Exchange hybrid "writeback" with Cloud Sync (Cloud to On-prem Sync)

 

An Exchange hybrid deployment is a way to extend the feature-rich experience and administrative control of an on-premises Microsoft Exchange organization to the cloud. It provides a seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online.

With this new feature enabled, we can "write back" Exchange Online attribute to on-premises AD environment.

Prerequisites

Before deploying Exchange Hybrid with cloud sync you must meet the following prerequisites.

• The provisioning agent must be version 1.1.1107.0 or later.
• Your on-premises Active Directory must be extended to contain the Exchange schema.
• To extend your schema for Exchange you need mount the exchange setup ISO to active directory server and run blow command in CMD 

Enable Exchange hybrid "writeback"

Exchange Hybrid Writeback is disabled by default.

• In the Azure portal, select Azure Active Directory.
• On the left, select Azure AD Connect.
• On the left, select Cloud sync.
• Click on an existing configuration.
• At the top, select Properties. You should see Exchange hybrid writeback disabled.
• Select the pencil next to Basic.

On the right, place a check in Exchange hybrid writeback and click Apply.

If the checkbox for Exchange hybrid writeback is disabled, it means that the schema has not been detected. You need to restart the provisioning agent after the schema is extended.

Attributes synchronized

Cloud sync writes Exchange On-line attributes back to users in order to enable Exchange hybrid scenarios. The following table is a list of the attributes and the mappings.

Azure AD attribute	AD attribute	Object Class	Mapping Type
cloudAnchor	msDS-ExternalDirectoryObjectId	User, InetOrgPerson	Direct
cloudLegacyExchangeDN	proxyAddresses	User, Contact, InetOrgPerson	Expression
cloudMSExchArchiveStatus	msExchArchiveStatus	User, InetOrgPerson	Direct
cloudMSExchBlockedSendersHash	msExchBlockedSendersHash	User, InetOrgPerson	Expression
cloudMSExchSafeRecipientsHash	msExchSafeRecipientsHash	User, InetOrgPerson	Expression
cloudMSExchSafeSendersHash	msExchSafeSendersHash	User, InetOrgPerson	Expression
cloudMSExchUCVoiceMailSettings	msExchUCVoiceMailSettings	User, InetOrgPerson	Expression
cloudMSExchUserHoldPolicies	msExchUserHoldPolicies	User, InetOrgPerson	Expression

Provisioning on-demand

Provisioning on-demand with Exchange hybrid writeback requires two steps. You need to first provision or create the user. Exchange online then populates the necessary attributes on the user. Then cloud sync can then "write back" these attributes to the user. The steps are:

• Provision and sync the initial user - this brings the user into the cloud and allows them to be populated with Exchange online attributes.
• Write back exchange attributes to Active Directory - this writes the Exchange online attributes to the user on-premises.

Provisioning on-demand with Exchange hybrid use the following steps

• In the Azure portal, select Azure Active Directory.
• On the left, select Azure AD Connect.
• On the left, select Cloud sync.
• Under Configuration, select your configuration.
• On the left, select Provision on demand.
• Enter the distinguished name of a user and select the Provision button.

• Then select the Writeback exchange attribute tab and select Next

Note: First you need to create the user on-premise active directory and assign the license from cloud. after that Exchange attribute will sync back to on-premise active directory. 

Conclusion: on-premise Exchange hybrid server can be remove from the Organization.