AD Connect with an existing O365 Tenant

Brass Contributor

we're about to enable AD Connect for an active Office 365 tenant and need some clarifications.

The Tenant is hosting O365 users with exchange online for the organization mail domain company.org but at the moment is disconnected from the On-Prem AD.

So all the users have been defined on the tenant with smtp email address as Email address removed.

No Exchange Server is present onprem.

 

The question is about Soft Merge and exchange management after the AD Connect is installed.

- Am I correct that simply having the logon account UPN been equal to the Tenant's username will be enough to "match" the users and have them synchronized by AD as master ?

- What happens to exchange online mailboxes ? Will there be any impact ?
As far as I know when the users are "managed" by AD an on-prem exchange server should be present to manage the "email" properties.

 

thanks

SC

 

7 Replies
Yes, UPN, Primary SMTP Address or "mail" are the fields used for "soft match", any should work. And yes on the management front, every scenario that involves directory synchronization requires you to have at least one Exchange box on premises, for management purposes. This is the only *supported* by Microsoft solution, although other configurations will still work. At the very least though, make sure you have the on premises AD schema extended with the Exchange attributes.
Hello
what about possible impacts on exchange mailboxes when activating the sync ?
DO we have to manually modify the "exchange" properties of each AD users to reflect the Exchange Online users. before activating the sync ?
No, you don't. And you cannot, as you don't have the Exchange AD schema extensions available. The more important caveat here is that you will need to manage everything from on-premises once you "match" the objects, which includes the Exchange properties. This is the reason why Microsoft only "supports" configurations in which there is at least one Exchange server on premises, as the Exchange management tools are the only one supported for the task of managing Exchange objects and attributes.
Hello Vasil,
I have installed an exchange 2016 server on-prem to be used as management for mailboxes.
I've also activated the ADConnect between the Domain and the tenant.
At the moment I've only enabled synchronization for a TEST OU where I moved an user.
The user has been replicated and now I see it int the tenant as "directory synced".
I expected to start seeing it also on the on-prem exchange server among the recipients but I don't.
If you want the recipients to correctly appear in on-premises Exchange, you need to perform additional tasks. Generally speaking, this is not needed, and since this thread was opened Microsoft introduced a "lightweight" solution that allows you to manage objects with the last Exchange server removed: https://docs.microsoft.com/en-us/exchange/manage-hybrid-exchange-recipients-with-management-tools
Thanks for the link provided.
I quickly read it and found that:
You still need an installed exchange server installed, tough you can keep it powered off.
You need to administer the user's properties via powershell, which the customer is not going to like.

So in this case it would be better if we can configure it in a way we can see the "reecipients" on the on-prem server too.
Can you define which additional steps are needed ?
thanks
You'll have to populate all the relevant attributes for that, and that part is not considered a supported scenario. Parts 1 and 2 of these series talk you over the experience: https://techgenix.com/off-boarding-email-office-365-exchange-2013-part2/
In your case, as the users already exist, you'll have to use Enable-RemoteMailbox instead of New-RemoteMailbox, or change the recipienttypedetails and related parameters manually.