Azure AD Connect for Exchange Hybrid Migration

Steps to configure Azure AD Connect for Exchange Hybrid Migration to Office 365 for Hybrid migration from Exchange 2016 to Office 365

Azure AD Connect for Exchange Hybrid Migration

  1. Download and install Azure AD Connect on the domain joined Windows 2012R2 or above server
  2. Check "I agree to the license terms and privacy notice" and click Continue

Azure AD Connect for Exchange Hybrid Migration

  1. Ignore the warning message if non-routable FQDN is used, like mylab.local, and click Use Express Settings to continue

  1. Enter the Credential of Global Administrator for Azure AD / Office 365

  1. Enter the credential of Enterprise Administrator for Active Directory (AD)

  1. Ensure that the public FQDN which associated in Office 365 is verified

  1. Checked Exchange Hybrid Deployment and do NOT check the start the synchronization process when configuration complete yet

  1. Click Exit for now

  1. Double click Azure AD Connect

  1. Select Customize Synchronization Options

  1. Enter the Credential of Global Administrator for Azure AD / Office 365 & Enterprise Administrator for AD Domain when prompted
  2. Select the Organization Unit (OU) that you would like to sync to Office 365

  1. Ensure Exchange Hybrid Deployment & Password Hash Synchronization is selected

  1. Check Start the synchronization process when configuration completes to perform initial synchronization to Office 365

  1. Click Exit to close the configuration wizard

Managing & Monitoring with PowerShell

  1. Open the Synchronization Service Manager console (MiiClient) to view the Synchronization in detail
#Start MiiClient 
$MiiClient = "C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe"
Start-Process $MiiClient

  1. Azure AD Connect is scheduled to sync with 30 minutes interval, by default and the following PowerShell Script can be used to perform synchronization manually
#PowerShell for ADSync
Import-module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\Tools\AdSyncTools"

#Perform Delta Sync Only
Start-ADSyncSyncCycle -PolicyType Delta

#Perform Initial Sync
Start-ADSyncSyncCycle -PolicyType Initial

Notes from Deployment Project

Failed to synchronize Cloud Users with Global Administrator Right

Remove cloud users in Office 365 (if any) who had been assigned with Global Administrator Role to normal User Role as AAD Sync will failed to override those users even with same UPN name and O365 will create a new user wil random no assigned

If you come across this scenario, you have to

#Move those affected users out from the OU and peform Delta Sync
#Force Sync
Start-ADSyncSyncCycle -PolicyType Delta 

#Check to ensure that Syned users had been removed in Office 365
Get-MsolUser -ReturnDeletedUsers

UserPrincipalName                 DisplayName               isLicensed
-----------------                 -----------               ----------
adrian2737@snsntw.onmicrosoft.com Adrian                    False     


#Empty the RecycleBin
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force 

#Force Sync Again in AAD Connect Server
Start-ADSyncSyncCycle -PolicyType Delta 

#Assign Global Administrator Role
Add-MsolRoleMember -RoleMemberEmailAddress adrian@aventislab.com-RoleName "Company Administrator"

Leave a Comment