Hi Joseph, Per my quick read, you appear to be under a very large O365 single tenant, and this may explain why you have limited access and control?
Not an expert on this, but If you are going to migrate several departments from main tenant to individual tenants, you should investigate installing hybrid server(s) to assist with the migration if needed. We do all the account changes on the local AD side mostly through scripts due to the size of our environment, but occasionally we have to do a manual creation and push a task if urgent beyond our 3 hour Dirsync window. We have DIRSYNC push AD changes to two tenants, but Dirsync has been outdated recently with the release of AzureADSync - but not there yet so you will want to check into that since you are starting fresh. Hope this helps or please respond. Thanks Dana From: [email protected] [mailto:[email protected]] On Behalf Of Heaton, Joseph@Wildlife Sent: Monday, March 14, 2016 5:42 PM To: [email protected] Subject: RE: [Exchange] On-prem vs. O365 I work for the State of California. 3 years ago, we entered into an O365-D implementation. Unfortunately, the implementation treated the entire state as a single organization, instead of 100+ organizations. Due to this, we were not allowed an actual admin console. So, in order to provision a mailbox, we currently manipulate attributes within the Active Directory user account, and wait for the sync to happen. If something breaks, we send an e-mail to a 3rd party, who then forwards that on to Microsoft for troubleshooting. This can take several hours before I get an initial contact from anyone. We also have no access to powershell, reporting, or any other interface. What we are moving into, what I call “true O365”, is O365-G. Each department will have their own tenant space, so we will regain full admin control over our mailboxes again. I’m just trying to get an idea of what exactly that’s going to look like for our day-to-day operations. We have been told that we will need a single Exchange box on-prem, which will be used during the migration, but that we can maintain, to allow the admin interface; I’m a little confused by what that exactly means as well. Is that the EMC and EMS that I’m used to from on-prem, or something else? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jonathan Raper Sent: Monday, March 14, 2016 1:48 PM To: [email protected]<mailto:[email protected]> Subject: RE: [Exchange] On-prem vs. O365 Dirsync runs every 3 hours. You can run it manually, of course, however the last documentation I saw said that Microsoft did not support scheduling it to run more often than every 3 hours. So – however long it takes to replicate AD to the domain controllers that Azure AD Connect looks at, then the next sync interval after that – 3 hours or less, in a default configuration. Once that is done, you can create the mailbox. Back to your original comment – “We are currently in a highly customized O365, but I have next to no admin abilities. We are going to be moving to O365 soon, and my boss is asking me to create a document comparing where we are now, to where we will be” I’m not sure I follow exactly what you are saying – you say you are in a highly customized O365….but in the next sentence you say you are moving to O365 soon….. [scratches head, wants to understand] If you have no admin abilities, it sounds like you’re using AD sync but don’t have a Hybrid server in place. A Hybrid server would ease the pain you’re dealing with from an Admin standpoint, in my opinion. Yes, you can edit attributes in AD, but that’s a royal pain. (then again, so is managing an on-premises Exchange server, but at least the license is free for a hybrid-only server). We migrated from On-premises (2007) to O365 last year, using Exchange 2013 as a hybrid server. We maintained the hybrid implementation for a few reasons, admin being one of them. Also, what exactly do you mean by “True O365”? Thanks, Jonathan L. Raper From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Heaton, Joseph@Wildlife Sent: Monday, March 14, 2016 11:44 AM To: [email protected]<mailto:[email protected]> Subject: RE: [Exchange] On-prem vs. O365 I’m just trying to get an idea of how long it takes to create a new user, and provision a mailbox. Right now, it can take 4+ hours, because of the sync in our current setup. I’m hoping that true O365 would be faster, but I’m not certain, since it is still O365. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Steve Ens Sent: Monday, March 14, 2016 8:18 AM To: [email protected]<mailto:[email protected]> Subject: Re: [Exchange] On-prem vs. O365 You can do it manually if you want, but I think it is every couple of hours...I don't look too closely since I don't depend on it. On Mon, Mar 14, 2016 at 10:04 AM Heaton, Joseph@Wildlife <[email protected]<mailto:[email protected]>> wrote: And how long does the AzureADSync take? Is it an on-demand sync, or scheduled? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Steve Ens Sent: Monday, March 14, 2016 8:00 AM To: [email protected]<mailto:[email protected]> Subject: Re: [Exchange] On-prem vs. O365 No, always create my users on prem...then let AzureADSync take over. On Mon, Mar 14, 2016 at 9:59 AM Heaton, Joseph@Wildlife <[email protected]<mailto:[email protected]>> wrote: Do you do the user creation in the O365 console, or a combined effort? If online only, how long does it take to sync back to the on-prem AD for network access? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Steve Ens Sent: Monday, March 14, 2016 7:47 AM To: [email protected]<mailto:[email protected]> Subject: Re: [Exchange] On-prem vs. O365 If you take your on prem stuff out of the mix, then it is quicker to create users/mailboxes obviously than having to wait for the sync. On Mon, Mar 14, 2016 at 9:44 AM Heaton, Joseph@Wildlife <[email protected]<mailto:[email protected]>> wrote: How about the time to create a user/mailbox? Currently, we have to manually manipulate attributes in ADUC, then wait for a scheduled sync to the cloud, for the mailbox to be created. This can take several hours. It’s not the same in true O365 is it? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Steve Ens Sent: Monday, March 14, 2016 7:40 AM To: [email protected]<mailto:[email protected]> Subject: Re: [Exchange] On-prem vs. O365 The admin tools are almost identical Joe comparing O365 and Exchange 2016....managing the same mailboxes from a different portal address. I think time and skill wise it is very similar. On Mon, Mar 14, 2016 at 9:34 AM Heaton, Joseph@Wildlife <[email protected]<mailto:[email protected]>> wrote: How big of an adjustment was it to go from on-prem Exchange, to Office 365? We are currently in a highly customized O365, but I have next to no admin abilities. We are going to be moving to O365 soon, and my boss is asking me to create a document comparing where we are now, to where we will be, and how much, if any, our workload will increase. I’m really not worried about the workload, but what I want to focus on, is the increase capabilities I will have administratively. The best way I can think to do that, is to see the difference between on-prem and true O365. Thanks for any help, Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: SaveOurWater.com · Drought.CA.gov<http://saveourwater.com/> <http://saveourwater.com/> NOTE: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately.
