将与Active Directory用户同步的云中转换 [英] Converting Synced with Active Directory Users to In Cloud
问题描述
我正在为一个已从Exchange 2010完全迁移到Office 365的客户端工作.我们使用具有Azure AD同步功能的Hybrid Exchange 2013服务器对其进行设置,以便其AD帐户密码与其邮箱同步.
I'm working for a client that has fully migrated from Exchange 2010 to Office 365. We set them up with a Hybrid Exchange 2013 server with Azure AD sync so their AD accounts passwords sync with their mailboxes.
因此,几个月后,他们告诉我,他们只有大量的OWA用户,他们从未登录过工作站,而只是登录Webmail,并且当密码更改时,他们无法通过Office 365进行操作.我们进行了研究并告诉他们他们应该考虑的 Azure AD Premium,但他们不想支付额外的每月费用.
So months later, they tell me that they have a good number of OWA only users who never log into a workstation and just webmail, and when their passwords change, they can't do it through Office 365. We did the research and told them that they should consider Azure AD Premium, but they don't want to pay the additional monthly cost.
因此,我们想到了将已同步On_prem"用户更改为"In Cloud"的方法,这需要通过反复试验,包括断开本地控制台上的框,将用户移动到未同步的OU,然后进入Office 365管理门户,并还原 删除用户的帐户.
So we had the idea to change the Synced On_prem users to In Cloud, which through some trial and error, involves disconnecting the box on the on-prem console, moving the user to an OU that is not synced, and then go into the Office 365 Admin Portal, and restore the account from deleted users.
它很快就可以工作,邮箱又回来了,但是过了一会儿,它又回到了删除状态,我发现经过几次尝试还原后,它仍然保留着.
It works pretty immediately, the mailbox comes back, but after a short time, it goes back to deleted, and I'm finding that after several attempts to restore it finally stays put.
有人知道为什么会发生这种现象吗?我的想法是,可能是某些内容正在缓存删除操作(例如Azure AD或Azure AD同步),并一直删除该帐户,直到发生超时或清除为止-但我不确定.
Anyone know why this behavior is occurring? My thinking is that perhaps something is caching the deletion (like Azure AD or the Azure AD sync) and keeps removing the account until a timeout or clearing occurs - but I can't be sure.
我有110个用户需要这样做,因此删除它们的几次还原会很令人沮丧.
I have 110 users I need to do this for and deleting restoring them several times is going to be frustrating.
推荐答案
您正在使用的过程更多解决方法,不是真正受支持的解决方案.为了使其按预期工作,您需要在将帐户移出DirSync范围后强制执行完全同步.如果仅禁用DirSync,则清除ImmutableId会更容易 对于这些对象,请将它们移出范围并重新启用DirSync.
The process you are using is more of a workaround, not a real supported solution. For it to work as expected, you need to force Full sync after moving the accounts out DirSync scope. It will be easier if you simply disable DirSync, clear the ImmutableId for those objects, move them out of scope and re-enable DirSync.
这篇关于将与Active Directory用户同步的云中转换的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
