Take the following into account when synchronizing Exchange hybrid remote mailboxes:
-
The mapping for remote mailboxes is part of the Microsoft Exchange project template. Remote mailboxes are synchronized using the Microsoft Exchange connector.
-
If an Exchange hybrid environment already exists but there is no Exchange hybrid module installed, a warning appears when you synchronize. Install the Exchange hybrid module and create a new synchronization project.
-
The following order for is recommended for synchronizing the target systems.
-
Azure Active Directory
-
Local Active Directory (in parallel with Azure Active Directory possible)
-
Exchange Online
-
Local Microsoft Exchange (if possible, according to Exchange Online)
-
In One Identity Manager, the connection must be defined between the local Microsoft Exchange organization (EX0Organization) and the corresponding Azure Active Directory tenant (AADOrganization).
This connection is normally created automatically when the synchronization project is created for local Microsoft Exchange. This assumes that Azure Active Directory was already loaded in to the One Identity Manager at the time. You can establish this link manually at any time.
To declare the Azure Active Directory tenant in a Microsoft Exchange organization
-
In the Manager, select the Active Directory > Exchange system administration category.
-
Select the organization from the result list.
-
Select the Change main data task.
-
On the Hybrid configuration tab, under Azure Active Directory tenant, select the Azure Active Directory tenant to which your local Microsoft Exchange is connected.
-
Save the changes.
Related topics
You cannot move mailboxes between local One Identity Manager and Microsoft Exchange with Exchange Online. Microsoft offers migration scenarios for moving mailboxes. For more information, see your Microsoft documentation.
Synchronizing Microsoft Exchange after moving a mailbox from local Exchange Online to Microsoft Exchange in One Identity Manager results in:
After successful migration, delete outstanding mailboxes in One Identity Manager.
-
Check whether the mailbox was migrated and whether the Active Directory user account is connected with the local mailbox and a remote mailbox.
Migrated mailboxes are displayed in the Manager in the Active Directory > Troubleshooting > Mailboxes migrated to Exchange Online category.
-
Delete the outstanding mailbox.
If you apply an account definition to local mailboxes, create a new account definition for remote mailboxes.
-
If the mailbox account definition currently in use, expects an account definition for Active Directory user accounts, enter this account definition as prerequisite for the remote mailbox account definition.
IMPORTANT: The remote mailbox account definition may not be distributed automatically to everybody. Otherwise One Identity Manager creates new remote mailboxes.
Example of exchanging account definitions for migrated mailboxes
The following is an example explaining how you can replace account definitions with migrated mailboxes
NOTE: The workflows described here are only for orientation. Always take your customized workflows into account while replacing.
You always required a custom migration scenario if the account definitions are requested through the IT Shop.
Example:
Local mailboxes are managed through an account definition. This account definition requires an account definition for Active Directory user accounts.
The account definition is directly assigned to employees.
After migration, remote mailboxes are also managed through account definitions.
-
Create an account definition for remote mailboxes. Enter the Active Directory user account's account definition as prerequisite.
-
After migrating a local mailbox:
-
Make sure that the remote mailbox exists in One Identity Manager and is linked to the Active Directory user account.
-
In One Identity Manager, delete the outstanding local mailbox.
-
Assign the account definition for remote mailboxes to the employee.
-
Remove the account definition for local mailboxes from the employee.
Example:
Local mailboxes are managed through an account definition. This account definition requires an account definition for Active Directory user accounts.
The account definition is inherited by the employees through it's department relation.
After migration, remote mailboxes are also managed through account definitions.
-
Create a parallel structure to the department and assign the account definition for local mailboxes to this parallel structure.
The purpose of this parallel structure is to retain the local mailboxes' account definition assignment to an employee until the mailbox has been successfully migrated.
-
After completing DBQueue Processor processing, you can remove the account definition for local mailboxes from the department.
-
Create an account definition for remote mailboxes. Enter the Active Directory user account's account definition as prerequisite.
-
Create another parallel structure and assign the account definition for remote mailboxes to it..
The purpose of this parallel structure is to assign the remote mailboxes' account definition to employees after mailbox migration and to retain the assignment of the required account definition for Active Directory.
-
Delete the outstanding mailbox after migrating the local mailbox successfully.
-
After migrating all the department's local mailboxes, you can:
-
Assign a department to the remote mailboxes' account definition.
-
Remove the parallel structure.
To create a remote mailbox
-
In the Manager, select the Active Directory > Remote mailboxes category.
-
Click in the result list.
-
On the main data form, enter the main data of the mailbox.
-
Save the changes.
To create a mailbox for an Active Directory user account manually
-
In the Manager, select the Active Directory > User accounts category.
-
In the result list, select the user account then select the Change main data task.
-
Select the Create remote mailbox task.
-
Enter the following information:
-
Active Directory user account: The user account is already selected.
-
Exchange organization: The exchange organization is already selected. Check the setting.
-
Alias: Unique alias for further identification of the mailbox.
- Click OK.
NOTE: After creation of a new remote mailbox, it takes until the next synchronization of your Azure Active Directory tenant in Azure Active Directory Connect until a corresponding mailbox is created in the Exchange Online environment. Up to this point, the mailbox is acknowledged in the local Microsoft Exchange environment but is not yet available for use.
NOTE: After new remote mailboxes of Remote user type have been created by Azure Active Directory or Exchange Online internal processes, an appropriate Exchange license must be assigned for the resulting Azure Active Directory user account.
To display remote mailboxes without Exchange licenses
Related topics