Enable AD Connect sync with existing Office 365 accounts and mailbox

Brass Contributor

Hi,

 

I'm managing an Office 365 tenant with 60 users with E3 subscription. For the moment all users have a username with @mydomain.onmicrosoft.com domain and a mailbox associated.

 

Now, I want to synchronize password of the local AD with Office 365 accounts. So I have to install AD Connect and configure the sync. How to sync a local AD user with an existing Office 365 user ? Note that for the moment, I can't change the @mydomain.onmicrosoft.com because there is a mailbox migration running.

 

And when the sync is done, how can I manage online mailbox ? Do I have to install a local hybrid Exchange ? But if everything is already created online, how my Exchange will know existing mailboxes ?

 

Thank you for you help

10 Replies

You should have done the directory sync before you started the mailbox migration. 

 

The easiest way to do this for 60 users is described at https://support.office.com/en-us/article/use-minimal-hybrid-to-quickly-migrate-exchange-mailboxes-to...

 

But since you did not do that, see https://support.microsoft.com/en-us/help/2641663/how-to-use-smtp-matching-to-match-on-premises-user-... to get these cloud accounts connected to the on-premises accounts

 

Hi,

 

Thank you for your answer. Ok but now the migration is already started, and I must wait till it's finished to perform any change in Office 365.

 

So I can prepare the local AD accounts for the moment. For the SMTP matching, is it enough to fill the E-mail filed in the General tab of a user properties (Attribute : mail) ? Or do I have to set the "ProxyAddresses" attribute ?

 

For the moment there is no Exchange server present, all e-mails was on an external Zimbra server.

So for mailboxes management, it's recommended to have an hybrid Exchange. Regarding our situation, when the Exchange server must be installed and when the hybrid configuration should be run ?

And how mailbox attributes present on Exchange Online will be be imported to local ?

 

Thank you

After the migration is completed, you should change users' UPNs to match those in on prem AD. I'm assuming that the login name in on prem AD is same than email address. After that, you can run the AAD Connect to synchronize your users (and connect the existing Office 365 users to AD users).

 

For the SMTP match, mail attribute works fine unless there is something in capital in ProxyAddresses attribute (such as SMTP:something@else.com).

 

You do not need Exchange in your scenario, you can manage users (and mailboxes) in on prem AD. However, to add aliases etc., you need to populate ProxyAddresses attribute.

 

After you configure AAD connect, all attributes are synced from on prem to AAD. It will sync back to AD only mailbox archive guids. 

Hi Nestori,

 

Thank you for your answer. the problem is that the login name dosen't match the mail address. In this case, do I have to set the UPN as the mail domain ?

 

The SMTP match should be okay, the mail attribute is set and the proxyAddresses is empty.

 

In the case, where I want a local Exchange to migrate user mailbox to shared, or other things, is it easy to install ?

 

Regards

 

Hi Julien,

 

It doesn't matter what the UPN is, as long as it matches the user's login name. Or are you saying that your on-premises UPN is not an email address, i.e. username@domain.local? If so, when configuring Azure AD connect, just select to use mail attribute for UPN and you should be fine.

 

You do not need Exchange to convert users to shared mailboxes, you can do that in Office 365 too. Last time I installed an Exchange server from scratch, it took 10 hours or so. How difficult it is, depends on your current environment etc.

Hi Julien,

 

1. You NEED Exchange on-premises for recipient management. It is not supported to change for example alias and proxyaddresses attribute via Active Directory.

 

2. Only with Exchange 2016 CU10 you can create shared mailboxes directly in Exchange Online.

 

3. Your UPN should match your primary smtp address as best practices. If you can do this change, do it.

 

Best,

Dominik

@Dominik Hoefling You don't need a full install of Exchange to manage a hybrid AD / O365 mail environment.  You just need the Azure AD Connect software.  It includes the PowerShell modules needed for AD Users and Computers to edit the necessary information.

When I try this, I get an AttributeValueMustBeUnique error when it tries to syncronize for the new user since the UserPrincipalName is not unique. I followed the guide on this page...

https://support.microsoft.com/en-us/help/2641663/use-smtp-matching-to-match-on-premises-user-account...

 

Do you know how to get around this?

 

p.s. Sorry for posting on an old thread. It was one of only a few that I could find that directly discusses AD Connect to an existing 365 company. 

 

Thanks

 

dan_jjjj_0-1597161174661.png

 

@dan_jjjj,can you give more details about the scenario?

Hello @Dean

 

I wanted to followup on this thread. We are in the process of a similar migration. My question is since the Microsoft Office 365 license was originally issues in Office online 365 and now its being re-issues to on-premise account AD , what will the end user desktop experience be? Will they be prompted / required to re-logon to their Microsoft account once they reopen Outlook? I reason I ask is because we have 152 users who will be in this same scenario and having 152 users all at once being prompted for credentials is very time consuming to support.

 

Any thoughts to this will be welcomed, thank you.

Jerry