I recently had a challenge with a customer that had on-premises Skype for Business (SfB) and were looking to migrate to SfB Online. They did not want to federate the two infrastructures, but instead wanted to undertake a re-pointing of users at a given point in time by modifying the DNS records. When they introduced AAD Connect the default synchronisation included the SfB attributes, which is standard behaviour when AAD Connect detects that the schema extensions for SfB are present in on-premises AD. The presence of SfB-related user attribute values in the synchronisation flow caused SfB Online to detect all existing SfB on-premises users as hybrid. It meant my customer could not assign SfB Online access to synchronised users, which would have been a problem for testing the cut-over. The workaround for this was to modify the AAD Connect synchronisation rules to set the SfB attribute values to null. The steps implemented to achieve this are shown below.
1. Stop the AAD Connect sync scheduler.
From an elevated Powershell prompt run the following command
2. Open the Synchronisation Rules Editor and create an editable copy of the ‘In from AD – User Lync’ inbound synchronisation rule.
3. Set the new rule to have a higher precedence (lower numeric value) than the original rule.
4. Leave the scoping filter as is, i.e. no change.
5. Leave the join rules as is, i.e. no change.
6. Edit the transformation for each of the shown values. Change the flow type to Expression and the source to Authoritative Null.
7. Save the rule.
8. Start the AAD Connect Sync scheduler and run a full (initial) synchronisation by running the following Powershell commands:
Set-ADSyncScheduler -SyncCycleEnabled $true
Start-ADSyncSyncCycle -PolicyType Intial
9. Confirm that the synchronised users no longer appear as hybrid users in SfB Online. Run the following Powershell command:
Get-CsOnlineUser | ft userprincipalname, interpretedusertype -AutoSize
Note. This command requires the Skype for Business Online Windows Powershell Module, available here.
The output should show your synchronised users with an InterpretedUserType of ‘NoService’. If any appear as ‘HybridOnPrem’ then the custom synchronisation rule has not taken effect.
The synchronised users should now be available to enable for Skype for Business Online.
Hopefully, this has been useful to you. Let me know if you have any corrections or suggestions for improvements by adding a comment.
Seems like this would work to switch to Teams Only as well if we could not upgrade the on-premise environment and just cutover. This would null the attributes preventing users from being able to be set as Teams Only.