Replacing AD Connect with Universal Sync in an Exchange Hybrid Environment. Skip to main content
https://support.okta.com/help/answers?id=9062a000000dfjnqaw&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Michael FongMichael Fong 

Replacing AD Connect with Universal Sync in an Exchange Hybrid Environment.

We currently have an Exchange hybrid environment with an on-prem Exchange 2016 server solely for online management, and an Azure AD connect server just for syncing attributes. Our ideal scenario is to remove both the on-prem exchange and AD connect server, whereby our on-prem AD is synced to Azure AD and we can manage Exchange online throught the O365 portal.

The big question we have is can we use Okta’s universal sync to replace our Azure AD connect server to the point where we can also remove our on-prem exchange server? I read from previous posts about the writebacks required to write-back attributes to on-prem, so looking for clarification if Universal Sync can provide this?

Or if we can replace the AD connect server, but the exchange server needs to remain for management purposes?

Has anybody attempted this or run similar scenarios?

 
Jim MolléJim Mollé (Okta, Inc.)
Hi Michael... so here's the basics: Okta cannot write back to an on-prem Exchange Server. We can however do write back to an on-prem AD server. So you could use Okta's O365 Universal Sync provisioning to sync all your necessary AD objects to and from O365 and your AD server, so long as your Exchange Server is in the cloud.
Michael FongMichael Fong
Thanks Jim,

That is very helpful and sounds exactly like our ideal scenario. Mastering from on-prem AD Server, managing Exchange server in the cloud. Since all AD objects would be synced between O365 and AD, I am assuming this allows full management of Exchange in the cloud?

The next question I have then is, is there any technical documentation I can go through or resources I can use to guide us through this process? We are starting to plan the process but will need some guidance on the finer details. Any advice would be appreciated.

Thanks.
 
Jim MolléJim Mollé (Okta, Inc.)
Michael... here are some resources I use in our Deploy O365 with Okta course. Hopefully there's some help info in here for you!


 
Dylann FezeuDylann Fezeu (Customer First Programs)
Hello,

Thanks for posting your inquiry in Okta Community Portal.

​If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer." 

Thank you,

​Dylann Fezeu
OHC Team
David RipleyDavid Ripley
Hi,
I have a similar question...I currently have AAD Connect along with an on-premise Exchange hybrid server - which is used solely for management i.e. creating a new remote mailbox in Office 365 which is mastered on premises. I am now trying to replace AAD Connect and to adopt the 'Universal Sync' provisioning flow; however when I have attempted this within my test environment my results show that if I create a room mailbox (either a remote or local room, Okta (via the universal sync) creates the user in Office 365 as a mail-user object and flows the 'MSExchRecipientTypeDetails=16' correctly, but the result is that I do not have a provisioned room mailbox in o365. The customer still requires mailboxes which are mastered on premises i.e remote mailboxes (because they use FIM for a galsync between directories which uses the on-premises object to distribute. I have read all of the guides for o365 provisioning and how the universal sync is documented to work, however I am now question how this function will work in my scenario.
Ultimatley I need to be able to create a room mailbox as a remote mailbox in o365 (the same way as AAD Connect would do), but without AAD Connect, and using Okta universal sync. 
Can you please let me know how Okta suggests that a room mailbox is correctly created in o365 when flowed via the on-premises AD (via the hybrid UI i.e. new->remote mailbox->room mailbox etc)
Thanks in advance