SOLVED

How to setup Exchange 365 with AD users on local AD

%3CLINGO-SUB%20id%3D%22lingo-sub-2391931%22%20slang%3D%22en-US%22%3EHow%20to%20setup%20Exchange%20365%20with%20AD%20users%20on%20local%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2391931%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20been%20working%20with%20Exchange%20hybrid%20environment%20of%20Exchange%20on-premise%20and%20Microsoft%20365.%3C%2FP%3E%3CP%3ENow%20there%20is%20our%20separate%20company%20where%20there%20is%20nothing%20(No%20Active%20directory%2C%20no%20exchange)%3C%2FP%3E%3CP%3ESo%20I%20plan%20to%20use%20Microsoft%20365%20but%20I%20have%20some%20questions.%3C%2FP%3E%3CP%3EThis%20is%20what%20I%20planned%20to%20do.%3C%2FP%3E%3CP%3E1-Install%20Active%20directory%20on%20local%20servers%3C%2FP%3E%3CP%3E2-Install%20Azure%20AD%20connect%3C%2FP%3E%3CP%3E3-Migrate%2FSync%20AD%20users%20to%20Microsoft%20365%3C%2FP%3E%3CP%3E4-Assign%20Exchange%20licenses%20to%20users%3C%2FP%3E%3CP%3EIf%20I%20do%20this%20will%20I%20be%20able%3C%2FP%3E%3CP%3E1-Use%20Microsoft%20365%20Admin%20portal%20%3F%3C%2FP%3E%3CP%3E2-Use%20Online%20Exchange%20Admin%20Console%20%3F%3C%2FP%3E%3CP%3E3-Will%20I%20be%20able%20to%20manage%20resources%20(create%20distr.%20lists%2C%20shared%20mailboxes%2C%20contacts%2C%20rooms..)%20just%20like%20we%20do%20on%20Exchange%20on-premise.%3F%3C%2FP%3E%3CP%3E4-Which%20Microsoft%20365%20Plan%20should%20I%20purchase%20%3F%3C%2FP%3E%3CP%3E5-Or%20this%20setup%20is%20not%20possible%20because.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2391931%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2394132%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20setup%20Exchange%20365%20with%20AD%20users%20on%20local%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2394132%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1064823%22%20target%3D%22_blank%22%3E%40vpaulokello%3C%2FA%3E%26nbsp%3Bcan%20you%20provide%20a%20little%20bit%20more%20detail%20please%20as%20that%20will%20greatly%20affect%20the%20approach%2C%20but%20speaking%20in%20general%20terms%3B%3C%2FP%3E%3CP%3E-%20given%20they%20currently%20do%20not%20have%20AD%20infrastructure%20the%20first%20question%20is%20do%20they%20need%20one%3F%20Typically%20only%20needed%20if%20there%20is%20existing%20infrastructure%20or%20access%20to%20on%20prem%20resources%20are%20required...%20if%20there%20is%20no%20need%20then%20cloud%20native%20is%20the%20way%20to%20go%3C%2FP%3E%3CP%3E-%20is%20this%20separate%20company%20going%20to%20connect%20to%20your%20tenant%20of%20its%20own%20tenant%3F%20If%20their%20own%20tenant%20local%20AD%20etc%20is%20needed%20then%20you%20would%20Install%20%26amp%3B%20configure%20AD%2C%20setup%20AD%20connect%20and%20sync%20the%20users%20-%20if%20connecting%20to%20your%20existing%20tenant%20then%20read%20this%20article%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Foffice-365%2Ftwo-different-domains-in-one-office-365-tenant%2Fm-p%2F98313%23M4955%22%20target%3D%22_self%22%3EDifferent%20Domains%20in%20one%20O365%20Tenant%3C%2FA%3E%26nbsp%3Byour%20AD%20connect%20server%20would%20need%20to%20be%20able%20to%20directly%20communicate%20with%20AD%20in%20the%20new%20domain%2Fforest%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20are%20some%20caveats%20to%20be%20aware%20of%20with%20syncing%20an%20on%20prem%20AD%20where%20there%20is%20no%20exchange%20%2F%20exchange%20hybrid%20that%20it%20does%20effect%20some%20management%20elements%20in%20Exchange%20Online.