Aug 17 2021 08:43 AM - edited Aug 17 2021 11:19 AM
Objective: Convert all Exchange 2013 users to Microsoft 365 cloud-only users and remove on-prem AD.
Hello,
We have Exchange 2013 with Hybrid Configuration, and only 20 users. Our on-prem AD is only for Exchange authentication purpose and doesn't do anything else. We plan to convert all users to cloud-only users and are halfway there. However, Microsoft 365 asks for Azure AD Premium P1 licenses, or it doesn't allow Hybrid users to do SSPR (Self Service Password Reset). How can we bypass AAD P1 license and let users reset their password using SSPR? (We won't need on-prem AD after we finish migration.) Is the unofficial method listed below the only way to go?
https://www.sikich.com/insight/office-365-convert-an-active-directory-synced-account-to-cloud-only/
Thank you!
-Andrew
Ps. Without AAD P1 license, the Hybrid users can't change password on Microsoft 365 portal. (Business Basic license.) This message would appear instead: "Your organization doesn’t allow you to change your password on this site."
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-licensing
Aug 17 2021 11:13 PM
Aug 18 2021 06:41 AM
Solution
Aug 18 2021 07:16 AM
Aug 18 2021 08:28 AM - edited Aug 18 2021 09:00 AM
Glad you could find value. Look forward to your results
Adding on to above:
Since, removing on-prem AD after migration to 365 is not only about getting rid of passwords, but in the context of password synchronization, there are solutions such as Password Centre that can automatically sync passwords at multiple locations meaning Active Directory and 365, so a user can easily update password in one location and it gets replicated / updated to the other as well.
Aug 18 2021 06:41 AM
Solution