The hybrid setup, when migrating from local Exchange Server to Office 365 (Exchange Online), allows the admins to move mailboxes and other resources to the cloud. For this, there is some preparation work that needs to be done, including the Entra ID synchronization with the local Active Directory. Sometimes, when setting up the hybrid connection, issues with synchronization could lead to accounts that do not match. In this article, we will discuss why Office 365 and on-premises AD accounts don’t match and explore the possible solutions to resolve the issue.
What is Exchange Hybrid Deployment?
When it comes to migration from a local Exchange Server to Online 365, the hybrid model is considered the smoothest option from the natively available methods. In this, both the setups – on-premises and cloud - act as one server. Mailboxes are moved by creating new move requests. The migration does not impact the operations.
However, the hybrid model is more complex to set up. It will take a long time for the migration to complete, especially with larger setups with big volume of data.
Why Office 365 and On-Premises AD Accounts don’t Match after Hybrid?
The hybrid model uses the Hybrid Configuration Wizard (HCW) and the Microsoft Entra Connect to synchronize the local Active Directory to the cloud identities. Below are some issues that you might encounter when it comes to AD accounts matching.
Identity Anchor Mismatch
You might encounter an issue where the identity anchor, which is a unique identifier that binds the on-premises user to the cloud identity, doesn’t match. The identity anchor must match the Active Directory GUID in order to work. If it doesn’t match, then you may face the below issues:
- Duplicate cloud account will be created.
- Mailboxes on Exchange Online will not link to the on-premises ones.
- Synchronization issues between local AD and Entra.
- Restriction on the cloud identity of the user.
- Missing or overwritten attributes during synchronization.
This primarily happens when there were repairs or rebuilds done on the local Active Directory. In certain cases, the GUID might be changed during the troubleshooting and repair operations. This will cause issues as the identity anchor will still be bound with the old GUID of the user. In such cases, you need to analyze the local Active Directory and then manually merge the identities using a hard match. Follow the below steps:
Step 1 - Convert the on-premises object GUID to Base64.
$immutableID = [System.Convert]::ToBase64String($guid.ToByteArray())
Step 2 – Set the Identity Anchor on the cloud identity.
Step 3 – Re-run the delta sync.
This should merge the user and the cloud identity.
Attribute or Alias Issues
There could be issues such as incorrect domain or email addresses and typos in the attributes in the Active Directory which can stall the synchronization of users. There might also be domains which are not used anymore and need to be removed before running the Entra Connect synchronization.
Before running the synchronization of Active Directory, you must always perform a cleanup process. This would reduce the issues when going live and also reduce the complexity.
When adding the attributes, for primary email address, the ProxyAddresses attribute should be set (see the below example).
The secondary email address or alias must also be set (see the below example).
You can export information from the Active Directory using the Get-ADUser command in a CSV file to find any duplicates, domains which are not used anymore, and also any typos.
How to Make Data Migration Process Smooth and Seamless?
Data migration is always one of the biggest headaches. You should look for ways that can reduce the administrative effort and make the migration process as smooth and seamless as possible. There are specialized Exchange migration tools, such as Stellar Migrator for Exchange that can really make the difference when it comes to peace of mind and flexibility.
This specific tool is pretty simple to use and manage. With this tool, you can easily migrate data from,
- Exchange Server to Exchange Server
- Exchange Server to Office 365
- Office 365 to Office 365
- Office 365 to Exchange Server
With Stellar Migrator for Exchange, you can granularly migrate user mailboxes, shared mailboxes, disabled mailboxes, and public folders from the source to the destination with automatic mailbox mapping. It supports incremental (delta) migration and provides real-time reporting and post migration reporting. This tool is ideal when it comes to minimizing the risk and migration effort while keeping the migration simple and smooth.
Conclusion
Hybrid model is the smoothest method of migration but it is also the most complex one to setup and maintain. There are a number of components that could go wrong and jeopardize the project or delay the migration process. You would also need to consider the inconvenience and the time and effort required to troubleshoot the issue. For a smooth and seamless migration, you can take the help of Stellar Migrator for Exchange – a specialized Exchange migration tool that can easily migrate data across Exchange servers and Office 365 tenants with simplicity and reliability.
6 min read-1848.jpg)
