Exchange hybrid writeback with cloud sync

An Exchange hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online.

Conceptual image of exchange hybrid scenario.

This scenario is now supported in cloud sync. Cloud sync detects the Exchange on-premises schema attributes and then "writes back" the exchange on-line attributes to your on-premises AD environment.

For more information on Exchange Hybrid deployments, see Exchange Hybrid.

Prerequisites

Before deploying Exchange Hybrid with cloud sync, you must meet the following prerequisites.

  • The provisioning agent must be version 1.1.1107.0 or later.
  • Your on-premises Active Directory must be extended to contain the Exchange schema.

    Note

    If your schema has been extended after you have installed the provisioning agent, you will need to restart it in order to pick up the schema changes.

How to enable

Exchange Hybrid Writeback is disabled by default.

  1. Sign in to the Microsoft Entra admin center as at least a Hybrid Administrator.
  2. Browse to Identity > Hybrid management > Microsoft Entra Connect > Cloud sync. Screenshot of cloud sync home page.
  1. Select on an existing configuration.

  2. At the top, select Properties. You should see Exchange hybrid writeback disabled.

  3. Select the pencil next to Basic. Screenshot of the basic properties.

  4. On the right, place a check in Exchange hybrid writeback and select Apply. Screenshot of enabling Exchange writeback.

Note

If the checkbox for Exchange hybrid writeback is disabled, it means that the schema has not been detected. Verify that the prerequisites are met and that you have re-started the provisioning agent.

Attributes synchronized

Cloud sync writes Exchange On-line attributes back to users in order to enable Exchange hybrid scenarios. The following table is a list of the attributes and the mappings.

Microsoft Entra attribute AD attribute Object Class Mapping Type
cloudAnchor msDS-ExternalDirectoryObjectId User, InetOrgPerson Direct
cloudLegacyExchangeDN proxyAddresses User, Contact, InetOrgPerson Expression
cloudMSExchArchiveStatus msExchArchiveStatus User, InetOrgPerson Direct
cloudMSExchBlockedSendersHash msExchBlockedSendersHash User, InetOrgPerson Expression
cloudMSExchSafeRecipientsHash msExchSafeRecipientsHash User, InetOrgPerson Expression
cloudMSExchSafeSendersHash msExchSafeSendersHash User, InetOrgPerson Expression
cloudMSExchUCVoiceMailSettings msExchUCVoiceMailSettings User, InetOrgPerson Expression
cloudMSExchUserHoldPolicies msExchUserHoldPolicies User, InetOrgPerson Expression

Provisioning on-demand

Provisioning on-demand with Exchange hybrid writeback requires two steps. You need to first provision or create the user. Exchange online then populates the necessary attributes on the user. Then cloud sync can then "write back" these attributes to the user. The steps are:

  • Provision and sync the initial user - this brings the user into the cloud and allows them to be populated with Exchange online attributes.
  • Write back exchange attributes to Active Directory - this writes the Exchange online attributes to the user on-premises.

Provisioning on-demand with Exchange hybrid use the following steps:

  1. Sign in to the Microsoft Entra admin center as at least a Hybrid Administrator.
  2. Browse to Identity > Hybrid management > Microsoft Entra Connect > Cloud sync. Screenshot of cloud sync home page.
  1. Under Configuration, select your configuration.

  2. On the left, select Provision on demand.

  3. Enter the distinguished name of a user and select the Provision button.

  4. A success screen appears with four green check marks.

  5. Select Next. On the Writeback exchange attributes to Active Directory tab, the synchronization starts.

  6. You should see the success details. Screenshot of Exchange attributes being written back.

    Note

    This final step may take up to 2 minutes to complete.

Exchange hybrid writeback using MS Graph

You can use MS Graph API to enable Exchange hybrid writeback. For more information, see Exchange hybrid writeback with MS Graph.

Next steps