%20For%20example%20with%20users%20authored%20on%20prem%20you%20cannot%20set%20proxy%20addresses%20on%20the%20users.%20Exchange%20Hybrid%20is%20the%20only%20officially%20supported%20tool%20for%20managing%20the%20Users%20exchange%20objects%20-%20however%20you%20can%20set%20these%20manually%20in%20AD%20directly%20and%20they%20will%20sync%20to%20Azure%20AD%2C%26nbsp%3B%20it%20works%20and%20haven't%20had%20an%20issue%20doing%20this%20just%20be%20aware%20it%20is%20a%20management%20overhead%20and%20is%20not%20officially%20supported%20by%20Microsoft.%20As%20for%20Shared%20Mailbox%2C%20DL%2C%20contacts%20etc.%20these%20would%20all%20be%20created%20as%20cloud%20only%20as%20there%20is%20no%20local%20Exchange%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20the%20user%20has%20been%20sync'd%20to%20Azure%20AD%20you%20will%20be%20able%20to%20view%20in%20the%20M365%20Admin%20portal%20-%20and%20potentially%20reset%20user%20password%20if%20password%20writeback%20is%20configured%2C%20once%20licensed%20with%20and%20Exchange%20Online%20mailbox%20then%20other%20exchange%20resources%20(outside%20of%20the%20users%20see%20above%20comment)%20will%20be%20managed%20via%20Exchange%20Online%20Admin%20console%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20for%20the%20required%20plan%20that%20greatly%20depends%20on%20what%20your%20requirements%20are%20and%20what%20M365%20services%20you%20wanting%20to%20consume%20and%20could%20range%20from%20just%20Exchange%20Online%20Plan%202%20right%20up%20to%20M365%20E5%20licensing%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESorry%20I%20can't%20be%20more%20specific%20than%20that%20-%20but%20with%20the%20supplied%20information%20it%20is%20impossible%20to%20provide%20clearly%20guidance%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESteve%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2394908%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20setup%20Exchange%20365%20with%20AD%20users%20on%20local%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2394908%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1000721%22%20target%3D%22_blank%22%3E%40SteveMacNZ%3C%2FA%3E%3C%2FP%3E%3CP%3EThanks%20for%20the%20reply%2C%3C%2FP%3E%3CP%3EActually%20this%20is%20totally%20separate%20company%20with%20its%20tenant.%20Though%20they%20don't%20have%20AD%2C%20we%20really%20need%20it%20for%20other%20services%2C%20so%20we%20shall%20be%20setting%20up%20AD%20infrastructure.%3C%2FP%3E%3CP%3EI%20was%20planning%20to%20purchase%20Office%20365%20E3%2C%20but%20when%20comparing%20Office%20365%20E3%20with%20Microsoft%20365%20E3%2C%20Office%20365%20E3%20says%20no%20Admin%20portal%2C%20may%20be%20I%20missed%20something%20or%20misunderstood.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsearchwindowsserver.techtarget.com%2Ftip%2FMicrosoft-365-E3-vs-Office-365-E3-What-admins-need-to-know%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsearchwindowsserver.techtarget.com%2Ftip%2FMicrosoft-365-E3-vs-Office-365-E3-What-admins-need-to-know%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I have been working with Exchange hybrid environment of Exchange on-premise and Microsoft 365.

