Oct 30 2017
07:11 AM
- last edited on
Jan 14 2022
05:35 PM
by
TechCommunityAP
Oct 30 2017
07:11 AM
- last edited on
Jan 14 2022
05:35 PM
by
TechCommunityAP
Hi all, I've a question about setting up Azure AD Connect and maintenance of Exchange Online.
We're a MSP with allot of customers running an on-prem AD and using Exchange Online (Office365 bundles) for their e-mail.
For the convenience of the end-users we would like to enable password sync through Azure AD Connect. But when we set this up we have to do the Exchange management on-prem. And that's something we want to move away from (even with the free Exchange license key....).
How are you guys/girls dealing with this issue? Or do I miss something and can I just sync the passwords and still do the management of Exchange Online?
Oct 30 2017 12:52 PM
It's a very common ask, but unfortunately there's no other way. At least for the time being, if you want to manage/sync password from your AD, you have to do the management of Exchange attributes there as well.
Oct 30 2017 10:03 PM
SolutionIf all you want is password synchronization you can look at deploying the Windows Server Essentials role (not the server edition, just the server role) and connect on-prem AD accounts with Office 365 accounts. This will sync password changes to the cloud, but isn't the full directory sync that you get with Azure AD Connect. This works for small customers, which I imagine are the ones most feeling the pain of having to keep an on-prem Exchange server.
If you want the full directory sync experience, for now you need an on-prem Exchange server. Microsoft made announcements at Ignite 2016 and again at Ignite 2017 with their plans to create a "hybrid connector" that will do away with the on-prem Exchange server requirement, but that is still probably at least a year away (perhaps we'll get the good news at Ignite 2018).
Oct 31 2017 09:05 AM
Nov 17 2017 10:00 AM
I am curious about what the issue is. We use Azure AD Connect. We turned off our on-premise Exchange server a year ago and haven't had any issues.
Before we did it I was a bit concerned because I read that you should keep an on-premise Exchange server but our IT people said it would be fine and it has been.
What specifically is supposed to break if you don't have an on-premise exchange server?
Dec 01 2017 01:49 AM
Dec 01 2017 04:53 AM
Hi Joris,
Adsiedit is not supported by Microsoft.
You can view here the article that describe a decommission of Exchange Server.
https://technet.microsoft.com/en-us/library/dn931280(v=exchg.150).aspx
Oct 30 2017 10:03 PM
SolutionIf all you want is password synchronization you can look at deploying the Windows Server Essentials role (not the server edition, just the server role) and connect on-prem AD accounts with Office 365 accounts. This will sync password changes to the cloud, but isn't the full directory sync that you get with Azure AD Connect. This works for small customers, which I imagine are the ones most feeling the pain of having to keep an on-prem Exchange server.
If you want the full directory sync experience, for now you need an on-prem Exchange server. Microsoft made announcements at Ignite 2016 and again at Ignite 2017 with their plans to create a "hybrid connector" that will do away with the on-prem Exchange server requirement, but that is still probably at least a year away (perhaps we'll get the good news at Ignite 2018).