Hi all, I've a question about setting up Azure AD Connect and maintenance of Exchange Online.
We're a MSP with allot of customers running an on-prem AD and using Exchange Online (Office365 bundles) for their e-mail.
For the convenience of the end-users we would like to enable password sync through Azure AD Connect. But when we set this up we have to do the Exchange management on-prem. And that's something we want to move away from (even with the free Exchange license key....).
How are you guys/girls dealing with this issue? Or do I miss something and can I just sync the passwords and still do the management of Exchange Online?
It's a very common ask, but unfortunately there's no other way. At least for the time being, if you want to manage/sync password from your AD, you have to do the management of Exchange attributes there as well.
If all you want is password synchronization you can look at deploying the Windows Server Essentials role (not the server edition, just the server role) and connect on-prem AD accounts with Office 365 accounts. This will sync password changes to the cloud, but isn't the full directory sync that you get with Azure AD Connect. This works for small customers, which I imagine are the ones most feeling the pain of having to keep an on-prem Exchange server.
If you want the full directory sync experience, for now you need an on-prem Exchange server. Microsoft made announcements at Ignite 2016 and again at Ignite 2017 with their plans to create a "hybrid connector" that will do away with the on-prem Exchange server requirement, but that is still probably at least a year away (perhaps we'll get the good news at Ignite 2018).
Hi John, in my understanding youre Cloud users are locked for serveral e-mail changes. They've to be made from the onprem environment. So changes to the emailadres for example have to be made from onprem Exchange or using Adsiedit.