With Exchange Server 2013 CU9 and Exchange Server 2016 Microsoft has released a new version of the Hybrid Configuration Wizard (HCW). Instead of running the HCW online, it is now a small stand-alone application which is installed on the hybrid server.
Installing and running the Hybrid Configuration Wizard is so easy, initially I didn’t want to write a blog post about it at all. But writing one doesn’t harm, so here we go…
The HCW is only a configuration tool, it configures both Exchange 2013/2016 on-premises as well as Exchange Online. It gathers information regarding the hybrid servers, where to deliver and receive SMTP messages and what certificates are used.
To install the new HCW and reconfigure the hybrid configuration, logon to the Exchange Control Panel and click Hybrid:
To start the HCW and modify the hybrid configuration, click Modify and sign in to Office 365 and click Modify again. This will redirect to a landing page where you can download the new bits:
Click the click here option 🙂
The download will be initiated, and a security warning is shown. You can see that the HCW application is downloaded from an Azure blob.
Click Install to start the installation and in the security warning pop-up click Run to actually install the new HCW application.
When the application is installed the new HCW is automatically started and you’re ready to reconfigure your hybrid configuration.
Click Next to continue. The HCW will automatically detect the servers that are capable of working as a hybrid server. You can opt to not automatically detect and manually select a server as shown in the following figure.
Click Next to continue. In subsequent steps you have to enter credentials for Exchange on-premises and Exchange Online (they will be validated by the HCW), you can select the hybrid domains (all accepted domains in your on-premises Exchange environment will be detected), you can select existing Client Access and Mailbox servers (or Edge Transport servers) for secure email between Exchange on-premises and Exchange online and you have to select on-premises servers that will be used for creating a Send Connector and a Receive Connector.
Select the SSL certificate that’s available (and automatically detected on the hybrid server) and enter the external FQDN of the hybrid server. Please make sure this FQDN matches a name on the SSL certificate. If it doesn’t it won’t work.
When you’ve entered this data the HCW is ready to configure the environment and in the Ready for Update window click Update to start the HCW.
The HCW will run for some time (between 30 and 60 seconds, depending on the size of your environment) and it will show its progress as well.
When the HCW is finished a congratulations window is shown. In this window you can also rate your experience with this new HCW, ranging from zero stars (totally unsatisfied) to five stars (very satisfied) as shown in the following figure.
This is all it takes to run the new Hybrid Configuration Wizard and reconfigure your existing hybrid configuration. And to be honest, when you don’t have an existing hybrid configuration and run this HCW for the first time, it will be same.
Jaap Wesselius 
Thank you for this blog.
Just have a question – I have a client who does not have an Exchange on-premise environment. They are completely in Office 365. I have read numerous times that the supported way to manage the Office 365 tenant is via Exchange Admin Center on-premise and that you can obtain a free hybrid key to achieve this.
When you run through the HCW wizard, it goes through the motions above as you mentioned. I go through the motions but when it prompts for a SSL certificate, what am I to select? There is no SSL in use for Exchange on-premise as they are not operating on-premise.
If this is not the way to manage office 365 on-premise, what do you recommend? I’ve got another test environment where I extended the schema and have tested modifying attributes through Attribute Editor but surely I can just install the base product or even just the tools if it’s possible to manage Exchange Online?
Your recent posts on Exchange Hybrid are great – thanks heaps.
Regards,
Charbel
LikeLike
Hi,
it all depends on whether or not you have DirSync installed. If you have, your account are managed on-premises and they are synchronized with Office 365, including their email related properties. Even if they have a Mailbox in Office 365, their properties are managed locally. As you already said, you can use the Attribute editor or ADSIEdit to configure the correct properties, but this is not supported, and not really an ‘admin friendly’ way to do it. Better to have an Exchange 2013/2016 server on-premises to configure this for you. This is the Exchange Hybrid server. It doesn’t hold any Mailboxes (the free license doesn’t allow you to), it’s just there for management purposes.
But, for the hybrid server, you need external connectivity, and it needs to be accessible via a FQDN like hybrid.contoso.com. You also need a certificate for this, and this is the certificate you need to configure in the HCW.