Now there is our separate company where there is nothing (No Active directory, no exchange)

So I plan to use Microsoft 365 but I have some questions.

This is what I planned to do.

1-Install Active directory on local servers

2-Install Azure AD connect

3-Migrate/Sync AD users to Microsoft 365

4-Assign Exchange licenses to users

If I do this will I be able

1-Use Microsoft 365 Admin portal ?

2-Use Online Exchange Admin Console ?

3-Will I be able to manage resources (create distr. lists, shared mailboxes, contacts, rooms..) just like we do on Exchange on-premise.?

4-Which Microsoft 365 Plan should I purchase ?

5-Or this setup is not possible because.

4 Replies

@vpaulokello can you provide a little bit more detail please as that will greatly affect the approach, but speaking in general terms;

- given they currently do not have AD infrastructure the first question is do they need one? Typically only needed if there is existing infrastructure or access to on prem resources are required... if there is no need then cloud native is the way to go

- is this separate company going to connect to your tenant of its own tenant? If their own tenant local AD etc is needed then you would Install & configure AD, setup AD connect and sync the users - if connecting to your existing tenant then read this article Different Domains in one O365 Tenant your AD connect server would need to be able to directly communicate with AD in the new domain/forest

 

There are some caveats to be aware of with syncing an on prem AD where there is no exchange / exchange hybrid that it does effect some management elements in Exchange Online. For example with users authored on prem you cannot set proxy addresses on the users. Exchange Hybrid is the only officially supported tool for managing the Users exchange objects - however you can set these manually in AD directly and they will sync to Azure AD,  it works and haven't had an issue doing this just be aware it is a management overhead and is not officially supported by Microsoft. As for Shared Mailbox, DL, contacts etc. these would all be created as cloud only as there is no local Exchange

 

Once the user has been sync'd to Azure AD you will be able to view in the M365 Admin portal - and potentially reset user password if password writeback is configured, once licensed with and Exchange Online mailbox then other exchange resources (outside of the users see above comment) will be managed via Exchange Online Admin console

 

As for the required plan that greatly depends on what your requirements are and what M365 services you wanting to consume and could range from just Exchange Online Plan 2 right up to M365 E5 licensing

 

Sorry I can't be more specific than that - but with the supplied information it is impossible to provide clearly guidance

 

Steve :)

 

 

@SteveMacNZ

Thanks for the reply,

Actually this is totally separate company with its tenant. Though they don't have AD, we really need it for other services, so we shall be setting up AD infrastructure.

I was planning to purchase Office 365 E3, but when comparing Office 365 E3 with Microsoft 365 E3, Office 365 E3 says no Admin portal, may be I missed something or misunderstood.

https://searchwindowsserver.techtarget.com/tip/Microsoft-365-E3-vs-Office-365-E3-What-admins-need-to...

 

best response confirmed by vpaulokello (New Contributor)
Solution

@vpaulokello 

From your explanation above, here are my inputs:

 

1-Install Active directory on local servers = Easy. Try to create users & groups in AD which are same as Office 365 tenant. Export the list of users from the portal. This will allow the identities to soft match.

 

2-Install Azure AD connect.

 

3-Migrate/Sync AD users to Microsoft 365= If the users already exist in Microsoft 365 tenant, then try to create the same identities in AD. This leads to a soft match & avoids additional work.

 

4-Assign Exchange licenses to users

 

If I do this will I be able

 

1-Use Microsoft 365 Admin portal ? = Yes (What features will be available depends on the license.

 

2-Use Online Exchange Admin Console ? = Yes

 

3-Will I be able to manage resources (create distr. lists, shared mailboxes, contacts, rooms..) just like we do on Exchange on-premise.? Yes

 

4-Which Microsoft 365 Plan should I purchase? = Depends on a lot of aspects like No. of users (Business Plans only allow up to 300 users, Enterprise plans go higher), What features do the users need, What is the approved cost. Microsoft 365 lets you use a combination of licenses on the tenants. So, it all depends on your requirements & the budgets.

 

https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products

https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans

https://go.microsoft.com/fwlink/?linkid=2139145  

 

5-Or this setup is not possible because.

 

Setting up AD infrastructure will be easy. Creating users in AD & matching them with the cloud identities will be messy (depends on the count of objects in AD, SMTP addresses, etc.). However, it can be done with proper planning.

 

I was planning to purchase Office 365 E3, but when comparing Office 365 E3 with Microsoft 365 E3, Office 365 E3 says no Admin portal, may be I missed something or misunderstood.

https://searchwindowsserver.techtarget.com/tip/Microsoft-365-E3-vs-Office-365-E3-What-admins-need-to...

 

Office 365 (old version, plans like Office 365 E1/E3/E5….only provides Office 365 services & apps) whereas Microsoft 365 (new licenses like M365 E1/E3/E5 has more security & compliance feature in addition to what Office 365 licenses offer)

 

So, the only missing option would be Microsoft 365 features from the admin console in case you opt for Office 365 licenses. Please see the attached pic.

 

Thanks for the feedback. Otherwise just for information, so far there are no users or groups in the tenant, just empty. It will just be a fresh provisioning after installing AD on premise and doing the migration/Sync with AD connect