Hey everyone! I'm trying to figure out how to sync my Active Directory (AD) from a 2025 server with Office 365 users. I don't have an on-premises Exchange Server, as all of our email accounts are hosted on Office 365. The challenge I'm facing is that I can't sync all the accounts without giving them the global admin role in Office 365. I'd rather not skip syncing a few users if possible. Also, I've noticed there are roles like global administrator that don't exist by default in Active Directory—I believe they appear when you install an Exchange Server. I need to understand what components or roles I need to incorporate into my Active Directory to handle this without setting up an Exchange Server.
2 Answers
You might need to simplify your setup a bit. If you just need to sync AD with 365 without all the roles, you can use Azure AD Connect without a local Exchange. Just make sure that your AD is configured properly and that you are using the right settings in Azure AD Connect. You could try creating an app registration for specific roles if necessary to grant permissions when managing user accounts.
It sounds like you're in a bit of a tricky spot! Unfortunately, to sync user roles like global administrator with Azure AD, the typical way is indeed to use a hybrid setup which would involve having an Exchange server. However, there might be some workarounds if you look into Azure AD Connect and its settings. Depending on your needs, you can create custom roles in Azure to give similar permissions without requiring a full Exchange setup. Check out Microsoft's documentation on Azure AD roles—it could have some insights for you.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures