Mar 06 2023 09:42 AM
My overall plan is to migrate our Exchange 2013 server to Exchange Online. If I'm right, it will be easier if I install Azure AD Connect on our AD so it will sync with O365 and users can sign in with their AD account instead of their onmicrosoft.com account.
My domain is a .local domain so I'm getting 'TopLevelDomain' error when I run IdFix tool, so I added a new UPN in .com format so I'm not getting that error anymore.
What would happen when I sync Azure AD with the user accounts if some of them are already in O365? Does it create duplicate accounts for these users? Also, do I verify my .com domain in O365 before or after syncing with Azure AD?
Mar 06 2023 04:41 PM
Mar 07 2023 04:40 AM
Hi @tantonyrei,
Are your current Office365 users configured with your custom domain, ( same as the AD one )?
(.local domain is an internal AD one and it's not a valid domain to sync ).
If you have your users configured like, ( example ), contoso.com in both environment, soft matching should be possible during the sync: How to use SMTP matching to match on-premises user accounts to Office 365 user accounts for director...
The accounts will not be duplicated. If AD Connect identifies an existing cloud account with the same UPN/SMTP but is not able to do the soft match, ( probably due an immutableId error ), you'll see the sync error for that/those user/s and you'll be able to fix it. ( In that case a hard match will be required ).
This article will help you understanding the attributes population: How the proxyAddresses attribute is populated in Azure AD - Active Directory | Microsoft Learn
And I found this one that's really interesting in your scenario: Sync existing office 365 tenant with local active directory | 2 Azure
Hope this helps. Good luck 🙂
Mar 24 2023 11:04 AM - edited Mar 24 2023 11:06 AM
Sorry for the late reply. My local AD is a .local, so I added company.com UPN to my AD. My O365 is company.onmicrosoft.com, so I added company.com to the domain, but as soon as I added it, the user's Outlook stopped working and it kept asking for their password, even though I had company.onmicrosoft.com as the default.
But when I removed the company.com domain from O365 admin center, the user's emails returned back to normal and working. I'm not sure what caused it.
When I added company.com to O365 originally, it asked me to add some TXT records to my DNS and I did. It kept saying that my company.com domain was already associated with another O365 account, which my collogue created for testing, so I removed company.com from the O365 account my collogue created so I could add it to the 'live' O365 account.
Mar 24 2023 11:34 AM
Hi @tantonyrei,
The TXT record is only for the domain verification in O365, but that doesn't mean that the domain will work with mailflow.
You'll need to modify the MX, CNAME, etc... Records at the NS.
Once you add the domain, ( after the TXT record ), you'll see a screen with all the required records for email and other services.
Mar 24 2023 11:40 AM
Mar 24 2023 12:07 PM
Oh sorry, @tantonyrei!
My reply was based for a 100% cloud environment. My bad.
Did you already setup the exchange hybrid? Which kind?
If your domain is already working with the onprem environment and you setup the hybrid configuration correctly, should work perfectly.
Let me share with you some articles:
https://learn.microsoft.com/en-us/exchange/hybrid-deployment/deploy-hybrid
And here you can test the connectivity in order to see if something is wrong:
Mar 24 2023 12:09 PM - edited Mar 24 2023 12:56 PM
When you sync Azure AD with your existing O365 user accounts using Azure AD Connect, it will match the users based on their email addresses. If a user account already exists in O365, it will be matched with the corresponding AD user account and no duplicate account will be created.
However, if there are any conflicts or errors during the synchronization process, you may need to resolve them manually. For example, if there are two user accounts with the same email address, Azure AD Connect will not be able to determine which account to match with the AD user account, and you will need to resolve the conflict manually.
As for verifying your .com domain in O365, it is recommended to verify the domain before syncing with Azure AD. This will ensure that the domain is correctly configured and verified, and will avoid any issues during the synchronization process. Once the domain is verified, you can proceed with configuring Azure AD Connect to sync your AD user accounts with O365.
Mar 24 2023 12:37 PM
Mar 24 2023 12:48 PM
Mar 27 2023 01:37 AM
Hi @tantonyrei,
It depends of the number of mailboxes that you need to migrate and how will you plan it.
Find in the following link information about the different migration possibilities and their limitations:
Decide on a migration path in Exchange Online | Microsoft Learn
Mar 27 2023 05:01 AM
You don't have to use hybrid, here's an article on the possible migration scenarios.
Mar 27 2023 07:10 AM
Mar 27 2023 07:18 AM
That's right, adding the custom domain is the first of the pre-migration activities. You can take a look at the complete migration walkthrough.
Mar 27 2023 07:38 AM - edited Mar 27 2023 07:40 AM
Thanks, because its when I added my company.com domain to the existing company.onmicrosoft.com, the user's Outlook and O365 logins stopped working. That's where I'm stuck now.
I choose skip this and do this later because I wasn't sure what option to select, may be that's why.