If you would like to read the other parts of this article series please go to:
Introduction
In part 11 of this multi-part articles series revolving around Exchange hybrid deployment based migrations to Office 365 or more precisely Exchange Online, we ran the Exchange 2010 hybrid configuration wizard in order to set up the basic Exchange hybrid configuration.
In this part 12, we will continue where we left off in part 11. That is we will take a closer look at the stuff that was configured by the hybrid configuration wizard (HCW).
Let’s get going…
A Look at Current Hybrid Configuration
So back in part 11, we created a basic hybrid configuration. Let’s take a look at the stuff that was created behind the scene, when we ran the Hybrid Configuration Wizard (HCW).
Let’s first look at the hybrid configuration object itself. We can do so by launching the Exchange Management Shell (EMS), and run the following command:
Get-HybridConfiguration
Figure 1: Listing the configuration for the hybrid configuration object in the on-premise Exchange organization
As you can see above, the settings (such as hybrid Client Access and Hub transport server, on-premise smart host and federation domains) you specified when we ran the wizard have been set on the hybrid configuration object. But, this is not the only thing that have been configured. You can also see which features have been enabled (FreeBusy, MoveMailbox, MailTips, MessageTracking, OwaRedirection, OnlineArchive, SecureMail and CentralizedTransport), which are features we wish to enable between the on-premise Exchange organization and the Exchange Online organization in Office 365.
In addition, the following has also been performed in the on-premise Exchange organization:
- A federation trust with the Microsoft Federation Gateway (MFG) has been established for the specified domain:
Figure 2: Federation Trust in the Exchange Management Console
Creating a federation trust with the MFG is required in order to be able to set up an organizational relationship, which again is required in order to share free/busy information and calendars between the on-premise Exchange organization and the Exchange Online organization in Office 365. With this said, it’s important to note that a trust isn’t set up with the MFG, instead the MFG merely acts as a trust broker between the involved Exchange organizations.
- “tenant_name.mail.onmicrosoft.com” has been added as an accepted domain:
Figure 3: New accepted domain in the Exchange Management Console
Adding the “tenant_name.mail.onmicrosoft.com” domain to the “Accepted Domains” list as an authoritative domain is required in order for the on-premise Exchange organization to accept inbound e-mail messages destined for a mailbox user located in Exchange Online. When a mailbox is moved from the on-premise Exchange organization to Exchange Online, the source mailbox user object is converted to a mail user object, which is configured with an external address of “[email protected]“. We will look more at this later in this article series.
- “tenant_name.mail.onmicrosoft.com” and “office365lab.dk” has been added as a remote domain:
Figure 4: New remote domains in the Exchange Management Console
A remote domain is an SMTP domain that is external to our Exchange organization. When a new remote domain is created, it’s possible to specify the remote domain is used for Exchange Online purposes. With a remote domain, we can configure out of office and message formatting settings. The HCW sets the ideal setting for a hybrid and enables the SMTP domain as the domain used for an Office 365 tenant, which is important in relation to provisioning of new remote mailbox users (users that get a mailbox created directly in Exchange Online).
- The default E-Mail Address policy has been updated, so that it stamps a secondary proxy address (alias@tenant_name.mail.onmicrosoft.com) on mailbox user objects:
Figure 5: New SMTP address added to the default E-mail Address Policy
The SMTP address “[email protected]“ is added to the default E-mail address policy, so that it can be stamped as an additional proxy address on the mail objects in the organization. As mentioned earlier, when a mailbox is moved to Exchange Online, the source mailbox user object is converted to a mail user object and in order to be able to set “[email protected]“ as the external e-mail address, it must already be stamped on the object.
Figure 6: Secondary proxy address stamped on mailbox user object
- The HCW also creates a receive connector on each of the hybrid servers. The purpose of this receive connector is to accept inbound mail that comes directly from Exchange Online in Office 365. The receive connector accepts anonymous connections (see Figure 9) secured using TLS, but only from the IP range used by Office 365 (see Figure 8).
