SOLVED

Best Practices to administer hybrid exchange 2016

Copper Contributor

Hello ,

 

we use an Exchange administrator synced from AD to manage  botj Local Exchange and Exchange Online .our security teams push us to use a cloud account to manager exchange online and not with synced one .

i'm thinking is there a task that needs a Local Exchange Administer and Exchange Online to be with the same account ,Like migrate mailbox from onpremise to office 365 .is there another common tasks must be used with the same account for example? because i'm not hot for this idea from our security teams

 

Regards

5 Replies

@Azuriste01 

 

So you mean that you have admin access to only Exchange Online not on Exchange On Prem..?

 

If yes, you definitely need an Admin account to manage Exchange On Prem & Online mailboxes....

 

As you wont be able to do much with an account that is Exchange online only... 

 

Thanks

 

Ronie Nishad

Sr Consultant

@Azuriste01

 

Hi, the best way i do this is by using my domain account that has global admin rights on the admin center and making sure that this account is in the Organization Management group in active directory. this way you can run a migration from on-premise to office 365 exchange 

hope this helps you, Ste

 

You can use two separate accounts. They don't need to be the same. The migration uses an account built into the migration endpoint setup, so you don't need an on premises on to move mailboxes, but better is an on premises one that can make new-remotemailbox objects

@Brian Reid  thanks . do you know is there any common tasks that can be used with same accoun in onpremise and in o365 ?

 

Regrds

best response confirmed by Azuriste01 (Copper Contributor)
Solution
Your permissions determine what the account can do. There are no real common tasks though. If your mailboxes are all in the cloud and you are in hybrid mode for AD then you create remote mailboxes on premises and set all AD related settings on premises and in the cloud set all the license, MFA etc. You don't tend to do the same thing in both places even if it's the same account synced for admin or different accounts
1 best response

Accepted Solutions
best response confirmed by Azuriste01 (Copper Contributor)
Solution
Your permissions determine what the account can do. There are no real common tasks though. If your mailboxes are all in the cloud and you are in hybrid mode for AD then you create remote mailboxes on premises and set all AD related settings on premises and in the cloud set all the license, MFA etc. You don't tend to do the same thing in both places even if it's the same account synced for admin or different accounts

View solution in original post