Move my source of authority for all things Exchange to Exchange Online

Question

A few years ago, we moved all of our on-prem Exchange 2010 users to Exchange Online using a full hybrid migration. When have no on-prem Exchange servers anymore.

Many of the changes we make to mailboxes, etc., requires the use of the Exchange 2010 console (which doesn't support modern auth, and therefore doesn't work anymore) or editing AD attributes directly.

I have recently discovered that I can install the Exchange 2019 management tools and use the open source project Exchange Recipient Admin, which is nice.

But is there a way to move my source of authority for all things Exchange to Exchange Online and Azure AD, which still keeping Active Directory on-prem for everything else?

Answer 1

You can disable directory synchronization, which in turn will transfer the source of authority to Entra ID. This will not affect any existing objects and services you are using on-premises, but any newly created user will have to be provisioned (manually) in both AD and Entra ID, should you want them to be able to use both systems.

Answer 2

Hi，@York

Thanks for posting your question in the Microsoft Q&A forum.

You moved all of your mailboxes to Exchange Online, you still needed an on-premises Exchange server to manage those cloud recipients attributes. You edited the recipients on an Exchange server in your on-premises Active Directory, and their attributes were copied to Microsoft Entra ID using directory synchronization. You can still use this method to manage your recipients, even if they're all in the cloud.

https://learn.microsoft.com/en-us/exchange/manage-hybrid-exchange-recipients-with-management-tools?source=recommendations

Answer 3

For this, you can setup hybrid configuration so that Exchange Online and your on-premises AD can communicate. Manage your mailboxes directly in Exchange Online and Azure AD. Also, sync your on-prem AD with Azure AD using Azure AD connect.