Forum Discussion
Synchronize AD to an existing Office 365 Tenant
Hey Mwkirk,
There is a good chance that you might loose the aliases you have added manually in office 365 account when you force a sync from on-premises. The behavior is sort of unpredictable on that part, in some cases i have seen them stay, while lost in other cases. The ones stamped by office 365 services for example SIP:user@domain.com, which is for skype, should still remain intact even after the user is synced from on-premises, for other aliases you added manually you can't say. Best is to first take out a backup of all the aliases you have stamped against the office 365 mailboxes :
Get-Mailbox -resultsize unlimited | select Displayname,Userprincipalname,PrimarySmtpAddress,RecipientTypeDetails,@{Name='ProxyAddresses'; Expression={$_.EmailAddresses -join ","}} | Export-Csv MailboxEmailAddresses.csv -nti
Next you can test with one account to see if it retains the addresses.
Group synchronization should work fine.
On-premises exchange is not a hard bound requirement if you have never had one. You would be able to manage the attributes from users and computers, you can consider expanding the schema though for exchange attributes.
Even when you have all your ducks in a row, some users still might fail merging. And you might see duplicate accounts instead of one consolidated account. Ensure that the UPN, Primary SMTP address, Mail are not being used else where. If you are good on that part and still a user is failing to match, attempt a forced match after deleting the duplicate incorrect account completely:
Via command prompt on DC:
ldifde -f export.txt -r "(Userprincipalname=*)" -l "objectGuid, userPrincipalName"
This would give you the ObjectGuid for all the users.
Next you can stamp it against the user:
Set-MsolUser -UserPrincipalName User@domain.com -ImmutableId ObjectIDobtainedAbove
Run a full sync.
Thanks
Ok that is definitely helpful. I started looking at their ProxyAdresses in their O365. They apparently had on premise Exchange before because there is a parameter defined for MSEXCHMAILBOXGUID. Looks like at some point they had Lotus Notes as well becuase I see ProxyAddress values that start with with CCMAIL.
What I am thinking of doing is just blanking out all the ProxyAddress values on the local AD then take the export from O365 and import it in so that the ProxyAddress values match up in the local AD and O365.
Also, regarding the msexchmailboxguid value which I am thinking I either need to clear that value in the local AD or filter it from the synch. I have used tools like Skykick in the past for migrations and if you let that value synch then normally it would not let you create a mailbox. I have no idea what it would do if the user already has a mailbox in O365.
Thanks
MK
- Yup, you are right if you sync the mailbox GUID from on-premises, office 365 will treat you as mail user and won't provision your mailbox. You can either clear all exchange related attributes or simply exclude mailbox guid/Archive guid from synchronization.
Even if you already have a mailbox in office 365, you would still be able to soft match/hard match the users preserving the mailbox, just don't sync the mailbox guid though. And as always, Test with a few users !