How To Create A Mailbox In Office 365 Hybrid

Home
Cloud
Microsoft Office 365

Question about O365 hybrid environment:

Our set up used to be: On-prem AD and on-prem Exchange

To create a new user/mailbox, we would create the object in AD, create the mailbox in Exchange, run dirsync, migrate the mailbox to O365, license the account.

We've since moved AD to Azure (local AD still exists and syncs to Azure). So my question is - do we still need to create the mailbox locally and migrate or can we just skip this step and just license the account once it shows in active users in O365?

OLD PROCESS:
create user >> create local mailbox >> run dirsync >> migrate mailbox >> license user

NEW PROCESS?
create user >> run dirsync >> license user

tulioarends

This person is a verified professional.

Verify your account to enable IT peers to see that you are a professional.

Jun 5, 2019 at 19:22 UTC

Microsoft Office 365 expert

rachelafe wrote:

I'm in the same type of situation - we currently have a hybrid environment and my director wants to get away from that and decommission our Exchange server (we have our first meeting about it today). Everything I'm reading tells me we can't - but I don't believe it. We also currently sync local AD to Azure AD.

In most cases you can.

Ignore the Microsoft b.s. about needing the on premise Exchange Server for management. While it's true that you need to modify attributes locally if you sync AD it is easy to do so with PowerShell, ADSIEdit and other tools. Microsoft just doesn't support it.

I our case we never had Exchange, we migrated from GSuite. I installed Azure AD Connect to enable password hash sync and seamless SSO and I do have to modify AD attributes to add aliases to user mailboxes and the like. Very easily done with the AD Users and Computers attribute editor once you turn on advanced options from the View menu.

I did have to extend our AD schema for the Exchange attributes but you already have that.

8 Replies

rachelafe

This person is a verified professional.

Verify your account to enable IT peers to see that you are a professional.

Jun 5, 2019 at 15:14 UTC

I'm in the same type of situation - we currently have a hybrid environment and my director wants to get away from that and decommission our Exchange server (we have our first meeting about it today). Everything I'm reading tells me we can't - but I don't believe it. We also currently sync local AD to Azure AD.

thelanranger

This person is a verified professional.

Verify your account to enable IT peers to see that you are a professional.

Jun 5, 2019 at 15:24 UTC

There is a process to turn your on-prem users into cloud users. It is really annoying though. I have done it.

If you were previously on-prem and used dirsync then you have a bunch of users in your 365 that show up as "Synced with Active Directory" and when you click on them they say "This user is synchronized with your local Active Directory. Some details can be edited only through your local Active Directory." But if you go into portal.azure.com and go to users you'll see the accounts.

The process for making them cloud users should be to delete the user from on-prem, wait for dirsync, the go to portal.azure.com and restore the user from the recycle bin. I sometimes had to do this a couple times because dirsync timing would delete it a couple times.

When you do this then you can fully migrate the users into cloud users and you don't need ANY dirsync after everything is migrated. The only things you CANNOT move are the groups. A group must be deleted completely and remade by hand.

Try it with a test user to verify the timing then do it over a weekend or something because it will disable mailboxes! Sometimes (depending on timing) it might disable the mailbox for several hours.

Serge (Softerra)

This person is a verified professional.

Verify your account to enable IT peers to see that you are a professional.

Jun 5, 2019 at 15:55 UTC

Brand Representative for Softerra

Adaxes allows you to automate the whole process. All you will need to do is configure automatic Office 365 licenses assignment upon user creation. Also, remote mailboxes can be enabled in the same process if required.

https://www.adaxes.com/tutorials_ActiveDirectoryManagement_ManageAndAutomateOffice365.htm?utm_source...

NoITForYou

This person is a verified professional.

Verify your account to enable IT peers to see that you are a professional.

Jun 5, 2019 at 16:52 UTC

Microsoft Office 365 expert

Miraculously, I haven't had to create a new user in several months.

However, I have to create the user locally, force a sync, execute a enable-remotemailbox in the O365 PowerShell, then assign the license. If I don't do that O365 never creates the mailbox.

Apparently that's not how it's *supposed* to have to be done, but it has been for us since almost the beginning. Sometime after we finished our initial migration it stopped allowing us to migrate new local mailboxes, always errors out.

tulioarends

This person is a verified professional.

Verify your account to enable IT peers to see that you are a professional.

Jun 5, 2019 at 19:22 UTC

Microsoft Office 365 expert

rachelafe wrote:

I'm in the same type of situation - we currently have a hybrid environment and my director wants to get away from that and decommission our Exchange server (we have our first meeting about it today). Everything I'm reading tells me we can't - but I don't believe it. We also currently sync local AD to Azure AD.

In most cases you can.

I did have to extend our AD schema for the Exchange attributes but you already have that.

thelanranger

This person is a verified professional.

Verify your account to enable IT peers to see that you are a professional.

Jun 5, 2019 at 20:12 UTC

Basically tulioarends said. I initially setup a site with the "Windows Essentials" tool but it ended up crapping out after a while. Since, I have been able to do whatever was necessary by pushing the users to the cloud by force, using ADsync Tool to match up the passwords for convenience, and the rest you can do online. Once you get everything to show up as 'in cloud' there isn't really much need to go banging around in ADSIEdit anymore...fortunately.

You can refer to this article to learn the two options to create O365 mailboxes.
One is the process you used to use, another is using powershell.
enable-remotemailbox if user is already created in AD and synced into Azure, or new-remotemailbox to create user in AD and O365 mailbox at once.

It also mentioned the disadvantages of your new process:
It's possible to simply create the Office 365 account in Active Directory, wait for AD Connect to sync the user to Office 365 and license the account. But creating new mailboxes this way never fills in the correct Exchange attributes on the user's AD account, which causes them to not display in the local EAC.

thelanranger

This person is a verified professional.

Verify your account to enable IT peers to see that you are a professional.

Jun 6, 2019 at 14:49 UTC

The enable-remotemailbox/disable-remotemailbox/new-mailbox etc would only be applicable if you're not running hybrid at all. What I'm describing is getting your users from the status of 'Synced with AD' to 'In Cloud'. This is typically the first hurdle in moving your AD to Azure.

If you already have users from on prem that have been synced with AD Sync Tool then you have Exchange mailbox tags on them. The problem is that you cannot manage anything (including the commands you described) while they are "Synced with AD". Before you can do anything to those boxes you need to get them to "In Cloud" status so that the only thing AD Sync tool is doing is replicating the password hash and essentially nothing else.

This topic has been locked by an administrator and is no longer open for commenting.

To continue this discussion, please ask a new question.