Richie Knight
asked on
Sync AD Credentials with Office 365 Mailboxes
Hi.
I have a client who has a 2012R2 DC onsite and a 3rd party hosted solution with another DC, Exchange, RDS, SQL and SPS Servers (All also 2012R2).
We are in the process of migrating our client to Office 365 and would like to sync AD account passwords with their Office 365 mailboxes. Would installing the Essentials role be advisable under these circumstances or are we better off using Azure AD Connect? I understand there are limitations with Essentials such as 25 users or 50 devices. Azure AD Connect seems at first glance to be much more involved.
Any advice would be appreciated.
Thanks.
I have a client who has a 2012R2 DC onsite and a 3rd party hosted solution with another DC, Exchange, RDS, SQL and SPS Servers (All also 2012R2).
We are in the process of migrating our client to Office 365 and would like to sync AD account passwords with their Office 365 mailboxes. Would installing the Essentials role be advisable under these circumstances or are we better off using Azure AD Connect? I understand there are limitations with Essentials such as 25 users or 50 devices. Azure AD Connect seems at first glance to be much more involved.
Any advice would be appreciated.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The azure documentation is quite good. Given every environment is different, it really is best to read through the docs and make a plan, but honestly the process itself isn't overly complex. Express is *dead* simple, but may or may not meet your needs. The docs even go into this decision and call out the pros and cons:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-select-installation
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-select-installation
ASKER
Excellent, I will take a look. Will there be any complications given the mailboxes are already setup in Office 365?
ASKER
I also heard in the past that some attributes may need editing before performing the initial sync. Have you ever found this to be the case?
The documentation does cover all of that. I've never seen a situation where a sync failed because of an undocumented attribute restriction. In most environments, the only editing is making sure the on-premises ID has some sort of match to the cloud ID so that the system can do a soft match. Usually that means editing the UPN of the account (which may change the user's login name and needs to be communicated), and adjusting workflows accordingly. Microsoft even makes a tool available to make this easy. The IDfix tool will check for common attribute errors and lets you change UPNs en-masse.
ASKER