Greetings. We're using FIM with DirSync for Exchange Online Protection now, but will be moving to the full Office 365 shortly.
A recommended tool from Microsoft is IDFix. This scans your active directory prior to a sync to identify objects that will not sync correctly to Azure AD.
IDFix notifies us that all objects with .LOCAL SMTPs will not sync correctly.
That's essentially every mail enabled object.
Question: do we even need .LOCAL user addresses any more ? All mail uses our fqdn, including internal.
Mail server currently is Exchange 2010 SP3. All certs are trusted (not internally generated CA).