Managing Exchange Online using Server 2012 R2 Essentials Experience Role (Part 4)

If you would like to read the other parts in this article series please go to:

Creating Users

We have already seen, in the previous article, how to create an Office 365 account for an existing on-premises user account. Now, let us see how we can create one from scratch in both platforms in a single procedure.

To create a new user account and an online account assigned to it:

  1. On the Dashboard, click Users.
  2. In Users Tasks, click Add a user account:

Image
Figure 1

  1. The Add a User Account Wizard appears. Follow the instructions to create the user account:

Image
Figure 2

  1. Click Next On the Assign a Microsoft Online Services account page, either create a new online account for the user or assign an existing online account:
    • To create a new online account, click Create a new Microsoft Online Services account and assign it to this user account and type a name for the Microsoft Online Services account (by default, the user name is used for the online ID). Then click Next;
    • To assign an existing Microsoft online account, click Assign an existing Microsoft Online Services       account to this user account and select an existing account from the drop-down list. Then click Next.

In this case we are interested in creating a new online account, so we select the first option:

Image
Figure 3

  1. On the next screen we can assign Office 365 licenses to the new user account. Once done, click Next:

Image
Figure 4

  1. The wizard will then create the account both on-premises and in Office 365:

Image
Figure 5

  1. Once complete, a confirmation screen will appear:

Image
Figure 6

  1. As both accounts were created from scratch together, the user will not need to reset his password before he can sign in to Office 365.

Importing User Accounts from Office 365

Another possible scenario is that of an organization using Cloud Identities in Office 365 and wanting to import these on-premises. This could be, for example, a startup company who initially had only Office 365 and workstations in a Workgroup, but that through expansion decided to implement Active Directory and now needs to import those identities to on-premises. To achieve this:

  1. On the Dashboard, open the Users page;
  2. In Users Tasks, click Import accounts from Office 365:

Image
Figure 7

  1. We now get a new window displaying all online accounts for the Office 365 tenant that do not have a user account on-premises. All of the accounts are selected by default, and the online ID is suggested for the user name:

Image
Figure 8

  1. To create the user accounts, make any changes that are needed to the proposed user accounts. For this scenario, I am only selecting [email protected] account. Click Next to create the user account(s);
  2. Once the accounts have been created on-premises, you can click the link to view the temporary passwords that will be assigned to the user accounts (you will need to give your users their temporary password along with their new account name):

Image
Figure 9

  1. Clicking on the link will open a txt file with the new account names, their respective passwords and when they were created:

Image
Figure 10

The file is located in: SystemDrive\Users\<Logged_On_User>\NewServerUser.txt where <Logged_On_User> is the network account that is used to administer Office 365 on the server;

  1. As expected, for security reasons, users will be forced to change their on-premises password as the accounts have the User must change password at next logon option selected. This is so a password sync is triggered and both the on-premises and the online account passwords match.

Image
Figure 11

Once more, you need to make sure your users know that the passwords for their online account will be synchronized with their user account going forward, and they should not change their online password in Office 365 as this would break password synchronization.

Managing Users / E-mail Addresses

As I have already mentioned, adding or removing e-mail addresses for users is a common task in some organizations. But when DirSync is in place, this means we need to use ADSIedit or other on-premises tools such as an Exchange Server to manage such attributes. However, the whole point of Essentials is that we do not need to rely on these tools. With Essentials, managing users e-mail addresses, and other attributes, is a very simple task (although with a drawback as we will see).

Let us consider user Filipe. If we look in Exchange Online, the following are is current e-mail addresses:

Image
Figure 12

Checking the properties of the same user in Essentials, we see the same addresses with the exception of the SIP address as Essentials does not manage Lync Online:

Image
Figure 13

Now let us consider the scenario where we want to add a secondary SMTP address to this user. To do so, all we have to do is to click on Add in the Microsoft online tab, enter the new e-mail address and click OK:

Image
Figure 14

Once we click Apply, or OK, Essentials will write the changes to Office 365:

Image
Figure 15

After a few seconds, if we check Exchange Online once more, we see the new e-mail address has been added to the user:

Image
Figure 16

Image

You might also notice that the user’s SIP address has been removed… This is because Essentials basically overwrites all e-mail aliases with the ones we have on-premises, and because Essentials is not aware of the SIP address, it gets removed from Office 365

This is a problem as the user will no longer be able to use Lync Online:

Image
Figure 17

What we need to do in this case, is add the SIP address back using Exchange Online EAC:

Image
Figure 18

After the user logs off and logs back in, Lync Online will be back to normal:

Image
Figure 19

If we add another e-mail alias to the user using Essentials, this time [email protected]:

Image
Figure 20

The same thing will happen again:

Image
Figure 21

And the user will no longer be able to use Lync Online once he logs off and logs back in again…

Unfortunately, the user’s SIP address also gets deleted when we remove an e-mail alias through Essentials…

What if an administrators removes or adds an e-mail alias but using Exchange Online Administration Center? Let us remove the alias we just added ([email protected]):

Image
Figure 22

After just a few seconds, the alias gets automatically removed from the Essentials’ Console:

Image
Figure 23

Although Essentials makes it easier to manage both on-premises and cloud accounts from a single console, this bug is likely to make it unusable for adding or removing e-mail aliases… Something that I hope to see fixed soon.

Conclusion

In this part of this article series, we saw how to create brand new users and manage other aspects of Exchange Online such as e-mail aliases.

In the next and final part, we will look at managing Distribution Groups, Security Groups and ActiveSync.

If you would like to read the other parts in this article series please go to:

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top