Figure 7: Inbound mail from Office 365 receive connector
Figure 8: Remote servers that are allowed to route messages using this receive connector
Figure 9: Anonymous users ticked for the Office 365 receive connector
- In addition, the HCW will create a send connector that will route all e-mail messages destined for “tenant_name.mail.onmicrosoft.com” to Exchange Online in Office 365 (see Figure 12).
Figure 10: Outbound connector to Office 365
Figure 11: Address space for the outbound connector to Office 365
- And finally, an organizational relationship has been established with the Exchange Online organization in Office 365:
Figure 12: Organizational relationship in the Exchange Management Console
The organization relationship is used to configure what kind of features should be enabled between the on-premise Exchange organization and Exchange Online and for availability sharing at what level.
Let’s take a closer look at the organization relationship that has been created. We can do this by running the following command in the Exchange Management Shell (EMS):
Get-OrganizationRelationship | fl
Figure 13: Listing details for the organizational relationship
By default, free/busy is enabled with limited details. In addition, mailbox moves, delivery reports, mailtips and online archive are enabled. Moreover, a target OWA URL is specified and by default, it will be set to: “http://outlook.com/owa/tenant_name.onmicrosoft.com”. The target OWA URL is the URL that a user will be non-transparently redirected to (we will look at this later in this article series), when he tries to access his mailbox using the existing OWA namespace (i.e. http://mail.domain.com/owa) after his mailbox has been moved to Exchange Online. Lastly, a target autodisocver Epr has been set by the HCW. This is the endpoint used to reach out to the Exchange Online organization for the configured features, when a request comes from the on-premise Exchange organization to the Exchange Online organization.
In Office 365, the following was configured, when we ran the HCW:
- Just like for the on-premise Exchange organization, the domains used for routing between on-premise and Exchange Online has been added as “Accepted Domains” in the Exchange Online organization.
Figure 14: List of accepted domains in Exchange Online
- Likewise, for remote domains, these have been configured in Exchange Online:
Figure 15: List of remote domains in Exchange Online
- An organization relationship has been configured in Exchange Online, so the sharing requests etc. from an Exchange Online mailbox user to an on-premise mailbox user is sent to the on-premise Exchange organization.
Figure 16: Organization relationship created in Exchange Online
Just like is the case with the on-premise Exchange organization, we can get additional information about the configuration of the organization relationship by running the following command:
Get-OrganizationRelationship | fl
Figure 17: Listing details for the organization relationship in Exchange Online
- Lastly, the HCW creates an inbound as well as an outbound connector in the FOPE instance associated with the Office 365 tenant. As you may know, all inbound and outbound e-mail from a Office 365 tenant is routed through FOPE. FOPE can be accessed via the Exchange Online Control Panel (ECP) as shown in Figure 18.
Figure 18: Accessing the FOPE Administrator Center
In the FOPE administrator center, you can see the two connectors that have been created by the HCW.
Figure 19: Inbound and outbound connector in FOPE
If we expand each, you will find additional information about inbound and outbound routing.
It’s important to note these connector are read-only. If you need to modify them, it has to be performed via the hybrid configuration object in the on-premise Exchange organization.
Figure 20: Details for the inbound and outbound connector in FOPE
Update Hybrid Configuration
If you at some point wish to update the hybrid configuration in your environment, you can do so via the HCW or EMS.
If you want to use the HCW, you simply click on the hybrid configuration object in the EMC, and select “Manage Hybrid Configuration” in the context menu.
Figure 21: Managing Hybrid Configuration using the hybrid configuration wizard
If you want to use EMS, you first set the required configuration using the Set-HybridConfiguration cmdlet and then you run the Update-HybridConfiguration cmdlet to push the new configuration to Office 365.
Read more about the Set-HybridConfiguration cmdlet here and the Update-HybridConfiguration cmdlet here.
This concludes part 12 of this multi-part article in which I explain how you configure Exchange hybrid deployment followed by migrating to Office 365 (Exchange Online).
If you would like to read the other parts of this article series please go to:
