Dec 03 2018 09:53 AM
At a management level, one of the assumptions (correct or incorrect) when opting for Office 365 was that synchronization would be one-way (from our Active Directory to the Office 365/Azure). Unless otherwise configured, there would be no way for possible changes in the Office 365 to be written back to local Active Directory.
Because of this, when we first configured Azure AD Connect, we did not select the optional feature "Exchange hybrid deployment" even though we plan to run the Exchange hybrid configuration wizard later (and thus have an Exchange hybrid environment).
Is selecting this optional feature... mandatory... for Exchange hybrid environments?
I was told that if the Exchange attributes that are synced back to local Active Directory are not required for our environment, the feature is optional.
We are evaluating the need for these features and the related attributes synced to local Active Directory but, assuming we did not need them, what negative effect could that have on the general hybrid environment?
For example, Exchange attributes from local Active Directory to Azure AD / Exchange Online would be synced regardless, correct?
Thank you in advance!
Dec 03 2018 10:25 AM
Dec 03 2018 11:59 AM
SolutionWhy the need not to writeback?
If you have mailboxes both and in 365, you'll want that writeback enabled.
For example the legacyExchangeDN of a moved mailbox is written back as an X500 address on-prem to the remote mailbox .
If you dont have that, its going to cause issues for your Outlook clients with cached values and public folders.
Dec 03 2018 12:02 PM
Dec 03 2018 12:05 PM
Yep, I was responding to his comment "Is selecting this optional feature... mandatory... for Exchange hybrid environments?"
Dec 03 2018 12:06 PM
Dec 04 2018 06:51 AM
Why the need not to writeback?
When the Office 365 product was evaluated, the assumption was made that nothing from the "Cloud" would make changes to our local environment (so we would be "safe" ). Features like password writeback to local AD were thought to be strictly optional. This is what security and management understood at the time. I was asked to confirm that Exchange writeback is necessary for a hybrid environment (Yes, we do intend to run the HCW and setup a hybrid environment). Details on mailbox moves being written back to on-premises seems to be a compelling reason to enable this feature.
Jun 20 2019 10:11 AM
@David Machula @Chris Webb @Andy David
Wanted to add that if you're in an AD greenfield with Exchange Online only, AzureAD Connect will not writeback the mail attribute to the user account. The mail attribute would be quite necessary for many OnPrem applications/services.
May 28 2020 03:46 AM
Can the Exchange Hybrid writeback option be chosen at a later stage in AD Connect when the organization is ready to implement Exchange Hybrid and perform migrations?
Jul 01 2022 07:28 AM
Dec 21 2022 02:21 AM
Enabling Exchange hybrid deployment in AAD connect allows Exchange Online and Exchange on-premise to learn where exactly the mailbox is hosted. If this is not turned on and if a license that allows an Exchange mailbox is assigned to the user in O365, let's say an E3, a mailbox will be provisioned in O365. To avoid this situation, it makes sense to do so before license allocation in O365. Another option is to select specific services under the license to avoid creating a cloud mailbox if you want to consider enabling this optional feature at a later stage.
Cheers,
Azhar Syed
Dec 22 2022 03:08 AM
Dec 03 2018 11:59 AM
SolutionWhy the need not to writeback?
If you have mailboxes both and in 365, you'll want that writeback enabled.
For example the legacyExchangeDN of a moved mailbox is written back as an X500 address on-prem to the remote mailbox .
If you dont have that, its going to cause issues for your Outlook clients with cached values and public folders.