Exchange Migration from on prem to O365, password hash sync for large company (more then 3000) users

Hello Experts. We have exchange 2013 on prem with 1 AD, 1 domain, and 1 exchange. We have more then 3000 users. Looking into migrating to O365. I have heard that password hash syncronization is not recommended for larger organizations, intead they should use pass through sync with AAD connect  or ADFS. I was not able to find any reason on the internet as to why that is. Does anybody know. Please let me know. And thanks in advance.
Newguy 123Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Where did you hear that? Also, even if true, that doesn't really meet Microsoft'definitionof ankarge organization in most scenarios. Usually when it comes to performance MS talks in terms of tens of thousands, not single digit thousands.
0
Vasil Michev (MVP)Commented:
The reason is that both PTA and ADFS offer a better end-user experience. Password sync will always require the users to enter their credentials, plus the credentials are validated against O365. Both AD FS and PTA can be configured so that the end users have a seamless single sign on experience, greatly reducing the number of login prompts. They both need additional appliances on-prem though, so it's a tradeoff.

Regardless, you can use Password sync just fine with any size.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jason CrawfordTransport NinjaCommented:
Azure AD Premium allows for password write-back and a Same Sign-On experience.  Not quite as seamless as Single Sign-On but it still tastes like real butter just with half the fat.

https://azure.microsoft.com/en-us/pricing/details/active-directory/
0
Todd NelsonSystems EngineerCommented:
AAD Connect with Seamless SSO whether you choose PTA or password hash sync are great options for any size company.  However, Seamless SSO is an alternative to AD FS.  So, if you lose internet connectivity, PTA and AD FS can be a huge frustration.

Seamless SSO with password hash sync I have found very recently the experience to be much more like what SSO is designed for as long as the URLs are added to the trusted sites of IE (or via GPO).

Trusted Sites...
0
Marshal HubsEmail ConsultantCommented:
Agree with @Vasil Michev (MVP)
Stellar EDB to PST Converter supports Exchange Migration from on prem to O365. The software migrates multiple mailboxes to office 365 at the same time. You can check this KB for more information: https://www.stellarinfo.com/support/kb/index.php/article/convert-offline-edb-to-office365
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.