Replacing AD Connect with Universal Sync in an Exchange Hybrid Environment.
We currently have an Exchange hybrid environment with an on-prem Exchange 2016 server solely for online management, and an Azure AD connect server just for syncing attributes. Our ideal scenario is to remove both the on-prem exchange and AD connect server, whereby our on-prem AD is synced to Azure AD and we can manage Exchange online throught the O365 portal.
The big question we have is can we use Okta’s universal sync to replace our Azure AD connect server to the point where we can also remove our on-prem exchange server? I read from previous posts about the writebacks required to write-back attributes to on-prem, so looking for clarification if Universal Sync can provide this?
Or if we can replace the AD connect server, but the exchange server needs to remain for management purposes?
Has anybody attempted this or run similar scenarios?
Hi Michael... so here's the basics: Okta cannot write back to an on-prem Exchange Server. We can however do write back to an on-prem AD server. So you could use Okta's O365 Universal Sync provisioning to sync all your necessary AD objects to and from O365 and your AD server, so long as your Exchange Server is in the cloud.
That is very helpful and sounds exactly like our ideal scenario. Mastering from on-prem AD Server, managing Exchange server in the cloud. Since all AD objects would be synced between O365 and AD, I am assuming this allows full management of Exchange in the cloud?
The next question I have then is, is there any technical documentation I can go through or resources I can use to guide us through this process? We are starting to plan the process but will need some guidance on the finer details. Any advice would be appreciated.
Hi, I have a similar question...I currently have AAD Connect along with an on-premise Exchange hybrid server - which is used solely for management i.e. creating a new remote mailbox in Office 365 which is mastered on premises. I am now trying to replace AAD Connect and to adopt the 'Universal Sync' provisioning flow; however when I have attempted this within my test environment my results show that if I create a room mailbox (either a remote or local room, Okta (via the universal sync) creates the user in Office 365 as a mail-user object and flows the 'MSExchRecipientTypeDetails=16' correctly, but the result is that I do not have a provisioned room mailbox in o365. The customer still requires mailboxes which are mastered on premises i.e remote mailboxes (because they use FIM for a galsync between directories which uses the on-premises object to distribute. I have read all of the guides for o365 provisioning and how the universal sync is documented to work, however I am now question how this function will work in my scenario. Ultimatley I need to be able to create a room mailbox as a remote mailbox in o365 (the same way as AAD Connect would do), but without AAD Connect, and using Okta universal sync. Can you please let me know how Okta suggests that a room mailbox is correctly created in o365 when flowed via the on-premises AD (via the hybrid UI i.e. new->remote mailbox->room mailbox etc) Thanks in advance