Hi
We have been running Azure AD Connect for a while now syncing users to O365 mainly for password syncing reasons. The sync is scoped so that only members of a specific AD security group gets synced. We only sync one-way meaning on-prem to Office365.
We are now about to migrate all mailboxes on the old on-prem Exchange 2010 server to O365. We are not running a hybrid environment, so migration will be made using a 3rd party tool. This will be done later this week.
Now I am getting a little concerned regarding the decommission of the old Exchange 2010 server after all mailboxes have been migrated. Azure AD Connect is running just fine with pretty much default settings, so I believe that it is also syncing a lot of Exchange attributes from the On-Prem AD and I am concerned that when I decommission the Exchange 2010 server I also remove the Exchange attributes from the local AD and it's users. I suspect this as I get the error message when trying to hide a user from O365 address book.
The operation on mailbox "USERNAME REMOVED" failed because it's out of the current user's write scope. The operation on mailbox failed because it’s out of the current users’s write scope. The action ‘Set-Mailbox’, ‘HiddenFromAddressListsEnabled’, can’t be performed on the object because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization. I also get a similar error while trying to edit one of the users email addresses.
So I am concerned that when I decommission the old Exchange 2010 server, a lot of Exchange attributes are removed on-prem (which is fine), but I fear that these removals will be synced to Office 365 thereby removing them there too...for example email addresses and such.
Can anyone please tell me if I need to be careful here and take some kind of action before I decommission the on-prem Exchange server or if my concerns are without reason.
Best
Thomas