Office 365 Hybrid Check List

Implementing Office 365 is not easy for an a large organization. Here is a current summary of the issues that I have had to deal with in order to get from point A to point B. This will most certainly be an evolving list that I add to over time as new “features” are turned on or are no longer applicable.

  • Office 365 Licensing

During our initial implementation of Office365, we chose to sync all user accounts (Dirsync and now replaced by Azure AD Connect) and assign the appropriate E1 license.

The first trick is to figure out what license to assign each user. The Faculty E1 license or the Student E1 license? My approach was to use powershell to query the MSOL users that do not have a license assigned. Then loop through these users and then query our On-Premise active directory to see if this user was a “student” or “staff” or “faculty” in simplistic terms. Based on this response, the appropriate Student E1 or Faculty E1 license would be assigned in Office 365.

We did not want to include the Exchange Online Plan as part of the E1 license. We did this because if your mailbox has not been moved to Exchange Online, then all users would get an error message when clicking on the Mail icon within Office 365.  This is because there is no corresponding Exchange Online mailbox associated with the account.

Once we decided to start moving mailboxes to Exchange Online, a second script was written to look for the LicenseReconciliationNeeded setting for each migrated mailbox

LicenseReconciliationNeeded: Whether or not the user currently has a mailbox without a license. In this case, the user should be licensed with 30 days to avoid losing their mailbox.

This script then is run on a certain schedule and assigns the Exchange Online plan to MSOL users that have the LicenseReconciliationNeeded = $true.  This means that we either migrated the mailbox to Exchange Online or the New-RemoteMailbox cmdlet has been executed On-Premise from another script.

  • Exchange Online Address Lists

Our Exchange On-Premise environment uses Address Lists for each department. We have created a “\Departments” Address List structure that then contains 1 or even 2 levels of departments address lists in the structure. Unfortunately, Exchange Online as of March 2016 does not allow Address List management within the Admin Center. Powershell is the only way to create and manage Address Lists.  This is fine, because our existing Address Lists were created by Powershell.  Before we could create address lists, we needed to create the Mail Enabled Distribution groups that the Address Lists would use as the members.  Our On-Premise environment simply used Active Directory Security Groups as the membership of the AddressLists.  We were actually deprecating the use of Distribution Groups entirely.  Using Azure AD Connect, we were even syncing these AD security groups with Office 365 for use within Sharepoint Online etc. However, Exchange Online could not see these groups!! So we enabled these groups as Exchange distribution groups and then after our next sync, they became available within Exchange Online.

A new script was created to create Address Lists within Exchange Online using our newly created synced Distribution Groups as the membership.

  • Exchange Online “Tickle” Mail Recipients
  • Message Size Limits – Exchange On-Premise and Online
  • Exchange Online Public Folder Contacts
  • Exchange Online Other Contacts
  • Exchange Online Spam Email Removal
  • Exchange Online Disable Clutter Feature
  • Office 365 Disable Yammer License Plan
Advertisements

About Parker Jardine

Manager of Systems Administration in the Information Technology Higher Education space. I enjoy biking, climbing, hockey, camping, mountaineering, hunting, paragliding, and just being outdoors. You can read my Make Magazine project articles about a diy solar panel and solar systems design in volumes 12 and 14.
This entry was posted in Active Directory, Exchange 2013, Office 365. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s