Preparing Lab for Exchange hybrid deployment

Similar Messages

• Office 365: Configure Public Folder for a Hybrid Deployment

  All,
  I am going to sync the public folder from exchange 2010 to
  office 365. We have a Exchange hybrid 2013. Based on this article below,
  it states:
  "If your public folders are on Exchange 2010 or
  later servers, then you need to install the Client Access Server role on
  all mailbox servers that have a public folder database. "
  We
  have HA CAS on Exchange 2010. I am not sure anything happens that I
  install the CAS on mailbox server.  Please give me your advices on this
  situation.
  on the other hand, I have ideas in my mind that I can
  copy the public folders databases on Exchange 2010 to Exchange hybrid
  2010 which has the CAS role and mailbox role.
  Please assist me with these situations.
  Thanks,
                             

  Hi,
  Please see the step 1 in the following article:
  Configure Legacy On-Premises Public Folders for a Hybrid Deployment
  http://technet.microsoft.com/en-us/library/dn249373(v=exchg.150).aspx
  Thanks,
  Simon Wu
  TechNet Community Support

• Error Preparing Schema for Exchange 2013

  I recive this error when running the preparing AD for exchange 2013 on a 2012 r2 server. 
  Error:
  The following error was generated when "$error.Clear();
  # O15# 2844081 - Create PartnerApplication "Exchange Online" in DC and On-Premise
  $exch = [Microsoft.Exchange.Data.Directory.SystemConfiguration.WellknownPartnerApplicationIdentifiers]::Exchange;
  $exchApp = Get-PartnerApplication $exch -ErrorAction SilentlyContinue -DomainController $RoleDomainController | Where { $_.UseAuthServer };
  if ($exchApp -eq $null)
  $exchAppName = "Exchange Online";
  $exchApp = New-PartnerApplication -Name $exchAppName -ApplicationIdentifier $exch -Enabled $RoleIsDatacenter -AcceptSecurityIdentifierInformation $false -DomainController $RoleDomainController;
  # Create application account for Exchange
  $appAccountName = $exchApp.Name + "-ApplicationAccount";
  $appAccount = Get-LinkedUser -Identity $appAccountName -ErrorAction SilentlyContinue -DomainController $RoleDomainController;
  if ($appAccount -eq $null)
  $appAccountUpn = $appAccountName.Replace(" ", "_") + "@" + $RoleFullyQualifiedDomainName;
  $appAccount = New-LinkedUser -Name $appAccountName -UserPrincipalName $appAccountUpn -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "UserApplication" -User $appAccount.Identity -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "ArchiveApplication" -User $appAccount.Identity -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "LegalHoldApplication" -User $appAccount.Identity -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "Mailbox Search" -User $appAccount.Identity -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "TeamMailboxLifecycleApplication" -User $appAccount.Identity -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "MailboxSearchApplication" -User $appAccount.Identity -DomainController $RoleDomainController;
  Set-PartnerApplication -Identity $exchApp.Identity -LinkedAccount $appAccount.Identity -DomainController $RoleDomainController;;
  " was run: "Couldn't find a user with the identity "ESL.LOC/Users/Exchange Online-ApplicationAccount".".
  Error:
  The following error was generated when "$error.Clear();
  # O15# 2844081 - Create PartnerApplication "Exchange Online" in DC and On-Premise
  $exch = [Microsoft.Exchange.Data.Directory.SystemConfiguration.WellknownPartnerApplicationIdentifiers]::Exchange;
  $exchApp = Get-PartnerApplication $exch -ErrorAction SilentlyContinue -DomainController $RoleDomainController | Where { $_.UseAuthServer };
  if ($exchApp -eq $null)
  $exchAppName = "Exchange Online";
  $exchApp = New-PartnerApplication -Name $exchAppName -ApplicationIdentifier $exch -Enabled $RoleIsDatacenter -AcceptSecurityIdentifierInformation $false -DomainController $RoleDomainController;
  # Create application account for Exchange
  $appAccountName = $exchApp.Name + "-ApplicationAccount";
  $appAccount = Get-LinkedUser -Identity $appAccountName -ErrorAction SilentlyContinue -DomainController $RoleDomainController;
  if ($appAccount -eq $null)
  $appAccountUpn = $appAccountName.Replace(" ", "_") + "@" + $RoleFullyQualifiedDomainName;
  $appAccount = New-LinkedUser -Name $appAccountName -UserPrincipalName $appAccountUpn -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "UserApplication" -User $appAccount.Identity -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "ArchiveApplication" -User $appAccount.Identity -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "LegalHoldApplication" -User $appAccount.Identity -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "Mailbox Search" -User $appAccount.Identity -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "TeamMailboxLifecycleApplication" -User $appAccount.Identity -DomainController $RoleDomainController;
  New-ManagementRoleAssignment -Role "MailboxSearchApplication" -User $appAccount.Identity -DomainController $RoleDomainController;
  Set-PartnerApplication -Identity $exchApp.Identity -LinkedAccount $appAccount.Identity -DomainController $RoleDomainController;;
  " was run: "Couldn't find a user with the identity "ESL.LOC/Users/Exchange Online-ApplicationAccount".".

