Exchange 2013: Hybrid Part 5
In the previous blog we covered Exchange 2013 Hybrid configuration wizard and in this blog we will cover the review of the configuration changes post exchange 2013 hybrid wizard.
Review the current configuration:
- Hybrid configuration:
Run the following command to get Hybrid configuration
Get-HybridConfiguration
We can see the settings (such as receiving and sending transport servers, on-premises smart host and domains) we specified when we ran the Hybrid wizard have been set on the hybrid configuration object. We can also see which features have been enabled (“FreeBusy“, “MoveMailbox“, “MailTips“, “MessageTracking“, “OwaRedirection“, “OnlineArchive“, “SecureMail“, “Photos“), which are all features we wish to have enabled between the on-premises Exchange organization and the Exchange Online organization in Office 365.
The “ClientAccessServers” parameter is deprecated and will be removed in future updates of Exchange Server 2013, which is why it is blank.
“EdgeTransportServers” attributes is blank because we are not using it.
“CentralizedTransport” is missing under “Features” because we did not select it.
-
Federation Trust
A federation trust with the Microsoft Federation Gateway has been established for the specified domain:
Creating a federation trust with the MFG is required in order to be able to set up an organizational relationship, which again is required in order to share free/busy information and calendars between the on-premises Exchange organization Office 365. There is no trust setup with the MFG, instead the MFG just acts as a trust broker.
Similarly on the office 365 side we have following Federation
-
Organization Relationship:
We can see there is an org relationship has been build. By default, free/busy, mailbox moves, delivery reports, mailtips and online archive are enabled. There is targetOWAURL attribute specified and by default, which is set to: “http://outlook.com/owa/tenant_name.onmicrosoft.com”. The target OWA URL is the URL that a user will be non-transparently redirected, when he tries to access his mailbox using the existing OWA namespace (i.e. http://mail.domain.com/owa) after his mailbox has been moved to Office 365. We have already talked about this attribute here. At the same time this URL should be resolving office 365 URL.
The targetautodiscoverEpr has been set by the HCW. This is the endpoint used to reach out to the Exchange Online organization for the configured features, when a request comes from the on-premises Exchange organization to office 365.
And in office 365 it looks like below:
By default, free/busy, delivery reports, photos and mailtips are enabled. TargetautodiscoverEpr has been set by the HCW. This is the endpoint used to reach out to the on-premises Exchange organization for the configured features.
-
Accepted domain: Hybrid wizard has added this “tenant_name.mail.onmicrosoft.com“ in the accepted domain of Exchange 2013 and office 365. Office 365 should be authoritative and on Exchange 2013 should be internal relay.
-
Email Address policy:
We can also see “tenant_name.mail.onmicrosoft.com” has been added to default email address policy which means it will be added to all the users proxy addresses for mail routing.
We can also see x500 address has stamped on the synced users which is office365 address.
- Check the Receive connectors:
Looks like only 2 changes “Enable domain security (mutual auth TLS)” and “Anonymous users” on the Default Receive connector on the Frontend connector.
- Check the Send Connectors
I got new send connector which has my office 365 master domain and it is going to use MX record.
This means all office 365 users will have Targetaddress set to this master domain address.
- Connectors at Office 365
I got 2 connectors in the office 365.
Let us see what we have in it.
- Inbound connector:
This is the inbound connector with certificate which will be used to verify on premise Exchange 2013 email server.
-
Outbound Connector:
Remember Hybrid wizard asked for the fqdn of the SMTP server. It is configured here.
And TLS configuration.
We will have to validate the email delivery by providing an email address.
Select the connector and click on validation on the right side.
Specify the email id and click validate.
You should see this screen in few minutes with both succeeded.
Now the validation status will be Successful
- Remote Domain:
“Tenant_name.mail.onmicrosoft.com” has been added in the remote domain as well.
This has following configuration
-
Ports and URLS:
Make sure the following ports are urls are open from internet.
| URLs | DNS Record type | Public IP/hostname | Ports | Protocol | Server |
| mail.domain.com | host | x.x.x.1 | 443 & 25 | TCP | Exchange 2013 CAS+MBX |
| autodiscover.domain.com | host/alias | x.x.x.1 |
443 |
TCP | Exchange 2013 CAS+MBX |
| @ | mx | mail.domain.com |
25 |
TCP | Exchange 2013 CAS+MBX |
| fs.domain.com | host | x.x.x.2 |
443 |
TCP | ADFS and AADSync Server |
| enterpriseregistration.domain.com | host/alias | x.x.x.2 |
443 |
TCP | ADFS and AADSync Server |
My dns records look like this.
We end the review of the changes done by Exchange 2013 Hybrid wizard.
In the next blog we will cover mailbox creation and migration.
Prabhat Nigam
Microsoft MVP | Exchange Server
Team@MSExchangeGuru
Tweet me @PrabhatNigamXHG
June 22nd, 2015 at 2:56 am
[…] the previous blog we covered the review of Exchange 2013 Hybrid configuration wizard changes and in this blog we will […]
June 30th, 2015 at 5:47 pm
[…] Exchange 2013: Hybrid Part 5 […]
June 30th, 2015 at 6:01 pm
[…] Exchange 2013: Hybrid Part 5 […]
June 30th, 2015 at 6:18 pm
[…] Exchange 2013: Hybrid Part 5 […]
June 30th, 2015 at 6:20 pm
[…] « Exchange 2013: Hybrid Part 3 Exchange 2013: Hybrid Part 5 […]
June 23rd, 2016 at 7:03 am
Keep up the good work bro