I've migrated an organization with 1000 users from Google to Microsoft 365, and we're looking to manage these users while incorporating on-prem servers. With over 130 servers in play—many utilizing LDAP and RADIUS—and since the organization has never had Exchange, the Active Directory (AD) doesn't have any Exchange attributes. They've been operating cloud-only with separate credentials.
Now, we want to implement Entra Connect sync or cloud sync and have a hybrid identity to consolidate under one directory. We're considering using OU or Group filtering for testing. Since the AD schema lacks Exchange attributes, I believe I need to run the Exchange setup to extend the schema, but I'm unsure.
I'd prefer not to set up an Exchange server at all, but I'm open to installing management tools if that's a viable option. I have seen references to recipient management tools but haven't found useful links.
In prior AD Connect setups, I used the attribute editor, but I want this to be more manageable for other admins. Any advice on tools or methods for smooth management of these synced users would be greatly appreciated.
2 Answers
I’m not convinced that you can fully achieve what you want with your current setup. Most modern clients actually want to ditch the old Entra ID sync altogether. Just something to consider while you’re figuring this out!
You actually don't need to mess with Exchange at all; that could complicate things. Just make sure the User Principal Name (UPN) matches their email address. A good strategy would be to put a handful of test users in an OU and sync just that OU first so you can verify everything is matching correctly. When it’s time to go live, roll it out gradually. This way, users are aware that their cloud passwords will be changing—trust me, you don't want to just drop this on them last minute!
I totally agree with rolling it out gradually! I’m already adjusting proxy addresses, but I was thinking of maybe using some sort of recipient management tools to make it easier for other admins to handle changes like aliases for marriage or divorce. It seems like a hassle, but automating it could save a lot of headaches.
Exactly! No reason to involve on-prem Exchange or extend the attributes. Just set up Entra ID Connect and it should handle everything you need. Do keep in mind you’ll likely have to reset users' passwords during this process, so a careful approach is best.