Forum Discussion
Reconnecting Exchange Online Mailbox
Easiest way to go completely cloud only is to disable directory sync tenant wide using PowerShell as per the following link;
https://docs.microsoft.com/en-us/office365/enterprise/turn-off-directory-synchronization
This is only suitable if you are completely prepared for cloud only identity for all of your O365 objects however.
If you needed to do this on a per user basis, then the simplest way is to do what you did and delete the on-prem account, then wait for the sync. The O365 account will move from Active Users to Deleted Users. You may then choose the option to restore the user which will recreate it as a cloud only object.
If you have Exchange Hybrid, be careful of your mail flow though. Make sure you take this into consideration too.
Easiest way to go completely cloud only is to disable directory sync tenant wide using PowerShell as per the following link;
https://docs.microsoft.com/en-us/office365/enterprise/turn-off-directory-synchronization
This is only suitable if you are completely prepared for cloud only identity for all of your O365 objects however.
If you needed to do this on a per user basis, then the simplest way is to do what you did and delete the on-prem account, then wait for the sync. The O365 account will move from Active Users to Deleted Users. You may then choose the option to restore the user which will recreate it as a cloud only object.
If you have Exchange Hybrid, be careful of your mail flow though. Make sure you take this into consideration too.
Thanks for your reply. If I do that won't that mean the accounts will still show as Windows Server Accounts in Azure and then also mean I'm restricted on what I can edit for those users and mailboxes?
I may be using the incorrect term with Hybrid as all my mail routing is already directly to O365 the only thing I have left is an SBS box with the users that are sync'd with AD Connect and the Exchange which is only use to administer the Exchange properties of those users.
Is that error I received something I need to be concerned with or can I go though the process and use
AllowLegacyDNMismatch switch to proceed?
As far as I'm aware I believe I have everything in place to be fully cloud, like I said the on-prem SBS box isn't really doing anything now and I'm keen to remove it from my setup gracefully than have to try and unpick something if it fails on me at some point.
Thanks for your time and reply.
Mark
No, the opposite would be true. The accounts would be cloud only and completely manageable from the O365 portal / Azure AD with no reliance to on-premises.
I've never done what you are trying to achieve using your method so I can't comment to that. However, you could test the experience with a test account to check what the impact would be.
Oh right ok, so if I understand correctly if I follow that article you have referenced the account that have sync'd into Azure from my On-Prem will automatically change and the source in Azure Active Directory will change from Windows Server AD to Azure Active Directory and then I can decommission the on-prem server simple as that?
I'd rather do this the correct way rather than the way I discovered.
Thanks
Mark
Absolutely correct yes. Done it many times this way and it works great! If your mailflow is already pointed to Exchange Online too then you are good to go with this.