This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 60%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHG%3C/text%3E%3C/svg%3E)
I am setting up our on-premise AD to sync with Azure AD using AD connect. I understand that the AD schema needs to be updated first (adding email and other Exchange attributes) before I can configure the AD connect. Can someone point me to the right MS documentation about the proper setup.
Thanks
Are you in Exchange hybrid mode?
If there no need for Exchange on-prem, then you dont need to add any Exchange attributes to the schema.
I would also not use ADFS if you can. Use PHS :
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-phs
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @HK G ,
The Prerequisites for Azure AD Connect article includes the requirements for the on-premises directory:
Prepare your on-premises data
Use IdFix to identify errors such as duplicates and formatting problems in your directory before you synchronize to Azure AD and Microsoft 365.
Review optional sync features you can enable in Azure AD, and evaluate which features you should enable.
On-premises Active Directory
The Active Directory schema version and forest functional level must be Windows Server 2003 or later. The domain controllers can run any version as long as the schema version and forest-level requirements are met.
If you plan to use the feature password writeback, the domain controllers must be on Windows Server 2016 or later.
The domain controller used by Azure AD must be writable. Using a read-only domain controller (RODC) isn't supported, and Azure AD Connect doesn't follow any write redirects.
Using on-premises forests or domains by using "dotted" (name contains a period ".") NetBIOS names isn't supported.
We recommend that you enable the Active Directory recycle bin.
The full list of prerequisites is included in the article: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites
There are some good V2 upgrade guides on YouTube as well: https://www.youtube.com/watch?v=NPD3Idgo1LA
Let me know if this helps and if this is what you are looking for.
Thanks, I looked at the above instructions before but it didn't mention any mail attribute. I thought Azure AD require this attribute and other mail related properties to be able to setup mailbox on the cloud side.
Are you hoping to map the mail attribute to the UPN of the Azure AD user? You can use UserPrincipalName soft match (as described in the "soft match" section of this article) and expose the Exchange schema to Active Directory. The list of attributes synchronized by Azure AD Connect are included here: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-sync-attributes-synchronized
Sorry, I think I mislead you from my question. My understanding is in order to enable mailbox for users on Azure, I need to run enable-remotemailbox cmdlet to update the user attributes (below) before Microsoft 365 can create a mailbox for the user. The default AD schema does not have these attributes. So my question is do I need to run Exchange setup to update the AD schema before configure the AD connect.
msExchRemoteRecipientType
msExchRecipientTypeDetails
msExchRecipientDisplayType
Thank you.
I saw some sites referencing using the Exchange setup program to extend the AD schema to include the required attributes. This should be really common task to prepare AD for Office 365, however, I am not seeing anything directly from Microsoft.
Are you in Exchange hybrid mode? I asked this above, but no response
No, we do not run any Exchange server on-premise. I am just trying to sync users to Azure and will have mail enabled later.
Sorry didn't see you comment earlier.
So right now, you have no mailboxes in 365?
Or did you migrate at some point?