Configuring an Exchange 2013 Hybrid Deployment and Migrating to Office 365 (Exchange Online) (Part 16)

If you would like to read the other parts in this article series please go to:

Introduction

In part 15 of this multi-part article series revolving around Exchange 2013 hybrid deployment based migrations to the new Office 365 or more precisely Exchange Online, we took a look at the mailbox migration options at our disposal when moving on-premises Exchange mailboxes to Exchange Online in an Exchange hybrid deployment.

In this part 16, we will continue where we left off back in part 15. That is, we will log on to the mailbox using Outlook Web App (OWA), Outlook Anywhere and Exchange ActiveSync (EAS) so that we can verify that we see the expected behavior for a mailbox that has been moved from on-premises Exchange to Exchange Online. Moreover, we will verify that availability lookups between Exchange Online and Exchange on-premises mailboxes work as expected.

Let’s get started.

What Happens when a Mailbox is moved to Exchange Online?

Before we start to look at how a mailbox moves to Exchange Online affects the miscellaneous Exchange clients, let’s quickly talk about what happens server-side when a mailbox is moved to Exchange Online.

As mentioned back in part 13, the SMTP address “[email protected]“ is added to the default e-mail address policy so that it can be stamped as an additional proxy address on the mail objects in the organization.

Image
Figure 1: Exchange Online routing address stamped on user mailboxes in on-premises Exchange organization

When a mailbox is moved to Exchange Online, the source mailbox user object is converted to a mail user enabled (MEU) object and the secondary proxy address “[email protected]“ is set as the external e-mail address. Back with Exchange 2010 based hybrids, the mailbox would be removed from the mailbox view and could instead be found listed as a Remove User Mailbox under the “Recipient Configuration” > “Mail Contacts” node.

With an Exchange 2013 based hybrid deployment, it can still be found under the “mailboxes” tab as an “Office 365” mailbox type as shown in Figure 2.

Image
Figure 2: Mailbox type for move mailbox

MEU objects are required in an Exchange hybrid in order for mail flow, availability lookups and autodiscover to work seamlessly between the on-premises Exchange organization and the Exchange Online organization in Office 365. As some of you might know, when an Exchange client such as Outlook queries availability of another mailbox, it will use autodiscover to find the Exchange organization in which the mailbox is located. For typical on-premises Exchange organization, the availability information will be retrieve on the local Exchange servers. However, in an Exchange hybrid deployment the autodiscover service will detect the MEU object and send the request on to the respective domain based on the external email address. So when an on-premises mailbox user queries availability for a mailbox in Exchange Online, the request will be sent to [email protected]

How are the miscellaneous Exchange clients affected by a Mailbox move to Exchange Online?

In the following, I’ll explain how a mailbox move to Exchange Online will affect the miscellaneous Exchange clients used to access the respective mailbox.

Outlook Web App

If a user is logged on to his on-premises Exchange mailbox using the Outlook Web App (OWA) client, the session will break when the migration batch is completed automatically or manually, depending on what you choose to do. This means that a user that is logged on to his on-premises mailbox, when the mailbox move for his mailbox is completed, will need to establish a new OWA session against Exchange Online.

Just like with Exchange 2010 hybrid deployments, the user will still be able to use the OWA URL pointing to the on-premises Exchange 2013 servers. He will just be presented with the redirection page shown in Figure 3, where he can choose to save the new URL to his browser favorites and click on the URL.

Important:
If you do not run Exchange 2013 CU3, the OWA redirection to Exchange Online will not work. For more information, see this KB article.

Image
Figure 3:
OWA redirection page

When clicking on the URL, the user will be taken through the authentication process. For OWA, that means the user will try to access his mailbox in Exchange Online and Exchange Online will redirect the user to “login.microsoftonline.com”, where he can enter his UPN. Once the UPN is entered and he switches to the password field, Office 365 will detect that the UPN domain is federation with an Office 365 tenant. This results in a redirect to the on-premises federation endpoint (in this case sts.clouduser.dk) and depending on whether the user is domain-joined and domain-connected or uses an external client, he will get single sign-on (SSO) or be required to enter his UPN and password.

Image
Figure 4:
OWA in Exchange Online

Because of the organization relationship that was set up between Exchange Online and Exchange on-premises during the Exchange hybrid configuration, availability lookups when booking meetings, Mailtips etc. also works as expected from Exchange Online to Exchange on-premises and vice versa.

Image
Figure 5: Availability lookups between user mailboxes in Exchange Online and Exchange on-premises

Outlook Anywhere

If a user is logged on to his on-premises Exchange mailbox using the Outlook client, then the client will be disconnected from the on-premises mailbox (as the AD object is converted to a MEU object), when the migration batch is completed automatically or manually depending on what you choose to do. This means that a user that is logged on to his on-premises mailbox using Outlook, when the mailbox move for his mailbox is completed, will see the status shown in Figure 6 at the bottom of the Outlook client.

Image
Figure 6: Outlook in disconnected state

If we open the connection status windows, we can also see this.

Image
Figure 7: Disconnected state in the Outlook connection status windows

And after a little while the dialog box shown in Figure 9 pops up prompting the user to restart Outlook.

Image
Figure 8: User prompted to restart Outlook

When he launches Outlook again, he will be prompted for credentials. This is expected as the Outlook client uses basic authentication against Exchange Online. The user should enter his UPN and password and if he ticks “Remember my credentials”, they will be saved in the credential manager on the client resulting in single sign-on next time the user launches Outlook.

Note:
When a user changes password (i.e. password expires), then the user will be prompted for credentials in Outlook until the password is updated in the credentials manager.

Image
Figure 9: User prompted for credentials when launching Outlook after the mailbox move to Exchange Online

Now Outlook is in a connected state again and if we open the connection status window, we can see that the client now is connected to Exchange Online.

Image
Figure 10: Connection status window after client has connected to Exchange Online

Just like is the case with OWA, because of the organization relationship that was set up between Exchange Online and Exchange on-premises during the Exchange hybrid configuration, availability lookups when booking meetings, Mailtips etc. also work as expected from Exchange Online to Exchange on-premises and vice versa.

Image
Figure 11: Availability lookups between user mailboxes in Exchange Online and Exchange on-premises

Exchange ActiveSync

When dealing with mailbox moves from Exchange on-premises to Exchange Online, the Exchange ActiveSync client will not be able to automatically update the ActiveSync profile via the autodiscover redirect to Exchange Online. The profile must be reconfigured manually. This is true for all ActiveSync client types (Windows Phone, iPhone, Android etc.).

This concludes part 16 of this multi-part article in which I explain how you configure an Exchange 2013 hybrid deployment followed by migrating to Office 365 (Exchange Online).

If you would like to read the other parts in this article series please go to:

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top