O365 question
-
I recently completed a migration to Office 365. I needed to dump my Exchange 2010 on-prem server, as the hardware was EOL. The main thing you can't do if you dump the hybrid configuration is use AADConnect to sync your users/groups.
-
@wrx7m said in O365 question:
. The main thing you can't do if you dump the hybrid configuration is use AADConnect to sync your users/groups.
You don't need Exchange for that tool. It's federation that keeps you from dumping the on prem.
-
@scottalanmiller said in O365 question:
@wrx7m said in O365 question:
. The main thing you can't do if you dump the hybrid configuration is use AADConnect to sync your users/groups.
You don't need Exchange for that tool. It's federation that keeps you from dumping the on prem.
https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange
I never had federation, and I had to dump AADConnect when decommissioning on-prem Exchange. The reason is because there is no way to manage certain attributes of the cloud mailboxes. The options are literally grayed out on those that are synced from on-prem.
-
@wrx7m said in O365 question:
@scottalanmiller said in O365 question:
@wrx7m said in O365 question:
. The main thing you can't do if you dump the hybrid configuration is use AADConnect to sync your users/groups.
You don't need Exchange for that tool. It's federation that keeps you from dumping the on prem.
https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange
I never had federation, and I had to dump AADConnect when decommissioning on-prem Exchange. The reason is because there is no way to manage certain attributes of the cloud mailboxes. The options are literally grayed out on those that are synced from on-prem.
But only greyed out on the one side, right? You can still manage them from the O365 side as usual.
-
@scottalanmiller grayed out on Office 365 side. Until you dump AADCONNECT, you can't edit them in the cloud.
There is another option here -
It allows you to install a role on a Windows server to do password sync to Office 365.
-
@wrx7m said in O365 question:
@scottalanmiller grayed out on Office 365 side. Until you dump AADCONNECT, you can't edit them in the cloud.
There is another option here -
It allows you to install a role on a Windows server to do password sync to Office 365.
AADconnect is a function of Active Directory, not Exchange. Losing on prem Exchange means you cannot edit mailboxes locally and have the changes sync'd to O365, but nothing else.
-
@kelly if you use aadconnect, you will be unable to make edits to certain attributes in office 365. If you want to make these edits, you have to stop using aadconnect.
-
@wrx7m said in O365 question:
@kelly if you use aadconnect, you will be unable to make edits to certain attributes in office 365. If you want to make these edits, you have to stop using aadconnect.
If you know where to look, you can fix that.
-
@obsolesce said in O365 question:
@wrx7m said in O365 question:
@kelly if you use aadconnect, you will be unable to make edits to certain attributes in office 365. If you want to make these edits, you have to stop using aadconnect.
If you know where to look, you can fix that.
That is interesting. However, if you are using ADSIEdit to perform these modifications and syncing via aadconnect, MS doesn't support it.
-
@wrx7m said in O365 question:
@obsolesce said in O365 question:
@wrx7m said in O365 question:
@kelly if you use aadconnect, you will be unable to make edits to certain attributes in office 365. If you want to make these edits, you have to stop using aadconnect.
If you know where to look, you can fix that.
That is interesting. However, if you are using ADSIEdit to perform these modifications and syncing via aadconnect, MS doesn't support it.
No ADSIEdit... this is AADConnect (or whatever the name of it is this month).
MS very much supports it. Those values are in there by default, just not automatically set to sync.
Like, hiding from address list? How's that not supported from Microsoft? There's a checkbox right there in the O365 interface to hide something from the address list... but by default, that is not synchronized from AD and you must enable it to be.
-
@obsolesce Is this something that requires Exchange 2016 to be running on-prem? It doesn't say in that article.
-
@wrx7m said in O365 question:
@obsolesce Is this something that requires Exchange 2016 to be running on-prem? It doesn't say in that article.
Almost nothing requires Exchange on prem any more. There are edge cases, but the majority will never need it for any of the functionality to exist. The other thing to consider is the replication direction. Most of the Exchange attributes do not need to be sync'd to AD, and will only exist in Exchange Online, thus bypassing AADconnect.
-
@wrx7m said in O365 question:
@obsolesce Is this something that requires Exchange 2016 to be running on-prem? It doesn't say in that article.
No, all you need to do is run a simple command that extends your AD Schema with the Exchange 2016 extensions / attributes. This is posted in the first step here. This is safe to do. All it does is adds the
ms-Exch
attributes you see when you are in the properties of an AD object and look in the attributes tab. These are the attributes that AADConnect synchronizes to O365. There's no need for any on-prem exchange server. -
@wrx7m said in O365 question:
@obsolesce Is this something that requires Exchange 2016 to be running on-prem? It doesn't say in that article.
I know loads of shops that do this, and none have on prem Exchange of any sort. Hybrid deployments have been seen as very bad since going to hosted first happened. So much to break.
-
@scottalanmiller
Go back and read the link I posted to MS supportI am just saying, currently, it is the supported method to have an Exchange server on-prem to manage mailboxes IF you want to use aadconnect.
Also, they hinted at a new service that would do away with the Exchange on-prem requirement at Ignite last year and the year before.
Per this link -
https://practical365.com/exchange-server/removing-premises-exchange-servers-migrating-office-365/
-
@wrx7m said in O365 question:
@scottalanmiller
Go back and read the link I posted to MS supportI am just saying, currently, it is the supported method to have an Exchange server on-prem to manage mailboxes IF you want to use aadconnect.
Also, they hinted at a new service that would do away with the Exchange on-prem requirement at Ignite last year and the year before.
Per this link -
https://practical365.com/exchange-server/removing-premises-exchange-servers-migrating-office-365/
Where it says this:
In addition, even if you have directory synchronization in place without running the Hybrid Configuration Wizard, you still cannot manage most of the recipient tasks from the cloud.
That is by design... and is what you want! Because, you would then be "managing most of the recipient tasks" from on-prem AD instead... which synchronizes to the cloud.
When you use AADConnect and synchronize users/mailboxes from on-prem AD to O365, it's easier because you don't have to dick around in the O365 Admin portal... you do everything from within your AD users console! It's so much easier and faster.
A hybrid configuration is not at all the recommended set-up, in fact, it's the least recommended setup. Fully hosted on O365 is best, fully hosted on-prem Exchange is second, Hybrid is last (because it increases the complexity AND costs of everything).
-
@obsolesce To me, what you say makes sense. I still don't know why MS wouldn't promote that method and have it laid out saying that you should keep your Exchange server after a migration. So much so, that they have a special license that you can get for a hybrid management scenario.
-
@wrx7m said in O365 question:
@obsolesce To me, what you say makes sense. I still don't know why MS wouldn't promote that method and have it laid out saying that you should keep your Exchange server after a migration. So much so, that they have a special license that you can get for a hybrid management scenario.
That there is a license makes sense, their goal is to sell you more stuff.
But I've never heard MS recommend this, except for one or two rogue O365 people who took it upon themselves (and is why I don't trust MS for support.) But in general, I've always seen MS promoting eliminating on site Exchange just as much as the community.
-
@scottalanmiller - It is a free license, so selling more stuff doesn't really matter.
-
@wrx7m said in O365 question:
@scottalanmiller - It is a free license, so selling more stuff doesn't really matter.
How do you get Exchange for free? I know that there are licenses that include it, but they cost more AFAIK.