O365 question
-
@obsolesce said in O365 question:
@kelly said in O365 question:
@jaredbusch said in O365 question:
@kelly said in O365 question:
@wls-itguy said in O365 question:
@kelly said in O365 question:
@wls-itguy said in O365 question:
We are a 501c3 (Non-Profit) so it might be just as easy
Thanks for the help!
If you're a non profit you might have better long term luck going that route instead: https://products.office.com/en-us/nonprofit/office-365-nonprofit-plans-and-pricing?tab=1.
We're going through the accreditation process now but I guess that takes A LONG TIME!
Yeah, accreditation takes forever. Be glad you're not dealing with the Obama era Department of Ed. They were very unfriendly to non public institutions. I don't know what it is like now. Might not be any better.
To be fair a lot of the non-Public institutions were/are shit.
Oh yeah, there was a ton of reasons why they were doing some of the things they were doing, but every institution was viewed with suspicion regardless of how well things had gone prior. The school I was with had gotten better marks for how we handled everything than the public institutions in the area, and we were put under intense scrutiny.
Well in the new-era... large corporations are innocent until caught, then still innocent if wealthy.
My comments were not a criticism of the larger policies of the Obama administration. I was simply describing difficulties related to non public colleges in interacting with the Department of Education during that administration.
-
@wls-itguy said in O365 question:
@kelly said in O365 question:
My first question when presented this is why. You're investing a decent amount of time and resources into maintaining on prem server when the cloud version is free for you (assuming you're a school from your comments). If I were in your situation it would be difficult for me to justify keeping that old server.
It is free but we need the PC software for Office as well so either way there is a cost. Right now it doesn't cost me anything for the Exchange 2016 server I run on prem and because we are a sub of an organization the on prem exchange server would need to stay in play because of domain issues.
But this doesn't explain why you'd want all of the huge headaches and risk of the hybrid. I see loads of negatives, but no positives mentioned. Free or not, a stick in the eye still sucks.
-
I recently completed a migration to Office 365. I needed to dump my Exchange 2010 on-prem server, as the hardware was EOL. The main thing you can't do if you dump the hybrid configuration is use AADConnect to sync your users/groups.
-
@wrx7m said in O365 question:
. The main thing you can't do if you dump the hybrid configuration is use AADConnect to sync your users/groups.
You don't need Exchange for that tool. It's federation that keeps you from dumping the on prem.
-
@scottalanmiller said in O365 question:
@wrx7m said in O365 question:
. The main thing you can't do if you dump the hybrid configuration is use AADConnect to sync your users/groups.
You don't need Exchange for that tool. It's federation that keeps you from dumping the on prem.
https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange
I never had federation, and I had to dump AADConnect when decommissioning on-prem Exchange. The reason is because there is no way to manage certain attributes of the cloud mailboxes. The options are literally grayed out on those that are synced from on-prem.
-
@wrx7m said in O365 question:
@scottalanmiller said in O365 question:
@wrx7m said in O365 question:
. The main thing you can't do if you dump the hybrid configuration is use AADConnect to sync your users/groups.
You don't need Exchange for that tool. It's federation that keeps you from dumping the on prem.
https://docs.microsoft.com/en-us/exchange/decommission-on-premises-exchange
I never had federation, and I had to dump AADConnect when decommissioning on-prem Exchange. The reason is because there is no way to manage certain attributes of the cloud mailboxes. The options are literally grayed out on those that are synced from on-prem.
But only greyed out on the one side, right? You can still manage them from the O365 side as usual.
-
@scottalanmiller grayed out on Office 365 side. Until you dump AADCONNECT, you can't edit them in the cloud.
There is another option here -
It allows you to install a role on a Windows server to do password sync to Office 365.
-
@wrx7m said in O365 question:
@scottalanmiller grayed out on Office 365 side. Until you dump AADCONNECT, you can't edit them in the cloud.
There is another option here -
It allows you to install a role on a Windows server to do password sync to Office 365.
AADconnect is a function of Active Directory, not Exchange. Losing on prem Exchange means you cannot edit mailboxes locally and have the changes sync'd to O365, but nothing else.
-
@kelly if you use aadconnect, you will be unable to make edits to certain attributes in office 365. If you want to make these edits, you have to stop using aadconnect.
-
@wrx7m said in O365 question:
@kelly if you use aadconnect, you will be unable to make edits to certain attributes in office 365. If you want to make these edits, you have to stop using aadconnect.
If you know where to look, you can fix that.
