Exchange Migration from on prem to O365, password hash sync for large company (more then 3000) users

Hello Experts. We have exchange 2013 on prem with 1 AD, 1 domain, and 1 exchange. We have more then 3000 users. Looking into migrating to O365. I have heard that password hash syncronization is not recommended for larger organizations, intead they should use pass through sync with AAD connect  or ADFS. I was not able to find any reason on the internet as to why that is. Does anybody know. Please let me know. And thanks in advance.
Newguy 123Asked:
Who is Participating?
 
Vasil Michev (MVP)Connect With a Mentor Commented:
The reason is that both PTA and ADFS offer a better end-user experience. Password sync will always require the users to enter their credentials, plus the credentials are validated against O365. Both AD FS and PTA can be configured so that the end users have a seamless single sign on experience, greatly reducing the number of login prompts. They both need additional appliances on-prem though, so it's a tradeoff.

Regardless, you can use Password sync just fine with any size.
0
 
Cliff GaliherCommented:
Where did you hear that? Also, even if true, that doesn't really meet Microsoft'definitionof ankarge organization in most scenarios. Usually when it comes to performance MS talks in terms of tens of thousands, not single digit thousands.
0
 
Jason CrawfordConnect With a Mentor Transport NinjaCommented:
Azure AD Premium allows for password write-back and a Same Sign-On experience.  Not quite as seamless as Single Sign-On but it still tastes like real butter just with half the fat.

https://azure.microsoft.com/en-us/pricing/details/active-directory/
0
 
Todd NelsonConnect With a Mentor Systems EngineerCommented:
AAD Connect with Seamless SSO whether you choose PTA or password hash sync are great options for any size company.  However, Seamless SSO is an alternative to AD FS.  So, if you lose internet connectivity, PTA and AD FS can be a huge frustration.

Seamless SSO with password hash sync I have found very recently the experience to be much more like what SSO is designed for as long as the URLs are added to the trusted sites of IE (or via GPO).

Trusted Sites...
0
 
Marshal HubsEmail ConsultantCommented:
Agree with @Vasil Michev (MVP)
Stellar EDB to PST Converter supports Exchange Migration from on prem to O365. The software migrates multiple mailboxes to office 365 at the same time. You can check this KB for more information: https://www.stellarinfo.com/support/kb/index.php/article/convert-offline-edb-to-office365
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.