How To Create A Mailbox In Office 365 Hybrid
- Home
- Cloud
- Microsoft Office 365
create user >> create local mailbox >> run dirsync >> migrate mailbox >> license user
create user >> run dirsync >> license user
rachelafe wrote:
I'm in the same type of situation - we currently have a hybrid environment and my director wants to get away from that and decommission our Exchange server (we have our first meeting about it today). Everything I'm reading tells me we can't - but I don't believe it. We also currently sync local AD to Azure AD.
In most cases you can.
Ignore the Microsoft b.s. about needing the on premise Exchange Server for management. While it's true that you need to modify attributes locally if you sync AD it is easy to do so with PowerShell, ADSIEdit and other tools. Microsoft just doesn't support it.
I our case we never had Exchange, we migrated from GSuite. I installed Azure AD Connect to enable password hash sync and seamless SSO and I do have to modify AD attributes to add aliases to user mailboxes and the like. Very easily done with the AD Users and Computers attribute editor once you turn on advanced options from the View menu.
I did have to extend our AD schema for the Exchange attributes but you already have that.
- ROM
- CPU
- RAM
- GPU
8 Replies
I'm in the same type of situation - we currently have a hybrid environment and my director wants to get away from that and decommission our Exchange server (we have our first meeting about it today). Everything I'm reading tells me we can't - but I don't believe it. We also currently sync local AD to Azure AD.
There is a process to turn your on-prem users into cloud users. It is really annoying though. I have done it.
If you were previously on-prem and used dirsync then you have a bunch of users in your 365 that show up as "Synced with Active Directory" and when you click on them they say "This user is synchronized with your local Active Directory. Some details can be edited only through your local Active Directory." But if you go into portal.azure.com and go to users you'll see the accounts.
The process for making them cloud users should be to delete the user from on-prem, wait for dirsync, the go to portal.azure.com and restore the user from the recycle bin. I sometimes had to do this a couple times because dirsync timing would delete it a couple times.
When you do this then you can fully migrate the users into cloud users and you don't need ANY dirsync after everything is migrated. The only things you CANNOT move are the groups. A group must be deleted completely and remade by hand.
Try it with a test user to verify the timing then do it over a weekend or something because it will disable mailboxes! Sometimes (depending on timing) it might disable the mailbox for several hours.
Brand Representative for Softerra
Adaxes allows you to automate the whole process. All you will need to do is configure automatic Office 365 licenses assignment upon user creation. Also, remote mailboxes can be enabled in the same process if required.
https://www.adaxes.com/tutorials_ActiveDirectoryManagement_ManageAndAutomateOffice365.htm?utm_source...Miraculously, I haven't had to create a new user in several months.
However, I have to create the user locally, force a sync, execute a enable-remotemailbox in the O365 PowerShell, then assign the license. If I don't do that O365 never creates the mailbox.
Apparently that's not how it's *supposed* to have to be done, but it has been for us since almost the beginning. Sometime after we finished our initial migration it stopped allowing us to migrate new local mailboxes, always errors out.
rachelafe wrote:
I'm in the same type of situation - we currently have a hybrid environment and my director wants to get away from that and decommission our Exchange server (we have our first meeting about it today). Everything I'm reading tells me we can't - but I don't believe it. We also currently sync local AD to Azure AD.
In most cases you can.
Ignore the Microsoft b.s. about needing the on premise Exchange Server for management. While it's true that you need to modify attributes locally if you sync AD it is easy to do so with PowerShell, ADSIEdit and other tools. Microsoft just doesn't support it.
I our case we never had Exchange, we migrated from GSuite. I installed Azure AD Connect to enable password hash sync and seamless SSO and I do have to modify AD attributes to add aliases to user mailboxes and the like. Very easily done with the AD Users and Computers attribute editor once you turn on advanced options from the View menu.
I did have to extend our AD schema for the Exchange attributes but you already have that.
Basically tulioarends said. I initially setup a site with the "Windows Essentials" tool but it ended up crapping out after a while. Since, I have been able to do whatever was necessary by pushing the users to the cloud by force, using ADsync Tool to match up the passwords for convenience, and the rest you can do online. Once you get everything to show up as 'in cloud' there isn't really much need to go banging around in ADSIEdit anymore...fortunately.
One is the process you used to use, another is using powershell.
enable-remotemailbox if user is already created in AD and synced into Azure, or new-remotemailbox to create user in AD and O365 mailbox at once.
It also mentioned the disadvantages of your new process:
It's possible to simply create the Office 365 account in Active Directory, wait for AD Connect to sync the user to Office 365 and license the account. But creating new mailboxes this way never fills in the correct Exchange attributes on the user's AD account, which causes them to not display in the local EAC.
The enable-remotemailbox/disable-remotemailbox/new-mailbox etc would only be applicable if you're not running hybrid at all. What I'm describing is getting your users from the status of 'Synced with AD' to 'In Cloud'. This is typically the first hurdle in moving your AD to Azure.
If you already have users from on prem that have been synced with AD Sync Tool then you have Exchange mailbox tags on them. The problem is that you cannot manage anything (including the commands you described) while they are "Synced with AD". Before you can do anything to those boxes you need to get them to "In Cloud" status so that the only thing AD Sync tool is doing is replicating the password hash and essentially nothing else.
This topic has been locked by an administrator and is no longer open for commenting.
To continue this discussion, please ask a new question.
How To Create A Mailbox In Office 365 Hybrid
Source: https://community.spiceworks.com/topic/2214152-account-creation-in-o365-hybrid
Posted by: dollarsedid1987.blogspot.com
0 Response to "How To Create A Mailbox In Office 365 Hybrid"
Post a Comment