SOLVED

New Exchange Online service with AD but without On-premises Exchange, minimum configuration?

%3CLINGO-SUB%20id%3D%22lingo-sub-3256992%22%20slang%3D%22en-US%22%3ENew%20Exchange%20Online%20service%20with%20AD%20but%20without%20On-premises%20Exchange%2C%20minimum%20configuration%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3256992%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20planning%20to%20setup%20a%20new%20Exchange%20Online%20service%20for%20a%20customer%2C%20they%20have%20on-premises%20AD%20already%2C%20but%20they%20don't%20have%20on-premises%20Exchange.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20wondering%20if%20anyone%20has%20done%20same%20setting%20and%20what's%20the%20minimum%20configuration.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20is%20my%20understanding%3A%3C%2FP%3E%3CP%3E1.%20Since%20they%20have%20AD%2C%20we%20want%20to%20use%20Azure%20AD%20connect%20to%20setup%20hybrid%20identity.%3C%2FP%3E%3CP%3E2.%20because%20we%20want%20to%20use%20Hybrid%20identity%2C%20the%20user%20will%20be%20on-premises%20user%2C%20so%20attributes%20like%20proxyaddresses%20can't%20be%20directly%20changed%20from%20Exchange%20Online%2C%20so%20we%20need%20to%20install%20a%20Exchange%20on-premises%20server%20to%20manage%20those%20attributes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20it's%20unclear%20for%20me%20what%20I%20need%20to%20do%20with%20this%20new%20management%20only%20Exchange%20server.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Do%20I%20need%20to%20run%20Hybrid%20Configuration%20Wizard%20from%20Exchange%20online%20to%20connect%20the%20on-premises%20Exchange%20to%20Cloud%20%3F%26nbsp%3B%20That%20will%20require%20lots%20of%20settings%20like%20expose%20the%20Exchange%20server's%20%2FEWS%2F%20service%20to%20public%2C%20autodiscover%20service%2C%20point%20autodiscover%20DNS%20to%20on-premises%2C%20etc.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20Without%20HCW%2C%20how%20should%20I%20create%20new%20O365%20mailboxes%20%3F%20I%20can't%20directly%20create%20o365%20mailbox%20from%20EAC.%20Do%20I%20just%20create%20a%20new%20mailuser%20then%20assign%20it%20a%20O365%20license%2C%20is%20this%20a%20supported%20configuration%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3.%20Is%20there%20any%20other%20options%20%3F%20For%20example%20I%20can%20see%20some%20attributes%20for%20on-premises%20users%20can%20still%20be%20wrote%20back%20to%20on-premises%20through%20Azure%20AD%20Connect%20sync%20rule%20(%20usagelocation%20and%20cloudcertificate).%26nbsp%3B%20Is%20it%20possible%20to%20change%20AADC%20sync%20rule%20to%20allow%20attributes%20like%20proxyaddresses%20be%20updated%20from%20Cloud%3F%20Then%20we%20can%20get%20rid%20of%20the%20management%20only%20Exchange.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20any%20suggestions!%3C%2FP%3E%3CP%3EJack%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3256992%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3257827%22%20slang%3D%22en-US%22%3ERe%3A%20New%20Exchange%20Online%20service%20with%20AD%20but%20without%20On-premises%20Exchange%2C%20minimum%20configuration%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3257827%22%20slang%3D%22en-US%22%3ESince%20you%20will%20need%20to%20manage%20all%20the%20attributes%20on-premises%2C%20mail%20user%20is%20preferred%20yes.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3257414%22%20slang%3D%22en-US%22%3ERe%3A%20New%20Exchange%20Online%20service%20with%20AD%20but%20without%20On-premises%20Exchange%2C%20minimum%20configuration%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3257414%22%20slang%3D%22en-US%22%3EThanks%20Vasil%2C%20yes%20I%20understand%20the%20purpose%20for%20the%20on-premises%20is%20for%20management%2C%20just%20wasn't%20sure%20what%20is%20the%20supported%20way%20to%20create%20new%20mailboxes%20without%20HCW%20(%20can't%20create%20office365%20mailbox%20from%20on-premises%20Exchange%20without%20HCW).%3CBR%20%2F%3E%3CBR%20%2F%3ENow%20based%20on%20the%20Microsoft%20blog%2C%20I%20think%20mailuser%20is%20the%20way%20to%20go.%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3257175%22%20slang%3D%22en-US%22%3ERe%3A%20New%20Exchange%20Online%20service%20with%20AD%20but%20without%20On-premises%20Exchange%2C%20minimum%20configuration%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3257175%22%20slang%3D%22en-US%22%3EYou%20don't%20need%20the%20HCW%2FHybrid%20config.%20And%20the%20only%20reason%20you%20need%20an%20Exchange%20management%20box%20is%20because%20that's%20the%20only%20*supported*%20way%20to%20manage%20Exchange-related%20objects%20and%20attributes.%20Technically%2C%20you%20can%20manage%20them%20just%20fine%20with%20the%20AD%20tools%2C%20as%20long%20as%20you%20have%20the%20Exchange%20schema%20extensions.%20But%20even%20though%20this%20is%20technically%20possible%2C%20it's%20not%20considered%20a%20supported%20scenario%2C%20thus%20Microsoft%20advises%20against%20it.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3257013%22%20slang%3D%22en-US%22%3ERe%3A%20New%20Exchange%20Online%20service%20with%20AD%20but%20without%20On-premises%20Exchange%2C%20minimum%20configuration%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3257013%22%20slang%3D%22en-US%22%3EOK%20I%20guess%20option%202%20is%20a%20valid%20option.%20a%20old%20blog%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fdecommissioning-your-exchange-2010-servers-in-a-hybrid%2Fba-p%2F597185%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fdecommissioning-your-exchange-2010-servers-in-a-hybrid%2Fba-p%2F597185%3C%2FA%3E%3CBR%20%2F%3E%22in%20many%20cases%20an%20Exchange%202010%20server%20can%20simply%20be%20added%20back%20to%20the%20organization%20to%20simplify%20the%20management%20process.%20These%20organizations%20will%20need%20to%20ensure%20that%20a%20mail-enabled%20user%20is%20in%20place%20for%20all%20Exchange%20Online%20mailboxes%20in%20order%20to%20properly%20configure%20the%20mailboxes%22%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20a%20mail-enabled%20user%20(%20mailuser%20)%20is%20the%20proper%20configuration.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I am planning to setup a new Exchange Online service for a customer, they have on-premises AD already, but they don't have on-premises Exchange.

