Greetings. We recently migrated to Office 365.
Obviously, I will continue to manage AD Users on-premise, but I don't wish to manage their Exchange accounts on-premise.
I wish to create/manage them in the Office 365 portal.
For password sync., we're using a great tool from MessageOps called the "Office 365 Password Synchronization" tool.
I see no reason to abandon this utility, as it works very fast and very reliably.
However, I do understand that Microsoft's newest sync. offering, the Azure AAD Connect tool will synchronize passwords and upload those changes within a minute or two to Office 365.
Here is my extended question:
Should we decide to use the MS AAD Connect utility in the future (it's in Preview now), will I be able to fully retire our On-Premises Exchange 2010 server ? It currently serves no purpose. It's only necessary if I were to implement ADSYNC and wish to manage users in the Exchange Management Console.
One slightly confusing thing from Microsoft is whether or not their AAD Connect is able to use the UserPrincipalName attribute (UPN) to match up local AD users with Azure AD (and thus Office 365) users in order to have password sync. work properly. My understanding is that MS uses either e-mail address or smtp address or some other attribute to match users. If I retire the on-premise server, I would disable all users first, thus removing those attributes from the user accounts.
There's no harm keeping our 7-year old Exchange server fired up in the server room. It just takes some space on the rack and uses power.