o365 sync, merge users

Copper Contributor

Dear Microsoft,

 

I hope I can ask your help for further information about O365.

we have a (academic/university) tenant, we use it with a „fake” subdomain (cl.domain), have a lot of user who use Teams and Onedrive (and many other application)

In parallel We have an on-premise AD and Exchange system.

We would like to do a Password Hash Sync between the on-premise AD and O365, and have a few question about it:

  1.  Which DNS record is the basic  we definitely need? TXT? We don’t want to use Exchange online. We want an single/unified directory so our users can use system with the same username. Currently every user has an on-premise username and a „cloud” username.
  2. After the sync can we merge the users?  Each user is member/owner of many Teams and they store a lot of files in Onedrive
  3. Is it enough not to set the mx dns record or rather not give users the Exchange online license?
5 Replies

Hey @Icsab ,

 

There are a quite few things which you need to consider here in order to achieve this, although it calls for a more detailed discussion, i will try to summarize best i can, the overall strategy would look somewhat like this:

1. Add the production domain in office 365, you just have to update the txt record, nothing more. Also set the domain to internal relay via exchange.

2. Change users' User principal name and primary SMTP in office 365; match it to your on-premises user principal name for respective users. Make sure UPN matches primary SMTP. Changing the UPN won't delete the data present in OneDrive.

3. Remove exchange online license from the users. Hopefully you don't need the data already present in office 365 mailboxes ?

4. Next you need to setup AADConnect to synchronize identities from on-premises, for the accounts to merge automatically (Also referred to as soft match), you need to ensure that UPN in office 365 matches the UPN and primary SMTP address on-premises. You can also populate the 'mail' attribute with the same as well. Run a full sync.

This is a automated process and there can be misses often, what that would mean is you might see two different accounts in office 365 for same user, i.e if the merger fails. There is a manual method to match the users as well (Hard Match), but it has to be employed with caution and only when you have verified the above conditions. Hard Match : https://docs.microsoft.com/en-us/archive/blogs/praveenkumar/how-to-do-hard-match-part-2

 

Looks scary ? Try it with a dummy user first, create a dummy user in office 365 and on-premises, synchronize only the dummy user from on-premises ( You can create an OU and have only the Dummy user in it, and sync this OU only using AADconnect.)

 

 Thanks

@harveer singh  Thanks!

I needed the "hard match", but everything looks good.

 

After the can i merge/snyc the Teams ( they used it with the aad account before the sync) calender with the on-premise exchange/outlook calendar?

 

thank you in advance for your reply

 

Hi,
to have users 'calendar information with calendar synchronization in teams .. it is imperative to set up a hybrid exchange infrastructure with exhange online .. and of course as you wish, you can leave users' mailboxes on exchange on promise ..

Hey @Icsab , Building on what @Kais_mbarki said, you would require an exchange build higher than Exchange 2016 CU3. Here is a reference article : https://techcommunity.microsoft.com/t5/exchange-team-blog/configuring-teams-calendar-access-for-exch...

 

Thanks

@harveer singh
I confirm ... exactly that