mailboxes in Exchange Online with "New-RemoteMailbox - Shared".
It though is still the case that with AD Sync in place attributes in Azure AD are mostly read only and need changing in the source directory of Active Directory. Changes to Exchange attributes in AD is only supported via Exchange management tools, so Best Practice would still need to include that. Creating objects or licensing stuff that results in attribute changes before Microsoft build a supported system for writing back the attribute on premises is likely to lead to more administrative issues and problems.
- Paul CunninghamMar 20, 2017Steel Contributor
The best practice is whatever works for your user management workflows. You can create it either way. In a hybrid you can move mailboxes back and forth whether they were created on-prem or in the cloud.
One caveat with New-RemoteMailbox is that it can't do Shared mailboxes. Those you need to create on-prem and then move, or, create in EXO as a user mailbox and then convert to Shared. Either way, same result.
- Ivan54Mar 21, 2017Bronze Contributor
Yup, there is no "best" way, you could aim for "fastest" or what works for your requirements. All road lead to rome in this case :)
- Martin MeranerMar 21, 2017Brass Contributor
Paul Cunningham wrote:One caveat with New-RemoteMailbox is that it can't do Shared mailboxes. Those you need to create on-prem and then move, or, create in EXO as a user mailbox and then convert to Shared. Either way, same result.
For the latter, wouldn't that skip the creation of the AD user for the shared mailbox? Sure one might ask why have it.
- Paul CunninghamMar 21, 2017Steel Contributor
Martin Meraner wrote:
Paul Cunningham wrote:One caveat with New-RemoteMailbox is that it can't do Shared mailboxes. Those you need to create on-prem and then move, or, create in EXO as a user mailbox and then convert to Shared. Either way, same result.
For the latter, wouldn't that skip the creation of the AD user for the shared mailbox? Sure one might ask why have it.
No. Either New-RemoteMailbox, wait, then convert to Shared in the cloud. Or New-Mailbox with -Shared, and then move to the cloud.
Either way, there's still a user object in AD.
- VasilMichevMar 20, 2017MVP
mvanhorenbeeck discusses this in detail in the "Office 365 for IT Pros" book, perhaps he can give few more hints. Personally, I prefer New/Enable-RemoteMailbox, it's faster and cleaner. It has some issues, but those are corner cases mostly...