none
Dirsync / AAD Sync. - but without EMC on prem... RRS feed

  • Question

  • I would find it highly useful for not only us but our customers, to enable password sync but leave exchange attributes editable in the 365 portal for users who wish not to have any exchange products on premise.

    Almost like filter out all mail related attributes from the sync, soft match users via another method and enable people to edit mail attributes from the 365 ECP

    many customers we have are migrating from IMAP systems to 365. but then get most upset with us when they want DirSync and realize they either need to use unsupported tools to edit user email settings such as ADSI edit, or install exchange EMC onsite.. when the whole point of moving to 365 was to get rid of dependency on on premise installations.

    I wondered if this is something Microsoft acknowledge and will look into resolving for SMB's with a small server base (one or two physical boxes) who want Dirsync but without an onprem requirement for exchange.

    Thanks

    Ben

    ____**EDIT**____

    Also, just to make clear, most our customers would be happy with something as simple as extending the Schema and then a dll addin to add a "365" tab to ADDS. just like the old acctinfo.dll - basically anything to make 365 with Dirsync but no on prem EMC a supported scenario, which looking at all the previous questions and responses Microsoft must see is something people want and need?


    Ben Harris

    • Edited by Ben-BSH Monday, September 8, 2014 11:15 AM added info
    Monday, September 8, 2014 10:54 AM

Answers

  • Hello Ben,

    You bring up a good perspective and we would be happy to relay the ask to the right folks in the Office 365 Product Development team as a future improvement.

    Thanks for the suggestion! If you have additional information to share, please feel free to add.

    Regards,

    Shravan

    Tuesday, September 30, 2014 11:32 PM
    Moderator

All replies

  • Hello Ben-BSH,

    Office 365 does not have the required editor within the Office 365 portal currently, only on-premises Exchange does for the moment.
    The workaround would be to 'Connect Windows PowerShell to the Service'. However, I understand that this is important for your customers.
    I suggest that you leave your feedback at the Azure Feedback Forums. You can follow the link below to leave your feedback:

    http://feedback.azure.com/forums/34192--general-feedback
    Thanks,
    Syed irfan Hussain

    Monday, September 8, 2014 3:08 PM
    Moderator
  • Thanks, I've also approached Alex Simmons on twitter.

    Anything would be a result. a standalone app, dll or support in the 365 portal.

    It's purely a matter of being able to confidently tell the customer we can reduce the reliance on on premise when in fact they will have to keep a instance of exchange running simply to have same sign on.

    Obviously for big enterprise clients, this is not an issue, as they can put ADFS in place etc. but for SMB's who are not yet running 2012 essentials, its a huge problem, and one many of our customers have chosen to not move to MSO365 because of this.


    Ben Harris

    Monday, September 8, 2014 4:48 PM
  • Hello Ben,

    You bring up a good perspective and we would be happy to relay the ask to the right folks in the Office 365 Product Development team as a future improvement.

    Thanks for the suggestion! If you have additional information to share, please feel free to add.

    Regards,

    Shravan

    Tuesday, September 30, 2014 11:32 PM
    Moderator
  • Agreed.  I've stated several times it would be nice if DirSync included a checkbox that said "Manage Exchange Attributes in the Cloud (No On-Premises Exchange)".

    For organizations using DirSync without Exchange, it's quite confusing.  I add proxy addresses on-prem, enable archive mailboxes on-prem but enable litigation hold or in-place hold in the cloud.

    It's especially difficult for organizations coming cross-platform that want to use DirSync but may have previously been on Lotus Notes or GroupWise.


    Joseph Palarchio http://www.itworkedinthelab.com


    Friday, October 3, 2014 2:54 AM
  • I don't understand, the issue is you have to edit Exchange attributes in your AD or EMC? Because you don't need EMC or a local Exchange, just extend the AD schema so it's objects have all those "msExch(...)" atributes, that sync to Exchange Online.

    http://technet.microsoft. com/en-us/library/bb125224(v=exchg.150).aspx#Step1

    If you are going to have the Active Directory anyway, why not edit everything (User & Mailbox) in Active Directory?

    Tuesday, October 21, 2014 11:39 PM
  • Look into the process for enabling archive when you don't have on-prem Exchange. It's far from intuitive.

    Joseph Palarchio http://www.itworkedinthelab.com

    Wednesday, October 22, 2014 12:16 AM
  • The importance and priority of this ability is going up the longer time goes by. Customers are on board with the idea of moving all services into the cloud. Having the ability to get a granular "source of authority" transfer into Office 365 vs on-prem Active Directory for just exchange attributes is a big deal. I am dealing with multiple clients that have never had Exchange on-prem. Forest schema has never been extended. They require and need AAD Connect functionality for user, security group management and computer management (Windows 10 domain joined). The fact that this forces them into a pattern of Exchange attributes being also homed to Active Directory as the source of authority is painful. It honestly takes away some of the benefits of Azure AD Connect. Most of my clients are NOT deploying ADFS as well because of the footprint it requires, and with password hash sync and the advancements in AAD there are fewer benefits for using ADFS especially with Windows 10 integration with AzureAD now. PLEASE up the priority of the ability to perform a granular source of authority transfer for exchange/email attributes into AzureAD when using AAD Connect. It will pay big dividends for clients fully adopting the Microsoft Cloud
    Friday, March 4, 2016 2:22 PM
  • FYI Dude, the way we have got round this at the moment, is by using the Essentials Experience in 2012R2.

    I'm well aware this doesn't come close to fixing my original question, but it does allow you to have an (instant!) password sync, manage attributes both on perm and in the cloud. 

    If you want more info, just ask or PM me :0)

    Ben.


    Ben Harris

    Friday, March 4, 2016 2:52 PM