  Hi,
  Fist, please check if there is an account which is Exchange Online-ApplicationAccount via ADUC.
  By default, this account is disabled, please enable it and re-run Setup /PrepareAD again. It should success. After preparing AD schema, please disable the account again.
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support

• Preparing Domain for Exchange 2013 in an Exchange 2010 Organization

  When preparing the domain for Exchange 2013, can we use the same Organizational Name as was used for Exchange 2010 or should we select a new variation?

  When preparing the domain for Exchange 2013, can we use the same Organizational Name as was used for Exchange 2010 or should we select a new variation?
  You dont have define the org name since it already exists. 
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Prepare schema for Exchange Online

  Hi,
  My company is going to use Microsoft Exchange Online and I first need to prepare schema for this (that's what I was told).
  I have downloaded Microsoft Exchange 2013 and tried to run "setup.exe /PrepareSchema" but it says it needs WMF 3.0 to run the setup. But I have problems with installing it on my windows 2008 R2 SP1 server. Is it ok to try to install WMF 4.0 instead
  of WMF 3.0?

  Hi,
  From your description, I would like to clarify the following things:
  1. Exchange Online is different from Exchange 2013.
  2. If you want to install WMF 4.0, the Exchange version should be Exchange 2013 SP1, Exchange 2013 is not supported.
  Here is a thread for your reference. Please see the System Requirements.
  Windows Management Framework 4.0
  http://www.microsoft.com/en-us/download/details.aspx?id=40855
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• Recomendations/limitations or Pre-requisites from Account perspective for Exchange hybrid between Exchange 2010 & O365

  Hi
  I need to migrate a few users from Exchange 2010 on premises  to O365. I will be using Hybrid mode. I need to know what are the recommendations & Pre-requisites or limitations from Account\Mailbox perspective?Please suggest.

  Hello,
  I think it will be more efficient to ask this question on Exchange Online forum:
  http://social.technet.microsoft.com/Forums/msonline/en-US/home?forum=onlineservicesexchange
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Exchange 2013 Certificates for Hybrid Deployment Clarification

   I have an Exchange 2013 servers (CAS and Mailbox on separate server) which I wanted to setup for Hybrid deployment. I already have a certificate acquired from 3rd party with 3 names (mail, autodiscover and owa). the certificate was installed in the
  CAS server. As per the hybrid deployment documentation I need also to install a certificate in the mailbox server, questions:
  1. Can I use the same certificate for installation in the mailbox server?
  2. Can I also use the same certificate in the Hybrid Configuration wizard for the "certificate to use with securing the hybrid mail transport"?
  3. Do I need to include the primary smtp domain (xxxxx.com) in the certificate since current configuration points to the mail.xxx.com as the certificate common name?

  Hi,
  Here are my answers you can refer to:
  1. It depends.
  The certificate used for hybrid secure mail transport must be installed on all on-premises Exchange 2013 Mailbox and Client Access servers.
  If you're configuring a hybrid deployment in an organization that has Exchange servers deployed in multiple Active Directory forests, you must use a separate third-party CA certificate for each Active Directory forest.
  2. Yes. But we recommend that you use a dedicated third-party certificate for any optional AD FS server, another certificate for the Exchange services for your hybrid deployment, and if needed, another certificate on your Exchange servers for other needed
  services or features.
  3. Yes. Here are the minimum suggested FQDNs that should be included on certificates: domain.com, autodiscover.domain.com, edge.domain.com
  For more information, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/hh563848(v=exchg.150).aspx
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Ramifications of assigning a wildcard certificate to the SMTP service (needed for Exchange 2010 Hybrid Configuration - Office 365)

  Hello All:
  I am receiving an error when I run the Manage Hybrid Configuration wizard - ERROR:Updating hybrid configuration failed with error 'Subtask NeedsConfiguration execution failed: Configure Recipient Settings. I have opened a SR, but figured I'd try the forums,
  too. I have a wildcard certificate from GoDaddy (MS says they support wildcards from GoDaddy) & that cert has only the IIS service applied to it on the CAS. I've read in the Exchange Server Deployment Assistant that it should have the SMTP & IIS services
  assigned to it, but my question is - SMTP on the CAS (separate server) or on the Mailbox/Hub Transport (separate server)? And what are the ramifications of assigning the SMTP service to, let's say, the CAS? We have had multiple issues every time the servers
  get updated/changed; I do not want to disrupt services further, as the Manage Hybrid Configuration will be done during business hours.
  If anyone can provide any assistance/clarification, it would be most appreciated.
  Thank you.

