O365 Users and On-Premise AD User Merge

%3CLINGO-SUB%20id%3D%22lingo-sub-1235492%22%20slang%3D%22en-US%22%3EO365%20Users%20and%20On-Premise%20AD%20User%20Merge%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1235492%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFirstly%20apologies%20if%20this%20is%20on%20the%20wrong%20board.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20currently%20have%20a%20client%20who%20has%20an%20on%20premise%20Active%20Directory%20and%20Exchange%202010%20environment.%20They%20have%20subsequently%20setup%20a%20completely%20independent%20O365%20Tenant%20and%20Exchange%20Online.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20client%20is%20now%20requesting%20that%20we%20sync%20his%20AD%20to%20O365%20and%20link%20the%20accounts%20to%20the%20Exchange%20Online%20mailboxes.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20even%20possible%20and%20how%20would%20one%20go%20about%20doing%20something%20like%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1235492%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAdmin%20center%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1235783%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20Users%20and%20On-Premise%20AD%20User%20Merge%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1235783%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F39009%22%20target%3D%22_blank%22%3E%40Dhillan%20Kalyan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou'll%20want%20Microsoft's%20Azure%20AD%20Connect%2C%20which%20is%20designed%20for%20this%20scenario.%26nbsp%3B%20I%20haven't%20used%20it%20yet%2C%20but%20that's%20what%20you%20want%20and%20you%20can%20search%20and%20find%20many%20resources%20about%20its%20implementation.%26nbsp%3B%20You%20will%20still%20need%20one%20server%20on-prem%20running%20Exchange%2C%20so%20don't%20get%20rid%20of%20that%20just%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1235971%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20Users%20and%20On-Premise%20AD%20User%20Merge%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1235971%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F40253%22%20target%3D%22_blank%22%3E%40Matthew%20Frahm%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20aware%20that%20I%20will%20have%20to%20use%20the%20Azure%20AD%20Sync.%20The%20challenge%20we%20have%20here%20is%20that%20there%20is%20no%20hybrid%20connectivity%20and%20the%20client%20does%20not%20want%20it.%26nbsp%3B%20They%20have%20created%20cloud%20identities%20mailboxes%20in%20O365.%20Which%20means%20users%20have%20AD%20credentials%20and%20O365%20credentials%20which%20are%20separate.%20They%20are%20looking%20to%20implement%20SSO%20by%20synching%20AD%20to%20O365%20and%20then%20linking%20the%20cloud%20identity%20to%20the%20AD%20identity%20to%20create%20the%20SSO.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20my%20honest%20opinion%2C%20they%20did%20not%20do%20this%20correctly.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1236590%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20Users%20and%20On-Premise%20AD%20User%20Merge%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1236590%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F39009%22%20target%3D%22_blank%22%3E%40Dhillan%20Kalyan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPerhaps%20it%20seems%20like%20the%20wrong%20order%2C%20but%20this%20situation%20is%20still%20what%20Azure%20AD%20Connect%20is%20designed%20for.%26nbsp%3B%20I%20think%20you'll%20need%20to%20update%20the%20Exchange%20schema%20and%20you%20may%20need%20to%20get%20the%20(free%3F)%20license%20for%20a%20newer%20version%20of%20Exchange%20server%20so%20you%20can%20administer%20Exchange%20attributes%20from%20the%20on-prem%20environment%20once%20the%20sync%20is%20in%20place.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi,

 

Firstly apologies if this is on the wrong board.

 

I currently have a client who has an on premise Active Directory and Exchange 2010 environment. They have subsequently setup a completely independent O365 Tenant and Exchange Online.

 

The client is now requesting that we sync his AD to O365 and link the accounts to the Exchange Online mailboxes. 

 

Is this even possible and how would one go about doing something like this?

3 Replies
Highlighted

@Dhillan Kalyan 

You'll want Microsoft's Azure AD Connect, which is designed for this scenario.  I haven't used it yet, but that's what you want and you can search and find many resources about its implementation.  You will still need one server on-prem running Exchange, so don't get rid of that just yet.

Highlighted

@Matthew Frahm 

 

I am aware that I will have to use the Azure AD Sync. The challenge we have here is that there is no hybrid connectivity and the client does not want it.  They have created cloud identities mailboxes in O365. Which means users have AD credentials and O365 credentials which are separate. They are looking to implement SSO by synching AD to O365 and then linking the cloud identity to the AD identity to create the SSO.  

 

In my honest opinion, they did not do this correctly.

Highlighted

@Dhillan Kalyan 

Perhaps it seems like the wrong order, but this situation is still what Azure AD Connect is designed for.  I think you'll need to update the Exchange schema and you may need to get the (free?) license for a newer version of Exchange server so you can administer Exchange attributes from the on-prem environment once the sync is in place.