Forum Discussion
Solved
The question nobody dares to ask! How do you create a new user in a hybrid environment.
Hi, the last couple fo days the question how to create a new user in a hybrid exchange environment is floating around in my head. Most of the time when i create a user i create a onpremise accoun...
The best practice is whatever works for your user management workflows. You can create it either way. In a hybrid you can move mailboxes back and forth whether they were created on-prem or in the cloud.
One caveat with New-RemoteMailbox is that it can't do Shared mailboxes. Those you need to create on-prem and then move, or, create in EXO as a user mailbox and then convert to Shared. Either way, same result.
Jerry Meyer wrote:
When a customer is planning to go all the way to the cloud i use create user sync user assign license. With the assumption the Exchange on-prem environment will be cleaned up.
Your question (and thread title) are about hybrid deployments, which means directory sync is in place + an on-prem Exchange server. What is this second scenario you're throwing into the mix where Exchange will be "cleaned up"?
Keep in mind that with directory sync in place, an on-prem Exchange server is required for managing mail attributes in a supported manner, even without the hybrid configuration.
O i did not know that. I thought that the Serviceaccounts from the AzureADsync are managing the the writeback from Exchangeonline.
Its just an idea on how to manage users and mailboxes it is not an real customer case at this moment. We have one customer who wants to clean up there onprem Exchange but thats a different topic i think.
So let’s do a recap!
You can create users in two ways.
Create a user onprem sync the user and create a mailbox onprem then migrate it.
Or
You create a new-remotemailbox that will create a mail user in the on-premises AD and also create an associated mailbox in O365.The way to create a shared mailbox is create it onprem and move it to Online, or create a user mailbox online and convert it.
The best practice is whatever works for your user management. And in an Hybrid environment you always need the exchange server for maintenance purposes.
One last question when you use the new-remotemailbox option. You have to set the rights on the user manually? So you can’t use Copy from user John Doe?
A different topic yes, but a quick response for my two cents. You can run without the Exch on prem, but it is not supported by Microsoft and requires digging into AD Attributes manually if you need to change some objects like primary SMTP address etc. Do-able, but not supported. It is best to leave one Exch server on premise just for management purposes event if it doesn't have any mailboxes or databases. I have heard of some even standing up a current version (in the event your on prem servers are older) in a VM and just reducing resources to the min required and keeping it around as a management machine. You will still need to apply OS and Exchange updates to it so don't forget about it.
You can have also an Hybrid Server Key License for free, depends the conditions.
In the bellow site is the how to, and the conditions to qualify to Hybrid Server free license.
Hi,
I would have a follow up question. If I use the New-RemoteMailbox command instead of migrating the user, I see as a difference that the on-premise recipient gets no X500,x500 address, the exchange guid is 00000000-0000-0000-00000000 and the ExchangeVersion is lower (compared to a migrated user). Does that have any consequence if I move the online mailbox back to on-premise (say for insufficient license count)?
The Get-RemoteMailbox address information does also not list x500 addresses, but if I do get-mailbox on O365 online, then I get as said before an X500 entry (uppercase only and as said different OU).
Best
Martin
