Aug 02 2021 11:57 AM
Aug 02 2021 11:57 AM
I am currently running an on-premises Server 2016 domain with Active Directory and Exchange 2016 with around 65 users. I am starting to plan for migrating our Exchange server to Microsoft 365 and would like to know what method, either Minimal or Cutoff, would be the best path to take.
Right now I currently have Azure AD Connect installed and syncing my users and passwords to the Microsoft 365 admin center. If possible, I would like to keep Azure AD Connect after the migration so I can manage user accounts and passwords on my Domain Controller still but I am a little confused on how to accomplish this. If I want to keep directory synchronization enabled would I have no choice but to use the 'Cutoff' method? The 'Minimal' method notes that it disables directory synchronization after the first initial sync, but what if I want to keep this on so I still have the ability to manage users/passwords locally and have them still sync to the admin center? I am not sure what the best practices are for this, or if directory synchronization is even necessary if you plan to fully decommission Exchange from the domain like I do. It seems that if syncing was turned off then you have to manage user accounts on the Domain Controller, but also then have to manage mailboxes in Exchange Online. Is this the normal way to do this? Can directory sync remain on indefinitely after migrating and decommissioning Exchange entirely?
If any further information is needed to help clarify my intentions please let me know and I will explain the best I can. Any help is very appreciated!
Aug 02 2021 11:47 PMSolution
Aug 03 2021 07:14 AM - edited Aug 03 2021 07:16 AM
Thank you for the information, Vasil. Since you mention that if I did decommission Exchange it would be in an unsupported state, what would be the recommendation for managing local Active Directory users and their mailboxes? Say, for example, a new user needed to be created, is the recommendation, without having AAD Connect, for you to create the user on your local Domain Controller in Active Directory, then as a second step create their mailbox in the Exchange admin center? It just seems like it would be far easier to manage things like that with AAD Connect still syncing users/passwords. I'm curious what other people normally do in a situation like this. Do most people really choose to keep Exchange running even though it's not needed when all mailboxes are migrated to MS365?
Aug 03 2021 08:23 AM
Aug 04 2021 02:44 PM
Aug 05 2021 07:23 PM
MSFT recommendation in currently described scenario is to go with hybrid (minimal/express) migration as you won't have any problems related to synchronization and management. If your plan is to get rid of complete on prem-infrastructure, then cut over is the best choice because you got only 65 mailbox users. One of the requirements before starting cut over is to actually stop the directory synchronization (AAD Connect). Once migration is done, you can reconfigure the AADConnect. If you choose to go with Cut Over but still wants to keep the on Prem AD, then you need to manage some properties on daily basis via powershell or AD tools. Most common example is proxy address. As the source of authority is on prem AD, any change in proxy of M365 will be written over once synced.
Aug 06 2021 06:15 AM
Aug 06 2021 01:51 PM
Aug 06 2021 01:54 PM