-
@obsolesce said in O365 question:
@wrx7m said in O365 question:
@kelly if you use aadconnect, you will be unable to make edits to certain attributes in office 365. If you want to make these edits, you have to stop using aadconnect.
If you know where to look, you can fix that.
That is interesting. However, if you are using ADSIEdit to perform these modifications and syncing via aadconnect, MS doesn't support it.
-
@wrx7m said in O365 question:
@obsolesce said in O365 question:
@wrx7m said in O365 question:
@kelly if you use aadconnect, you will be unable to make edits to certain attributes in office 365. If you want to make these edits, you have to stop using aadconnect.
If you know where to look, you can fix that.
That is interesting. However, if you are using ADSIEdit to perform these modifications and syncing via aadconnect, MS doesn't support it.
No ADSIEdit... this is AADConnect (or whatever the name of it is this month).
MS very much supports it. Those values are in there by default, just not automatically set to sync.
Like, hiding from address list? How's that not supported from Microsoft? There's a checkbox right there in the O365 interface to hide something from the address list... but by default, that is not synchronized from AD and you must enable it to be.
-
@obsolesce Is this something that requires Exchange 2016 to be running on-prem? It doesn't say in that article.
-
@wrx7m said in O365 question:
@obsolesce Is this something that requires Exchange 2016 to be running on-prem? It doesn't say in that article.
Almost nothing requires Exchange on prem any more. There are edge cases, but the majority will never need it for any of the functionality to exist. The other thing to consider is the replication direction. Most of the Exchange attributes do not need to be sync'd to AD, and will only exist in Exchange Online, thus bypassing AADconnect.
-
@wrx7m said in O365 question:
@obsolesce Is this something that requires Exchange 2016 to be running on-prem? It doesn't say in that article.
No, all you need to do is run a simple command that extends your AD Schema with the Exchange 2016 extensions / attributes. This is posted in the first step here. This is safe to do. All it does is adds the
ms-Exchattributes you see when you are in the properties of an AD object and look in the attributes tab. These are the attributes that AADConnect synchronizes to O365. There's no need for any on-prem exchange server. -
@wrx7m said in O365 question:
@obsolesce Is this something that requires Exchange 2016 to be running on-prem? It doesn't say in that article.
I know loads of shops that do this, and none have on prem Exchange of any sort. Hybrid deployments have been seen as very bad since going to hosted first happened. So much to break.
-
@scottalanmiller
Go back and read the link I posted to MS supportI am just saying, currently, it is the supported method to have an Exchange server on-prem to manage mailboxes IF you want to use aadconnect.
Also, they hinted at a new service that would do away with the Exchange on-prem requirement at Ignite last year and the year before.
Per this link -
https://practical365.com/exchange-server/removing-premises-exchange-servers-migrating-office-365/
-
@wrx7m said in O365 question:
@scottalanmiller
Go back and read the link I posted to MS supportI am just saying, currently, it is the supported method to have an Exchange server on-prem to manage mailboxes IF you want to use aadconnect.
Also, they hinted at a new service that would do away with the Exchange on-prem requirement at Ignite last year and the year before.
Per this link -
https://practical365.com/exchange-server/removing-premises-exchange-servers-migrating-office-365/
Where it says this:
In addition, even if you have directory synchronization in place without running the Hybrid Configuration Wizard, you still cannot manage most of the recipient tasks from the cloud.
That is by design... and is what you want! Because, you would then be "managing most of the recipient tasks" from on-prem AD instead... which synchronizes to the cloud.
When you use AADConnect and synchronize users/mailboxes from on-prem AD to O365, it's easier because you don't have to dick around in the O365 Admin portal... you do everything from within your AD users console! It's so much easier and faster.
A hybrid configuration is not at all the recommended set-up, in fact, it's the least recommended setup. Fully hosted on O365 is best, fully hosted on-prem Exchange is second, Hybrid is last (because it increases the complexity AND costs of everything).
-
@obsolesce To me, what you say makes sense. I still don't know why MS wouldn't promote that method and have it laid out saying that you should keep your Exchange server after a migration. So much so, that they have a special license that you can get for a hybrid management scenario.
-
@wrx7m said in O365 question:
@obsolesce To me, what you say makes sense. I still don't know why MS wouldn't promote that method and have it laid out saying that you should keep your Exchange server after a migration. So much so, that they have a special license that you can get for a hybrid management scenario.
That there is a license makes sense, their goal is to sell you more stuff.
But I've never heard MS recommend this, except for one or two rogue O365 people who took it upon themselves (and is why I don't trust MS for support.) But in general, I've always seen MS promoting eliminating on site Exchange just as much as the community.
