Azure AD Connect for Exchange Hybrid Migration

Steps to configure Azure AD Connect for Exchange Hybrid Migration to Office 365

  1. Download and install Azure AD Connect on one of the domain joined Windows 2012R2 member server (NOT Domain Controller)
  2. Click continue


  1. Ingrone the warning if you are using non-routable FQDN in AD, like mylab.local, and click Use Express Settings to continue


  1. Enter the Global Administrator for Azure AD / Office 365


  1. Enter the credential for Domain Administrator


  1. Ensure that the public FQDN which you had assosciated in Office 365 is verified


  1. Checked Exchange Hybrid Deployment and do NOT check the start the syncronization process when configuration complete yet


  1. You will see the Active Directory Recycle Bin is NOT enabled if you do NOT enable this feature in early stage. however, you can safely ignore it as this is optional features


  1. click Exit


  1. Double click on the Azure AD Connect to configure Domain and OU Filtering to only sync users & groups in particular OU to Office 365


  1. Click Customize Syncronization Options


  1. Enter your credential for Azure AD / Office 365


  1. Click Next


  1. Select the OU that you would like to sync


  1. Ensure Exchange Hybrid Deployment & Password Hash Synchronization is selected


  1. Check Start the synchronization process when configuration completes to perform initial syncronization to Office 365


  1. Close the wizard


  1. Monitor the progress by opening MiiClient with PowerShell
#Start MiiClient 
$MiiClient = "C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe"
Start-Process $DosCommand


  1. AAD Connect will perform schedule sync with 30 minutes interval (default) and you can perform the sync manually with the following powershell

Password Changes will be synced from Local AD to Office 365 within 2 minutes

#PowerShell for ADSync
Import-Module ADSync

#Perform Delta Sync Only
Start-ADSyncSyncCycle -PolicyType Delta

#Perform Initial Sync
Start-ADSyncSyncCycle -PolicyType Initial

Notes from Deployment

You need to remove those cloud users in Office 365 (if any) who had been assigned with Global Administrator Role to normal User Role as the AAD Sync will failed to override those users even with same UPN name and O365 will create a new user wil random no assigned

If you come across this scenario, you have to

#Move those affected users out from the OU and peform Delta Sync
#Force Sync
Start-ADSyncSyncCycle -PolicyType Delta 

#Check to ensure that Syned users had been removed in Office 365
Get-MsolUser -ReturnDeletedUsers

UserPrincipalName                 DisplayName               isLicensed
-----------------                 -----------               ----------
[email protected] Adrian                    False     

#Empty the RecycleBin
Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force 

#Force Sync Again in AAD Connect Server
Start-ADSyncSyncCycle -PolicyType Delta 

#Assign Global Administrator Role
Add-MsolRoleMember -RoleMemberEmailAddress [email protected] "Company Administrator"

We will continue to Update Exchange 2016 to latest CU11, and install Hybrid Wizard in my next post

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top