I'd like to have some feedback on cutover migration scenarios from Exchange (2013/2016) to Online with Azure AD Sync already in place and running for some time. I know that you can't perform a cutover migration with this configuration and to overcome this you need to disable the AD Synch first. However, depending on if you want to get rid of the on Prem Exchange I'd like to know if this is the best way. After much reading and some testing, these are the 2 basic methods which are possible with Azure AD Sync already in place:
1) After disabling Azure AD Synch (Set-MsolDirSyncEnabled -EnableDirSync $false) and deleting the cloud only transformed users, you can proceed with the cutover batch. This will create Cloud only accounts with mailbox based on the primary SMTP value. After the cutover is complete, update MX/SPF and finalize the batch. Subsequently, if the primary SMTP matches the On Site one (it should) you can re-enable Azure AD Sync and the synched accounts should automatically soft-match. Filtering the ExchMailboxGUID atribute is unnecessary in this case. Local Exchange Server can be powered off and let be. Better not to uninstall to avoid removing the SMTP/X400/GUID attributes which then would be synched and removed. If you want to really uninstall, then one must filter out these attributes - or - save them before uninstalling through powershell script (there are a couple floating around) and subsequently re-integrate them if needed.
2) Filter ExcMailboxGUID attribute in the Azure AD Sync rules and set it to NULL and force a full re-synch to Azure AD to remove online attributes. This will trick Exch Online provisioning to believe no local/on prem mailbox exists and will allow the creation of an online one: licences must be pre-assigned to the users in order for this to work. Once they are assigned the staged batch can be started then finalized. This method however should require a Local Exchange running (and synched) for administration as the online migrated mboxes are associated with AD synched accounts (not cloud) ad are not editable via Exchange online. If you are brave enough and know your way with powershell and ADSIEdit for the advanced attributes you can do without a local Exchange but this is not supported by MS. Usually all you need is to modify the smtp/x400 proxy attributes in ADUC, but if more advanced stuff is needed (creation of dist groups etc) you will need to know your stuff.
Based on the number of mailboxes you need to migrate and your AD complexity, one solution may be preferrable than the other; if you have a handful of mboxes then go for the first, while if you have dozens then maybe the second is better based on your knowledge of ADSIEdit and Exchange attributes. If you have over 100 mboxes, then I would suggest keeping an online Exchange running in a hybrid scenario where everything is transitioned online much more transparently (even the Exchange account in Outlook needs not to be be reconfigured). Keep in mind that deleting online accounts has it's downs especially if the account is already associated with Teams and OneDrive etc apps which will stop functioning (and potentially lose all data).
If you have any corrections to the above or suggestions please feel free to point them out - I'm all ears. I also hope MS will implement a full blown online management solution to overcome these problems so that one can safely retire the On Prem server.
P.S. in my testing I have run into an issue after disabling the AD Synch - the status is stuck on PendingDisabled for a couple of days now. However I was able to delete the synched users from Azure AD in any case, which is rather strange, while I still see the Exchange groups which I cannot delete. Probably something got stuck as there are only 5 users in this AD and it shouldn't take days for it to disable - I did the same with another domain with over 30 users and it took a few minutes to change status in Azure.