Jul 09 2020 02:51 PM
Jul 10 2020 10:16 AM
So you already have some live email accounts in O365, but you have not yet configured Exchange Hybrid? Is that correct? How are the O365 mail accounts setup for identity - are the cloud only?
Jul 10 2020 11:05 AM
@PeterRising Out of 19 domains two are cloud only, so there users are syncing from local AD (UPN Suffix) but their mailboxes were provisioned in cloud.
Other all domains are just email domains added to Exchange on-premise online ( all user with these domains are syncing to cloud with UPN suffix which is common across.
These users have SMTP in local AD but not all proxy addresses which are there in exchange servers.
Jul 10 2020 11:28 AM
OK, and in what way does this break mail flow for you please? Can you give me an example?
Jul 10 2020 11:40 AM
Peter, Thank you.
When I add any email domain in office 365 and verify this.> Obviously the domain will become Authoritative but it should not break mail flow to on-premise exchange , but it does.
after verifying all these email domains I will be running Azure AD Connect to Sync and convert them manged.
Jul 10 2020 11:45 AM
Ah I understand now. Yes this would be expected behaviour. What you would need to do is as you suggest and change the added domains to be internal relay, and then you will need to set up a send connector in Exchange Online from Office 365 to Your Organizations Email Server, and set it to deliver mail to the smart host address of your on-premises Exchange Server. This should do the trick for you.
Jul 10 2020 11:45 AM
@Abdul Farooque as long as all mail-enabled objects are synchronized to Azure, there should no problem with an authoritative domain. If the domain is set to authoritative, DBE (Directory Based Edge) blocking becomes active which means if a mail will be send to a non-existing recipient in EXO, it will be blocked.
During coexistence and your migration phase, change the domains to internal relay and then analyse the mail flow bevor changing it back to authoritative (and maybe consider switch the MX record to EOP as well).
Jul 10 2020 11:50 AM
Got it, and after this I can run hcw, right?
another concern I have many users doesn't have their Proxy addresses populated in AD, though exchange does have these proxy address. I am thing I should populate them before running sync or it will break the incoming to these aliases once the migration is completed?
Jul 10 2020 11:55 AM
@Abdul Farooque then you can run HCW, yes.
How can mailboxes have email addresses but they are not populated under the proxyaddresses attribute in AD? This seems to be a serious issue to me that should definitely be solved prior synchronization.
Jul 10 2020 12:10 PM
Thank you. Do you think so that if a user is created in ECP with Proxy addresses but AD doesn't have that domain added as UPN Suffix,still that proxy address will be pushed down to AD?
Jul 10 2020 12:17 PM
@Abdul Farooque you mean if you create a remote mailbox in ECP which is hosted in Exchange Online? The proxy address attribute will be written back to your on-premises AD with AAD Connect. You don't need an UPN suffix for every email address, this is only required for your UPN in your on-prem AD.
It's weird that your email addresses aren't visible in the proxy address attribute in your AD ...
Jul 10 2020 12:22 PM - edited Jul 10 2020 12:22 PM
@Dominik Hoefling @Abdul Farooque
What I would add to this is that once the HCW has run, you should no longer need the domains to be set as internal relay, and the connector should not be needed either. Coexistence should take care of things at this point.
Jul 10 2020 12:34 PM
@PeterRising it depends. Authoritative should be set if all recipients are either synchronized or migrated to Exchange Online. If you have any kind of applications on-prem like printers, scanners etc. than you need a connector - not the hybrid connector, but it's already there so why change it. Always analyze your environment and then decide if things are necessary or not.
Jul 10 2020 01:32 PM
Jul 10 2020 01:33 PM
@PeterRising Thank you so much.Appreciated.
Jul 10 2020 01:39 PM
Ah! Let me explain this. You mean that if my users are already syncing with UPNs , than I don't need to add all emails domain in local AD to sync them up? and I can migarte mailboxes even their email domain or Primary email addresses are different than upn domain?
My understanding is "users are synced based on UPN( UPN domain is not email domain), since users have their Primary domains different than UPNs so I must sync them all , your thoughts?
Jul 10 2020 01:41 PM
@PeterRising..got it Peter.
and I also tested that if I create a user in Exchnage on-premise and add a proxy field manually, it does populate to AD..So I am OK here, right?
Jul 10 2020 01:47 PM
@Abdul Farooque exactly, what I mean is that you don't have to add all your 22 domains as an UPN suffix in your on-prem AD. For example, you are using just two UPNs:
- contoso.com
- fabrikam.com
Then only both need to be added in your AD, independent of the email address of the users (abc.com).
Jul 10 2020 11:51 PM
Jul 13 2020 05:40 AM