  Hi,
  We can enable a Wildcard certificate with SMTP service for Exchange Hybird Deployment. The SMTP service can be assigned to multiple certificates. For some Exchange services such as OWA, Ecp, ActiveSync, Autodiscover service, OOF, it is used with Exchange
  certificate with IIS service. And there is usually only one certificate can be assigned with IIS service.
  Please just make sure your Wildcard certificate can contain all namespaces which are used for all internal URL and External URL configuration in Exchange services. About how to import an existing wildcard certificate on the Exchange 2010 Hybird servers,
  please refer to the Import & Enable Third Party Certificate on Hybrid Servers
  part in the following article:
  http://www.msexchange.org/articles-tutorials/office-365/exchange-online/configuring-exchange-hybrid-deployment-migrating-to-office-365-exchange-online-part9.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please
  make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 Hybrid Deployment, on-premise to multiple Office 365 tenants

  Hello, we are in the early stages of planning an Exchange 2013 hybrid deployment for a federation of education organisations.
  We are planning to use a single on-premise Exchange organisation for staff mailboxes across all member organisations, each member already has it's own Office 365 tenancy for students, which we would like to maintain if possible.
  My question is, is it possible (and supported) for an Exchange hybrid deployment with a single on-premise organisation with multiple Office 365 tenants, my understanding is that only a 1:1 deployment is supported, can somebody confirm or clarify this ?
  Thanks

  I think if you have different AD sites then you can install the DirSync or ADFS for each of them and have one way replication. I 'd aks this question to Office365 Forum and support.
  Where Technology Meets Talent

• Exchange 2013 Hybrid Deployment issues.

  Hello.
  i have an issue when configuring Exchange hybrid deployment in my environment.
  when i complete the Exchange hybrid wizard and OAuth is finished our exchange environment will not receive emails from the "internet" as in senders outside the company.
  mail will can be sent out and will flow between internal users.
  when i check the message trace on 365 the emails were failing with the following error.
  Users were also getting a bounce back saying 
  Diagnostic-Code: smtp;550 5.4.1 [[email protected]]: Recipient address rejected: Access denied
  i wondered if it had anything to do with the MX record on our public DNS, i changed this to the one recommended by O365 domain DNS assistant, but this made no odds,
  it looks like it could be a receive connector issue however i am new to exchange so i am still learning.
  the only way to fix the issue was to run Remove-Hybridconfiguration on the Exchange 2013 server, when this finished and few moments had passed mail began being received from the internal again.
  Any Suggestions on what could be caused 
  many thanks

  Hello.
  i have an issue when configuring Exchange hybrid deployment in my environment.
  when i complete the Exchange hybrid wizard and OAuth is finished our exchange environment will not receive emails from the "internet" as in senders outside the company.
  mail will can be sent out and will flow between internal users.
  when i check the message trace on 365 the emails were failing with the following error.
  Users were also getting a bounce back saying 
  Diagnostic-Code: smtp;550 5.4.1 [[email protected]]: Recipient address rejected: Access denied
  i wondered if it had anything to do with the MX record on our public DNS, i changed this to the one recommended by O365 domain DNS assistant, but this made no odds,
  it looks like it could be a receive connector issue however i am new to exchange so i am still learning.
  the only way to fix the issue was to run Remove-Hybridconfiguration on the Exchange 2013 server, when this finished and few moments had passed mail began being received from the internal again.
  Any Suggestions on what could be caused 
  many thanks
  Make sure the accepted SMTP domains in the Office 365 EAC are set to Internal Relay rather then Authoritative.
  Twitter!:
  Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Is Reverse Proxy required for Hybrid deployment

  Hi everyone,
  We plan to deploy a new infrastructure on prem attached to O365.
  The aim of this deployment is to create lync meeting on the on prem FE server which will be accessible by O365 Lync users. (FI: these meetings will be created on prem because the customer wants to cascade Lync conference with his Polycom video conferencing
  infrastructure).
  Some users are homed on-premises and some users are homed online, but the all users share the same SIP domain. Is Reverse Proxy on prem will be required for O365 users to join meetings created on the on-premise FE or the O365 architecture
  can handle it?
  The only functionality needed is meeting (not mobility). I saw this (https://social.technet.microsoft.com/Forums/en-US/cf4f63f9-355f-475b-8148-608633adfe86/is-reverse-proxy-necessary-for-lync-hybrid-deployment?forum=lyncdeploy) but the functionality asked
  are different.
  Many thanks for your help.
  Thomas