 

I am wondering if anyone has done same setting and what's the minimum configuration. 

 

Here is my understanding:

1. Since they have AD, we want to use Azure AD connect to setup hybrid identity.

2. because we want to use Hybrid identity, the user will be on-premises user, so attributes like proxyaddresses can't be directly changed from Exchange Online, so we need to install a Exchange on-premises server to manage those attributes.

 

But it's unclear for me what I need to do with this new management only Exchange server.

 

1. Do I need to run Hybrid Configuration Wizard from Exchange online to connect the on-premises Exchange to Cloud ?  That will require lots of settings like expose the Exchange server's /EWS/ service to public, autodiscover service, point autodiscover DNS to on-premises, etc. 

 

2. Without HCW, how should I create new O365 mailboxes ? I can't directly create o365 mailbox from EAC. Do I just create a new mailuser then assign it a O365 license, is this a supported configuration?

 

3. Is there any other options ? For example I can see some attributes for on-premises users can still be wrote back to on-premises through Azure AD Connect sync rule ( usagelocation and cloudcertificate).  Is it possible to change AADC sync rule to allow attributes like proxyaddresses be updated from Cloud? Then we can get rid of the management only Exchange.

 

Thanks for any suggestions!

Jack

 

 

 

 

 

 

 

 

 

 

 

4 Replies
OK I guess option 2 is a valid option. a old blog: https://techcommunity.microsoft.com/t5/exchange-team-blog/decommissioning-your-exchange-2010-servers...
"in many cases an Exchange 2010 server can simply be added back to the organization to simplify the management process. These organizations will need to ensure that a mail-enabled user is in place for all Exchange Online mailboxes in order to properly configure the mailboxes"

So a mail-enabled user ( mailuser ) is the proper configuration.



You don't need the HCW/Hybrid config. And the only reason you need an Exchange management box is because that's the only *supported* way to manage Exchange-related objects and attributes. Technically, you can manage them just fine with the AD tools, as long as you have the Exchange schema extensions. But even though this is technically possible, it's not considered a supported scenario, thus Microsoft advises against it.
Thanks Vasil, yes I understand the purpose for the on-premises is for management, just wasn't sure what is the supported way to create new mailboxes without HCW ( can't create office365 mailbox from on-premises Exchange without HCW).

Now based on the Microsoft blog, I think mailuser is the way to go.
best response confirmed by Jack_Chen1780 (Occasional Contributor)
Solution
Since you will need to manage all the attributes on-premises, mail user is preferred yes.