Active Directory to Azure

Stephen Norman 21 Reputation points
2022-06-23T17:35:09.597+00:00

Currently we have or Exchange Online which is working great for us. We want to also get our Active Directory to Azure as well where we can run Hybrid. I have a few questions.

  1. We currently have separate password for Exchange. When we sync AD how does this effect the Exchange passwords
  2. We currently have three offices that all share the Exchange online directories. Currently all three offices have their own AD for login but share same Exchange logins. What do we do in this situation? Is there a way to have three ADs?

Thank you

Azure Migrate
Azure Migrate
A central hub of Azure cloud migration services and tools to discover, assess, and migrate workloads to the cloud.
717 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,350 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,473 questions
0 comments
Accepted answer
  1. Alfredo Revilla - Senior Freelance SWE, SWA, IAM 27,016 Reputation points
    2022-06-23T18:36:12.08+00:00

    Hello @Stephen Norman ,

    1. Out of the box, on-premises users will get synced to Azure AD and conflicts may arise for things like duplicated UPN or SMTP ProxyAddress but **Azure AD/Exchange Online users or passwords should not be updated since there won't be an immediate match between on-premises and cloud users. **
    2. It's possible to sync several on-premises AD domains with one Azure AD. In your case, sounds like a single exchange login is shared by on-premises users from different forest (root on-premises AD). You can update the on-premises users so that they are matched against the same cloud user. For more information take a look to Multiple forests: full mesh with optional GALSync.

    These are the recommend steps to follow in your scenario:

    1. Set mail attributes for users of on-premises AD #1.
    2. Use SMTP matching to do the very first sync. You should not run this again.
    3. Switch to Multiple forests: full mesh with optional GALSync topology so that users across all on-premises are matched as a single identity.

    After this **you will be able to sign-in Exchange Online and other Azure AD backed SAAS using any on-premises user. **

    Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it and complete the quality survey so that others in the community with similar questions can more easily find a rated solution.

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 16,531 Reputation points
    2022-06-23T18:17:02.7+00:00

    Hi @Stephen Norman

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    1. We currently have separate password for Exchange. When we sync AD how does this effect the Exchange passwords

    You will start using the password that you have on your On-premises AD

    1. We currently have three offices that all share the Exchange online directories. Currently all three offices have their own AD for login but share same Exchange logins. What do we do in this situation? Is there a way to have three ADs?

    You can only use Azure AD connect for One Domain Controller, but it is possible to Sync multiple domains, so, you should merge your Domains Controllers to achieve this.

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments