Exchange hybrid writeback with cloud sync
An Exchange hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online.
This scenario is now supported in cloud sync. Cloud sync detects the Exchange on-premises schema attributes and then "writes back" the exchange on-line attributes to your on-premises AD environment.
For more information on Exchange Hybrid deployments, see Exchange Hybrid.
Prerequisites
Before deploying Exchange Hybrid with cloud sync you must meet the following prerequisites.
- The provisioning agent must be version 1.1.1107.0 or later.
- Your on-premises Active Directory must be extended to contain the Exchange schema.
- To extend your schema for Exchange see Prepare Active Directory and domains for Exchange Server
Note
If your schema has been extended after you have installed the provisioning agent, you will need to restart it in order to pick up the schema changes.
How to enable
Exchange Hybrid Writeback is disabled by default.
- Sign in to the Microsoft Entra admin center as at least a Hybrid Administrator.
- Browse to Identity > Hybrid management > Microsoft Entra Connect > Cloud sync.
Click on an existing configuration.
At the top, select Properties. You should see Exchange hybrid writeback disabled.
Select the pencil next to Basic.
On the right, place a check in Exchange hybrid writeback and click Apply.
Note
If the checkbox for Exchange hybrid writeback is disabled, it means that the schema has not been detected. Verify that the prerequisites are met and that you have re-started the provisioning agent.
Attributes synchronized
Cloud sync writes Exchange On-line attributes back to users in order to enable Exchange hybrid scenarios. The following table is a list of the attributes and the mappings.
| Microsoft Entra attribute | AD attribute | Object Class | Mapping Type |
|---|---|---|---|
| cloudAnchor | msDS-ExternalDirectoryObjectId | User, InetOrgPerson | Direct |
| cloudLegacyExchangeDN | proxyAddresses | User, Contact, InetOrgPerson | Expression |
| cloudMSExchArchiveStatus | msExchArchiveStatus | User, InetOrgPerson | Direct |
| cloudMSExchBlockedSendersHash | msExchBlockedSendersHash | User, InetOrgPerson | Expression |
| cloudMSExchSafeRecipientsHash | msExchSafeRecipientsHash | User, InetOrgPerson | Expression |
| cloudMSExchSafeSendersHash | msExchSafeSendersHash | User, InetOrgPerson | Expression |
| cloudMSExchUCVoiceMailSettings | msExchUCVoiceMailSettings | User, InetOrgPerson | Expression |
| cloudMSExchUserHoldPolicies | msExchUserHoldPolicies | User, InetOrgPerson | Expression |
Provisioning on-demand
Provisioning on-demand with Exchange hybrid writeback requires two steps. You need to first provision or create the user. Exchange online then populates the necessary attributes on the user. Then cloud sync can then "write back" these attributes to the user. The steps are:
- Provision and sync the initial user - this brings the user into the cloud and allows them to be populated with Exchange online attributes.
- Write back exchange attributes to Active Directory - this writes the Exchange online attributes to the user on-premises.
Provisioning on-demand with Exchange hybrid use the following steps:
- Sign in to the Microsoft Entra admin center as at least a Hybrid Administrator.
- Browse to Identity > Hybrid management > Microsoft Entra Connect > Cloud sync.
Under Configuration, select your configuration.
On the left, select Provision on demand.
Enter the distinguished name of a user and select the Provision button.
A success screen appears with four green check marks.
Click Next. On the Writeback exchange attributes to Active Directory tab, the synchronization starts.
You should see the success details.
Note
This final step may take up to 2 minutes to complete.
Exchange hybrid writeback using MS Graph
You can use MS Graph API to enable Exchange hybrid writeback. For more information, see Exchange hybrid writeback with MS Graph.