Solved

.LOCAL domain question ..... Office 365 Directory Sync.

Posted on 2014-10-29
3
982 Views
Last Modified: 2014-10-29
Greetings. We're using FIM with DirSync for Exchange Online Protection now, but will be moving to the full Office 365 shortly.

A recommended tool from Microsoft is IDFix.  This scans your active directory prior to a sync to identify objects that will not sync correctly to Azure AD.

IDFix notifies us that all objects with .LOCAL SMTPs will not sync correctly.

That's essentially every mail enabled object.

Question:  do we even need .LOCAL user addresses any more ?  All mail uses our fqdn, including internal.

Thanks much.
Stephen

Mail server currently is Exchange 2010 SP3.  All certs are trusted (not internally generated CA).
0
Comment
Question by:lapavoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 40411394
Your AD domain can be .local, but there is no reason any of your users should have a .local proxyAddress.
0
 
LVL 2

Assisted Solution

by:jparedis
jparedis earned 250 total points
ID: 40412069
As Cliff said, there is no need to change the entire config of your domain. That part can continue on using .local as a suffix.

However, all the users you want to enable in Office 365 need an internet - routable UPN. (this is not entirely, through, workarounds exists, see http://vanhybrid.com/2014/04/10/windows-server-2012-r2-update-enables-adfs-to-use-alternative-login-id-possibly-removing-the-need-to-have-an-internet-routable-upn/ )

If you cannot use 2012 R2 ADFS, or you dont want to implement alternative login id, you have to follow the steps, properly described in http://technet.microsoft.com/library/jj151831.aspx#BKMK_UPN
0
 

Author Closing Comment

by:lapavoni
ID: 40412091
Thanks for the information.  We're running 2008 (functional level), but the TechNet link was useful. We already have the correct alternative UPNs, so it's just a matter of removing those .local proxy addresses from each mail-enabled account.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question