Forum Discussion
Exchange Online and Azure AD Connect
adam deltinger Thanks for the quick reply. I was thinking that was the case, does the free Exchange Hybrid License include a Windows Server license? Essentially they are requiring yet another server for me to manage. I'm just glad that 2019 is intended to be run on Server Core.
Anyone know or is using their "free" hybrid license on an Exchange 2019 server?
Hey. Just to confirm, you don't need to install Exchange; you only need to extend the AD schema to include its attributes. Do this on your DC and you won't need another server. You are licensed to do this an O365 tenant. You can download Exchange2016-x64.exe from the Microsoft website, extract it, and run, in cmd:
Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
JonasBack this still doesn't account for sites that have never had exchange installed
- I’ve had this discussion many times with customers and we all end up with ”it’s unsupported” to remove the last Exchange - period. I also know it’s possible to edit attributes directly in ADUC but I would never recommend it.
But I also agree Microsoft should fix this - it doesn’t make any sense. I was on whole day session just regarding Hybrid at Ignite 3 years ago and they said ”we’re working on it” but now they don’t even say that. I think this requirement will never go away and they are working on other things. Long term solution if you REALLY want to get rid of Exchange on-premises is probably to move away from on-premise AD and Azure AD Connect completely and go all-in on Cloud Only Identities. Again, not what I want to tell my customers but to be honest, that is what I think.
...and I’ll keep asking the experts at Ignite - which I do every year You can use regular ADUC (AD Users and Computers console), enable Advanced options in it and when you open a user, it should have the Attribute editor tab. In there you can change various attributes. To add/edit aliases you can edit ProxyAddresses attribute.
SMPT:name@domain.com is the main address
smpt:name@domain.com is the secondary address and you can add many of them
Ru Most information I have found says this is the recommended practice. What tool are you using to manage email aliases? The more I think about it, the more I am intending to agree with you. An on-premise exchange server in a green-field AD seems like more of a headache than what it would be worth.
redamalekiI don't quite understand why you need to install Exchange. The attributes can managed without it, as long as you extend the schema. You can do it very easily with the AD Users & Computers console. What's leading you to this conclusion?
Ru Thanks for the information. I believe that we are going to deploy Exchange 2016 on prem soley for management. My issue is that the AD environment never had Exchange deployed, so the domain has never been prepped, auto discover scp has not been set, and client namespace has not been defined. My concern is that deploying Exchange on prem after AADC and getting them on board with using on Prem AD credentials might cause some service interruptions. I've been trying to find a guide or directions on deploying an Exchange 2016 Management server in a greenfield AD only to manage mail properties for Exchange Online for synchronized users.
My approach at this point is to install it like a new Exchange deployment, but point Autodiscover to https://autodiscover.outlook.com/Autodiscover/Autodiscover.xml and use the hybrid wizard only to license the server. Outside of that, and not routing any mail services to the server, there wouldn't be much else to it.
- You can also run Idfix tool against your AD before AADC install. It will show you errors that you can fix before hand, like duplicated UPNs, etc. And yes, if you use emails like name.lastname@domain.com and your AD users use username111 UPN, you will have to change them to email address form before the sync, so it would match AAD format.
- Awesome, thank you for the clarification.
redamalekiWe did not select options for enabling Exchange Hybrid. That is strictly for people who want to control Exchange on-prem and Exchange online in a coexisting environment. If you never had Exchange or have moved all mailboxes to Exchange online, you don't need that; only the schema extension. You then just need to make sure the attributes match your AAD and on-prem AD before the AAD Connect sync, such as UPN and email. AAD Connect with then perform a 'soft match' between the AAD and on-prem identity.
I did see https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom#optional-features on the AADC options:
Exchange Hybrid Deployment The Exchange Hybrid Deployment feature allows for the co-existence of Exchange mailboxes both on-premises and in Office 365. Azure AD Connect is synchronizing a specific set of https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-sync-attributes-synchronized#exchange-hybrid-writeback from Azure AD back into your on-premises directory. Even though Exchange may not be installed locally, won't AADC and Azure AD still be treating it like a hybrid exchange environment? Ru I should be selecting this option when installing AADC, correct? Seems that others already had Exchange installed on premise, so this would have been checked when they deployed AADC and then later decommissioned their on prem exchange servers.
- AADC won't sync/write back without Azure Premium license. And usually it syncs from on premise to the cloud. Yes, it is probably better to extend before installing AADC or it won't even install without a schema already being present. Then you would put email addresses into local AD users profiles and then AADC would sync this info to Exchange Online.
adam deltinger and Ru
I should do the extension prior to installing AADC, correct? Makes the most sense to me anyway, so that when AADC syncs, there is a place to write back the email information from Exchange Online.
- Yeah, as said, you only need to extend the schema so you can use and sync the correct exchange attributes
