Azure AD Connect with existing 365 tenant and local AD that had exchange removed before

Nordmann 1 Reputation point
2021-05-04T16:12:50.24+00:00

Hello,
Our company used to have a single exchange server but it was removed while at 2003. After this Active directory was upgraded from 2000 and then 2012. With all msExch.. attributes in active directory (I believe the schema is extended in 2012 even if there was no exchange server) does all these attributes have to be matched before sync????
For example, the msExchMailboxGuid is "not set" on my local directory, so if this syncs would that not break exchange online, since that "not set" attribute would over write the cloud?? What about all other exchange attributes?
I realize that smtp email addresses, and principle names will need to match, but I am currently concerned about the exchange attributes..

also, I plan to only sync selective accounts, and will likely not sync groups or try to match that. Then when I want to make sure users are part of exchange groups, will I be managing all group memberships in the cloud, or will I also have to managed attributes in local AD to make sure users are part of distribution and other types of office365 groups??

Finally, reading some old articles, its stating that MS does not support Azure AD connect sync unless an exchange server is in local premise for management. I don't plan on adding an exchange server to the local domain, but would manage attributes with the Editor in ADUC or using ADSI EDIT. Is this a supported method with Microsoft?

Thank you for any response.

Robert

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,472 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AlexC 246 Reputation points
    2021-05-04T20:45:22.517+00:00

    Hi rmann,
    Microsoft does not support your decribed configuration.
    In a hybrid environment, you are required to setup at least one Exchange Hybrid "Management" Server to be in a supported environment.
    afaik, this one is free, so you don't pay an Exchange Server license for that, but a Windows Server license..
    That said, I've also got acknowledged, that using ADUC or ADSI you could manage your users this way. But, bear in mind, Exchange control panel and Exchange powershell do way more than just putting values into properties. Those are verifying attributes and values, checking for duplicates where neccessary, ...
    I hope this helps a little..
    Alex

    2 people found this answer helpful.
    0 comments
  2. Nordmann 1 Reputation point
    2021-05-07T03:35:15.63+00:00

    So I guess does all management now have to be locally for all things AD and Exchange? Sharepoint? (no local sharepoint)
    I'll look for articles on adding Exchange back into environment, sounds like this is just used for management, but would I still need to fully install exchange? If its a hybrid scenerio, then am I also dealing with sync of exchange configurations??
    I am looking into this mainly for windows defender, as it appears I have to be hybrid to make it work for local computer objects running windows defender endpoints.

    0 comments