I've never had any issues with user accounts to be created, after I assign a license, in Office 365 as long as I have the e-mail address field populated. I only use the ProxyAddress attribute if I have multiple domains or more than one address for a user. I have not used Azure AD Premium so I cannot speak to that.
On Fri, Apr 28, 2017 at 6:00 AM, Paul Cookman <p...@paulcookman.com> wrote: > Great information, thanks. > > > For new users, will I need to continue creating the mailbox onprem, wait > for sync and move up? I was wondering if I could skip out the extra move up > step now all users are up there. > > > Regards, > > > Paul. > > > > > > ------------------------------ > *From:* listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> > on behalf of Michael B. Smith <mich...@smithcons.com> > *Sent:* 28 April 2017 00:29 > *To:* exchange@lists.myitforum.com > *Subject:* [Exchange] RE: 365 Hybrid after all mailboxes are in 365. > > > If it hurts, don’t do it. > > > > Here is a good post on the topic from Frank Carius, another Office Servers > and Services MVP: > > > > Always the same Story J > > > > · Hybrid means AADConnect > > · AADConnect means „managed locally”, replicated to Cloud > With one exception: Azure AD Premium with installed bidirectional Sync > > · Services are using their local identity source > > o OnPrem Users are using the Offline Adress book prepared by the local > Exchange/SfB service > > o Online Users are using the OABs from the Cloud services > > You should replicate all users with a SIP-Address and a MAIL-Address to > have a consistent addressbook view. > > > > > > if you start in Online first (or created a user there first), then you > should solve that with > > 1. Pause AADConnect > > 1. create the “User” on Premise with a matching SMTP-Addresse (or > UPN from Mar 2015 on) > 3164442 How to use UPN matching for identity synchronization in Office > 365, Azure, or Intune > 2641663 How to use SMTP matching to match on-premises user accounts to > Office 365 user accounts for directory synchronization > So we assume that the cloud object does not have a ImmutableID from an > earlier AADConnect > > 2. Configure all Properties as expected > So you simply have to remember, that management of DirSyned Accounts is > somewhat limited. So all properties, which cannot maintained on a > DirSynched User has to be maintained on premise and AADConnect is doing the > rest > > a. Exchange: Create it as “Remote Mailbox” and make sure the > ProxyAddresses are done > > b. SfB: Enable it like you would enable a new user > > c. Manage Group Memberships to match the Cloud group membership > Normally not an issue, because you cannot manage Synched Groups in the > Cloud > > 3. UNPAUSE AADConnect. > It should match the local User with the Cloud user and overwrite the > properties in the cloud with local properties based on the > AADConnect-Transformation and projection rules (AADConnect is a “FIM in an > box”) > > > > My general Rule: > > · “People” on one side must be on the other side. > > · Groups, who are used as Mail DL or SfB Groups > > · Any other object with a “proxy Address” or “SIP-Address” should > be in sync > > · You may exclude AdminAccount (if they are not used to > administer Office 365 too) > > · You may exclude Service Acccounts (No one really cares the > Kerberos ASA-Account of Exchange 2010/2013 CAS-Arrays or backup Jobs etc. > > > > Simply compare the GAL on both worlds. If they are different, you may have > a problem > > > > Frank > > > > > > [image: cid:__Image_00000348] > > *Frank Carius* > Enterprise Architect / Partner > > T: +49 5251 304 600 <+49%205251%20304600> > > Net at Work GmbH | Am Hoppenhof 32 A | 33104 Paderborn > Zentrale: +49 5251 304 600 <+49%205251%20304600> | Fax: +49 5251 304 650 > <+49%205251%20304650> > Handelsregister Paderborn: HRB 2663 | Geschäftsführer: Uwe Ulbrich > > www.netatwork.de > <http://www.netatwork.de/> > SharePoint, Exchange, Skype Business, Office 365|Net at Work > <http://www.netatwork.de/> > www.netatwork.de > Net at Work liefert Lösungen rund um die IT-gestützte Kommunikation und > Zusammenarbeit im Unternehmen. Unsere Experten verfügen über erstklassiges > Know-how. > > > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Paul Cookman > *Sent:* Thursday, April 27, 2017 9:29 AM > *To:* exchange@lists.myitforum.com > *Subject:* [Exchange] 365 Hybrid after all mailboxes are in 365. > > > > I have all mailboxes up in 365 as part of a Hybrid with ADSync, each new > user is created on premise, mailbox first to insure the attributes are > there before the sync and then the mailbox is moved up to 365. > > > > If I create the AD account with no mailbox then it creates in 365 with no > email policy and some mailboxes I would need to edit from onprem and some > in 365. > > > > To be able to keep the being able to edit exchange attributes through the > onprem existing exchange server, how should I handle this? > > > > Regards, > > > > Paul. > > >
