Managing Exchange Online using Server 2012 R2 Essentials Experience Role (Part 3)

If you would like to read the other parts in this article series please go to:

Managing Exchange Online

Managing both on-premises and cloud resources can sometimes be a challenge. To help organizations with this, Windows Server Essentials Dashboard was designed for getting most, if not all, of day to day management tasks done from a single place. New management tasks that can now be performed in Windows Server 2012 R2 Essentials include the following:

  • Online user account management (for both Office 365 and Windows Intune);
  • Distribution group management;
  • User group management (for both local network and the Windows Azure Active Directory security group);
  • SharePoint Online Library management;
  • Exchange ActiveSync management;
  • Online service subscription plan/license management: multiple subscription plans are supported and licenses can be assigned through the Essentials Dashboard.

Let us start by managing user accounts. If we navigate to the OFFICE 365 section of the console, we can see a variety of information regarding our tenant, such as contact details, licenses bought and how many are available, what domains we added to the tenant and the 5 largest mailboxes:

Image
Figure 1

Switching over to the USERS section, we get presented with a list of our on-premises Active Directory users. In here we can see 3 users in particular that we will be working with, Nuno, Filipe and Mota:

Image
Figure 2

If we select one of the users, Nuno for example, and click on View the account properties, we get access to some of Nuno’s account details:

Image
Figure 3

If we navigate to the Microsoft online tab, we see that this on-premises account is not linked to an online account in Office 365:

Image
Figure 4

So let us see how we can create an account and mailbox for this user in Office 365.

First of all, please note that Directory Synchronization does not need to be enabled in Office 365:

Image
Figure 5

Having said that, it is possible to have DirSync running in your environment and also use Essentials to manage users. However, there is not much point in doing so as you will have two separate tools trying to achieve the same thing such as replicating users’ attributes and passwords.

Assigning an Office 365 License to Existing On-Premises User

Let us then see how we can create a mailbox for this user in Office 365. First, what we need to do is assign an online account to the on-premises user account. We can do this by creating a new online account and linking it to the on-premises account, or we can link an existing online account (if we pre-created it for example) with our on-premises account. In this case, we will be creating a new one:

  1. On the Dashboard, click Users;
  2. Select the user account in the list, and then click Assign a Microsoft online account:

Image
Figure 6

  1. The Assign a Microsoft Online Services account wizard appears. Assign an existing online account or create a new one for the user. The default online ID for a new account is the user name. For the domain part of the e-mail address the tool always choses the tenant’s default domain by default:

Image
Figure 7

  1. If this is not the domain we want, all we have to do is click the drop-down box and select the correct domain we      want to assign to the user:

Image
Figure 8

  1. Then click Next to go to the Assign Microsoft Online Services licenses where, as the name suggests, we can assign an Office 365 license to the user account:

Image
Figure 9

In this case, the WAC substring of SHAREPOINTWACLRG refers to Office Web Apps. Microsoft could really make this clearer…

  1. Click Next;
  2. Review the information on the last page of the wizard and then click Close:

Image
Figure 10

If we now go back to our Office 365 portal, we can see that the account has been created and that directory synchronization is still disabled:

Image
Figure 11

Looking at the Essentials Experience console, we can also see that the account now has an associated Microsoft online account:

Image
Figure 12

When we assign a Microsoft Online Services account to a user account, the e-mail address for the account appears in the Microsoft online account column. There is also a little icon just before the e-mail address:

  • A blue icon indicates the online account is active. That is, the account has a current Office 365 license, and the user can use the online ID to sign in to Office 365;
  • A shaded icon indicates the online account is inactive, either because the license is no longer active or the online account has been unassigned. When you unassign a user’s online account, the license is removed and the user is blocked from signing in to Office 365 using the account. However, the server maintains the mapping between the user account name and the Office 365 e-mail address.

Logging in

Now that we have created an online account and linked it to our on-premises account, the user should simply be able to login to Office 365, right? Not exactly… Because of the way password synchronization works in Essentials, when we create or match user accounts, we basically need to reset their password in order to trigger a password synchronization to Office 365. Hopefully something that will be improved in the future.

As such, to begin using the new Microsoft online account:

  1. Sign in to a computer with the on-premises credentials;
  2. Change the password for the user account (for example by pressing Ctrl+Alt+Delete and clicking Change a password). When the password is changed, it gets synchronized with the account’s online account counterpart;
  3. Now imply navigate to https://login.microsoftonline.comand and login using the new online ID and the user account password.

It is important that users are educated to not change their online account password in Office 365 as this will break password synchronization. When using DirSync, the functionality of changing passwords in Office 365 gets disabled, but not when using Essentials.

Alternatively, an administrator can reset a user’s password which will also trigger a password synchronization. If neither of these two actions happen, the credentials will simply not work:

Image
Figure 13

But once the user (or an administrator) resets his password, he will be able to login almost immediately:

Image
Figure 14

Assigning Multiple Office 365 Licenses to Existing Users

What if we have dozens of on-premises users that we want to create, or match, in Office 365? The process to achieve this is also straightforward.

To bulk-create online accounts for existing user accounts:

  1. Open the Windows Server Essentials Dashboard;
  2. On the Dashboard, open the Users page;
  3. Under Users Tasks, click Add Microsoft online accounts:

Image
Figure 15

  1. The Add Microsoft Online Services accounts page of the wizard displays all user accounts that do not have a Microsoft online account. All of the accounts are selected by default, and the user name is suggested for the Microsoft online ID. Once again, the tenant’s default domain is used by default. If your tenant’s default domain is a custom domain, then it will be used:

Image
Figure 16

  1. On the Add Microsoft Online Services accounts page, review the accounts that will be created. For example, check for users who already have an online account with a different online ID, and make sure the domain that you want to use in e-mail addresses is selected. In my case, I am only interested in enabling Filipe and Mota. So, I unselect everyone, make sure only these two users are selected, assign the correct domain for them, and click Next:

Image
Figure 17

  1. On the Assign Microsoft Online Services licenses page, select the Office 365 services the users will have access to:

Image
Figure 18

  1. When you click Next, account creation will begin:

Image
Figure 19

Once more, we need to notify users that they now have a Microsoft online account and that they must change their user account password before they can sign in to Office 365.

Conclusion

In this 3rd part of this article series, we started using the Essentials Experience console to manage Exchange Online. Specifically, we created online accounts for existing on-premises users.

In the next part, we will see how to create brand new users in both environments and how to manage other aspects of Exchange Online such as e-mail aliases.

If you would like to read the other parts in this article series please go to:

Leave a Comment

Your email address will not be published.

Scroll to Top