  You'll need a reverse proxy on premises to publish the external web services FQDN of your on-premises front end pool.  Meet will use this behind the scenes regardless of where it's pointing.  If you're hybrid, the DNS URLs should typically point
  to your on-premises deployment however anyway:
  https://technet.microsoft.com/en-us/library/jj205403%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Exchange Server Deployment Assistant - Single Sign On Question

  I'm running through the Exchange Server Deployment Assistant to help with a Hybrid deployment and for
  right now, I don't want to be bothered with SSO. In the Assistant, when I answer
  No to the Do you want all users to use their on-premises credentials when they log on to their Exchange Online mailbox? question when I get to the
  Before You Begin section it always shows my answer to that question as being
  Yes.
  Any ideas? Can I simply ignore the sections that relate to AD FS as I work through the steps?
  Thanks!

  Hi Adare,
  I have tested on Exchange Server Deployment Assistant with "Hybrid"->"Exchange 2010 based hybrid", and get the same result as yours.
  Information on "Do you want all users to use their on-premises credentials when they log on to their Exchange Online mailbox?" as below:
  Single sign-on allows users in both the on-premises organization and the Exchange Online organization to access resources and features across the two organizations without being prompted for additional user credentials. Single sign-on is configured for
  a hybrid deployment using identity federation and Active Directory synchronization. If you're planning to have on-premises users access Exchange Online accounts using the Outlook mail client or planning to implement Exchange Online Archiving,
  we strongly recommend selecting Yes for this question and deploying single sign-on in your on-premises organization.
  It seems that this is the reason why Yes has been selected.
  Thanks 
  Mavis Huang
  TechNet Community Support

• Set up Exchange Hybrid - Unable to access the Federation Metadata document from the federation partner

  Hi,..
  I am configuring Exchange Hybrid deployment with Office 365. On step Set up Exchange Hybrid wizard, I get an error message as bellow :
  Need help please :)
  Thanks,
  IH

  Hi,
  Please make sure a federation trust is established. Creating a federation trust is one of several steps in setting up federated delegation in your Exchange organization.
  And please use the MetadataURL parameter to specify the URL where WS-FederationMetadata is published by the Microsoft Federation Gateway to check result.
  Besides, here is a related thread for your reference.
  http://social.technet.microsoft.com/Forums/exchange/en-US/70baa989-87c2-4d3e-990a-0ff37a05c746/newfederationtrust-not-connecting
  Hope this is helpful for you.
  Best regards,
  Belinda Ma
  TechNet Community Support

• Need help on office 365 Exchange Hybrid

  Hi Team,
  I have question related to Planning that
  I have Exchange 2013 Implemented in my on Premises. Now I also want to configure office 365 for Exchange Hybrid.
  I am planning only to deploy DirSync server but not ADFS. I know the drawback as without ADFS the office 365 user will have two identity and also to log-on on office 365 A/C either Outlook/Lync  the user need to sign in using office 365 ID.
  My management have below requirement
  1) The user Mailbox should reside in Office 365.
  2) The user will be sending receiving mails using OUR domain suffix Ex :- abc.com
  3) They do not want to built ADFS as the user logon dependency will increase again on our on premises servers.

  Hi,
  According to your description, I understand that the question is about the deployment of Exchange 2013 and Exchange Online in Office 365. This forum focuses on the deployment of Office 365 ProPlus which
  is the version of Office that comes with many Office 365 plans. Therefore, I suggest we can ask a question in Microsoft Exchange Online forum for more professional suggestions:
  http://social.technet.microsoft.com/Forums/en-US/home?forum=onlineservicesexchange
  Additionally, here is a reference about Microsoft server 2013 Hybird Deployments and hope it is helpful for you:
  http://technet.microsoft.com/en-us/library/jj200581(v=exchg.150).aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• Certificate configuring for exchange 2013 and office 365 hybrid deployment

  Please advise on what digital certificate requirements for hybrid deployment and to configure it.

  Hi sphilip,
  If you want to deploy AD FS with Single Sign-On(SSO), we need use certificate to establish secure trust between on-premises Exchange 2013 and Office online.
  We can use and configure a trusted third-part CA within all on-premises Exchange 2013 Mailbox and Client Access servers to ensure secure mail transport, more details about
  Office 365 Hybrid Configuration Certificate Planning, for your reference:
  http://blogs.technet.com/b/neiljohn/archive/2011/08/25/office-365-hybrid-configuration-certificate-planning-adfs-exchange-web-services-owa-oa.aspx
  Best Regards,
  Allen Wang