Best Practices to administer hybrid exchange 2016

Occasional Contributor

Hello ,


we use an Exchange administrator synced from AD to manage  botj Local Exchange and Exchange Online .our security teams push us to use a cloud account to manager exchange online and not with synced one .

i'm thinking is there a task that needs a Local Exchange Administer and Exchange Online to be with the same account ,Like migrate mailbox from onpremise to office 365 .is there another common tasks must be used with the same account for example? because i'm not hot for this idea from our security teams



5 Replies



So you mean that you have admin access to only Exchange Online not on Exchange On Prem..?


If yes, you definitely need an Admin account to manage Exchange On Prem & Online mailboxes....


As you wont be able to do much with an account that is Exchange online only... 




Ronie Nishad

Sr Consultant



Hi, the best way i do this is by using my domain account that has global admin rights on the admin center and making sure that this account is in the Organization Management group in active directory. this way you can run a migration from on-premise to office 365 exchange 

hope this helps you, Ste


You can use two separate accounts. They don't need to be the same. The migration uses an account built into the migration endpoint setup, so you don't need an on premises on to move mailboxes, but better is an on premises one that can make new-remotemailbox objects

@Brian Reid  thanks . do you know is there any common tasks that can be used with same accoun in onpremise and in o365 ?



best response confirmed by Azuriste01 (Occasional Contributor)
Your permissions determine what the account can do. There are no real common tasks though. If your mailboxes are all in the cloud and you are in hybrid mode for AD then you create remote mailboxes on premises and set all AD related settings on premises and in the cloud set all the license, MFA etc. You don't tend to do the same thing in both places even if it's the same account synced for admin or different accounts