Ask a question

Object reference not set to an instance of an object.

How can we help you today?

Ask Question
Manage notifications
Subscribe to this question
Jon Rixon

Azure AD Connect, Windows Essentials 2019, and Exchange Online management

Hi

Please could someone let me know whether the following information is covered in the SBS2011 to Windows Server 2019 Essentials migration guide - because I've gotten most of the way through with a migration (have done many migrations in the past since SBS2003 upwards) but I'm struggling with Azure and Office 365.

tl;dr: How do you manage Exchange Online when using Azure AD Connect with Server Essentials 2019?

So - since there is no longer a dashboard with O365 connection options in Essentials 2019, and the recommended way to sync passwords to Azure AD is with Azure AD Connect software I have installed this on our Server 2019.

Azure AD is synced with AD - all seems fine and dandy. However all the documentation I can find about managing Exchange Online when using Azure AD Sync is to make changes locally in AD which requires an on-premise Exchange server still hooked up. A lot talk about this in relation to Hybrid deployments, which is not what we did (we did a cutover migration, before installing Azure AD Sync but before removing Exchange on-premise) but most mention Azure AD Sync being a 'one way' deal. Also I understand you can't now install Exchange on a DC - so what do you do on a single-server site like 98% of Essentials server deployments?

What I was expecting to achieve was more like the Essentials 2012/2016 sync where you can selectively choose on-premise AD users to link to O365/AzureAD, and still manage them via the cloud web interface. I'm happy to sync all items, but using the ADUC attribute editor (or ADSIEdit) for changing Exchange settings when O365 has a perfectly good management interface seems completely bonkers.

Currently our situation is - Server 2019 essentials is in, users are logged in, data is copied. Mailboxes have been cutover migrated to O365 and these are live now too. SBS2011 is still on site, removed SCP Autodiscover and stopped SMTP inbound. We (think we) are ready to delete the mailboxes, uninstall Exchange and then kill SBS2011 to death.

Will uninstalling the last/only Exchange 2010 on-prem sync anything negatively (i.e. any attributes etc that's needed for Exchange Online to work)?

If these things are addressed in the guide, I will buy it.

FYI I did previously buy the Migrate SBS 2003 to 2011 via Swing method toolkit - it was totally awesome and I've not really had a need to ask questions again since those days!

Thanks so much.

Jon

asked07/25/2019 16:50
1450 views
Add Comment
Mariette Knap

Jon,

If the migration was a cutover uninstalling Exchange Server 2010 does not make changes that render the cloud accounts useless. As a matter of fact, this is what we always do and then use the Essentials Experience role to hook cloud accounts into our local AD.

Azure AD sync will take care of the synchronization of your local users to the cloud accounts. Assigning mailboxes and such has to be done at O365 level. If you want to do that local you need Exchange Server 2016/2019 installed and Microsoft has a free license for but you need to have a spare server for that, it cannot be installed on the Domain Controller.

How and where you administer mailboxes it not covered in the migration guide because IMHO this is really an Office 365 thing.

Sorry for the late answer, I was on holiday :)

Jon Rixon

Hi Mariette

Thanks for coming back to me.

I'm not sure that we're understanding each other completely.

The Essentials role has pretty much gone from Windows Server Essentials 2019. So the password-only sync from Essentials 2012 and 2016 is no more, you have to use Azure AD Connect - but this isn't only password sync, as far as I can tell.  It syncs all AD properties and removes the ability to manage mailboxes etc using the online O365 portal, you have to do it on-prem for which you need Exchange.

In the specific case, we migrated a client from SBS 2011 to Essentials 2019 with O365, I setup Azure AD Connect and synced everything which worked OK during the migration, but once Exchange was uninstalled, all of the email addresses reverted to the UPN in AD, not the defined email address (different formats). To change them required editing ProxyAddresses via ADSIEdit, after which I took the decision to remove the Azure AD Sync because, e.g. full mailbox permissions would be a nightmare to sort out via ADSIEdit. The client is too small to have another server license to be able to run Exchange on-prem for changing properties, even if the Exchange license is free.

If you think I'm missing or misunderstanding something, please let me know.

replied 09/03/2019 12:25
Reply
Last Activity 09/03/2019 12:25

No answers found

Add an Answer