If you skip the “extra step” then you have to add a different “extra step” (New-RemoteMailbox).
As long as you are hybrid, the master copy is your local copy, not the copy in the service. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cookman Sent: Friday, April 28, 2017 6:00 AM To: exchange@lists.myitforum.com Subject: [Exchange] Re: 365 Hybrid after all mailboxes are in 365. Great information, thanks. For new users, will I need to continue creating the mailbox onprem, wait for sync and move up? I was wondering if I could skip out the extra move up step now all users are up there. Regards, Paul. ________________________________ From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> <listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on behalf of Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> Sent: 28 April 2017 00:29 To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: [Exchange] RE: 365 Hybrid after all mailboxes are in 365. If it hurts, don’t do it. Here is a good post on the topic from Frank Carius, another Office Servers and Services MVP: Always the same Story ☺ • Hybrid means AADConnect • AADConnect means „managed locally”, replicated to Cloud With one exception: Azure AD Premium with installed bidirectional Sync • Services are using their local identity source o OnPrem Users are using the Offline Adress book prepared by the local Exchange/SfB service o Online Users are using the OABs from the Cloud services You should replicate all users with a SIP-Address and a MAIL-Address to have a consistent addressbook view. if you start in Online first (or created a user there first), then you should solve that with 1. Pause AADConnect 1. create the “User” on Premise with a matching SMTP-Addresse (or UPN from Mar 2015 on) 3164442 How to use UPN matching for identity synchronization in Office 365, Azure, or Intune 2641663 How to use SMTP matching to match on-premises user accounts to Office 365 user accounts for directory synchronization So we assume that the cloud object does not have a ImmutableID from an earlier AADConnect 2. Configure all Properties as expected So you simply have to remember, that management of DirSyned Accounts is somewhat limited. So all properties, which cannot maintained on a DirSynched User has to be maintained on premise and AADConnect is doing the rest a. Exchange: Create it as “Remote Mailbox” and make sure the ProxyAddresses are done b. SfB: Enable it like you would enable a new user c. Manage Group Memberships to match the Cloud group membership Normally not an issue, because you cannot manage Synched Groups in the Cloud 3. UNPAUSE AADConnect. It should match the local User with the Cloud user and overwrite the properties in the cloud with local properties based on the AADConnect-Transformation and projection rules (AADConnect is a “FIM in an box”) My general Rule: • “People” on one side must be on the other side. • Groups, who are used as Mail DL or SfB Groups • Any other object with a “proxy Address” or “SIP-Address” should be in sync • You may exclude AdminAccount (if they are not used to administer Office 365 too) • You may exclude Service Acccounts (No one really cares the Kerberos ASA-Account of Exchange 2010/2013 CAS-Arrays or backup Jobs etc. Simply compare the GAL on both worlds. If they are different, you may have a problem Frank [cid:__Image_00000348] Frank Carius Enterprise Architect / Partner T: +49 5251 304 600 Net at Work GmbH | Am Hoppenhof 32 A | 33104 Paderborn Zentrale: +49 5251 304 600 | Fax: +49 5251 304 650 Handelsregister Paderborn: HRB 2663 | Geschäftsführer: Uwe Ulbrich www.netatwork.de<http://www.netatwork.de/> [https://www.netatwork.de/wp-content/uploads/2016/03/social-meta-default.jpg]<http://www.netatwork.de/> SharePoint, Exchange, Skype Business, Office 365|Net at Work<http://www.netatwork.de/> www.netatwork.de<http://www.netatwork.de> Net at Work liefert Lösungen rund um die IT-gestützte Kommunikation und Zusammenarbeit im Unternehmen. Unsere Experten verfügen über erstklassiges Know-how. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cookman Sent: Thursday, April 27, 2017 9:29 AM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: [Exchange] 365 Hybrid after all mailboxes are in 365. I have all mailboxes up in 365 as part of a Hybrid with ADSync, each new user is created on premise, mailbox first to insure the attributes are there before the sync and then the mailbox is moved up to 365. If I create the AD account with no mailbox then it creates in 365 with no email policy and some mailboxes I would need to edit from onprem and some in 365. To be able to keep the being able to edit exchange attributes through the onprem existing exchange server, how should I handle this? Regards, Paul.