To make it more complex, in your situation you don’t need the hybrid connectivity, you only need an Exchange server for management purposes. It doesn’t need to be accessible at all from the Internet. Create a new user account, use the Enable-RemoteMailbox command and replicate the user to Office 365. The Mailbox in Exchange Online with the correct attributes is provisioned, but don’t forget the user license. BTW, if you install the Exchange server on-premises, it can be a lightweigth server, it doesn’t host any mailboxes, there’s no transport involved, no high availability, it’s just there for managing user accounts and remote mailboxes (I have to admit, it’s a bit of an overkill).
Does this help?
Thanks,
Jaap
LikeLike
Hey Jaap, thanks for the reply.
After posting yesterday, I came across this in my environment and realised I had been trying to setup a hybrid environment the whole time when in fact I didn’t need to unless I was to have on-premise and cloud mailboxes.
I can now see my Office 365 environment through the EAC on-premise.
I got a few questions for you if you can assist:
1. My Office 365 environment has ABPs created using filtering via the CustomAttribute.
Would the user creation process now be:
– Create user in AD with CustomAttribute set
– Azure AD Connect syncs user to Office 365
– Enable license through Office 365 online portal
– Use EAC on-premise to assign ABP
2. I will be doing actual testing today, but in your opinion, what would be the best approach for the creation of groups, contacts, resources, shared mailboxes?
Should users, groups and contacts be created locally in AD and synchronised across to Office 365, and resources and shared mailboxes be created straight in Office 365?
I am trying to establish a process for support purposes moving forward and trying to streamline the multi-tenant environment as much as possible. With the introduction of ABPs, customAttributes etc, the GUI interface is not there yet to make it easy during the creation of the objects which doesn’t help.
Thanks heaps.
LikeLike
Sorry for the extended replies but I am a little confused.
I have installed Exchange 2013 on-premise using the free hybrid key. No customisations at all.
Whilst in the EAC, I signed in to Office 365 and can now see my current cloud users in Office 365 and my empty on-premise environment. The cloud users will eventually be soft-matched to on-premise user accounts and any future users will be created on-premise and synced via Azure AD Connect.
So let’s say I want to create my first user who is synced from AD and has a mailbox in Office 365, how do I go about this? Do I create them on-premise and sync them via Azure AD?
I created a new user in AD, synced the user to Office 365, activated a license for the user. When I tried to hide this user from the address list, I got an error indicating he is being synced from AD and that I’ll need to manage the user from on-premise.
Will all creations happen on-premise and synced to Office 365?
Thanks for your help.
LikeLike
Hi,
Being a consultant i would normally ask “what do you want to achieve?”. You have an Active Directory on-premises and you have an Office 365 subscription, did you already provision the users in Office 365? I would think so because you’re talking about the ‘soft match’ in another reply.
If you have Azure AD sync installed, all user management will be on-premises. If you want to change properties using the Online Portal it will fail with a ‘write scope’ error. I’ve written about this in the past: https://jaapwesselius.com/2015/06/23/the-operation-on-mailbox-failed-because-its-out-of-the-current-users-write-scope/
Let’s take this offline for a while. Can you send me an email at jaap [@] wesselius.info?
Thanks,
Jaap
LikeLike
Hello Jaap,
We are an educational shared service center in the Netherlands. For our environment I have a question, maybe you can point me in the right direction.
When we started our service center we decided to have a single forest, single domain Active Directory, all our cooperation members have their own organizational unit witch we manage. We also have a single Exchange 2013 SP1 email setup. We have gotten the challenge to migrate this exchange environment to the O365 cloud. Normally this would be no problem in setting up an hybrid solution, except all our members have their own O365 tenant.
For our students (who don’t have mail in our exchange environment) we have setup multiple AAD Connect servers to sync the user accounts with the correct O365 tenants. I know it will be a challenge to create a hybride solution for one exchange environment to multiple tenants. I found it isn’t a problem to connect multiple forest to one tenant, but the other way around i could not find.
Do you have any idea if it is possible to setup a hybride exchange environment with multiple O365 tenants ?
Thanks in advance,
Marco
LikeLike
Hi Marco, I am in Las Vegas right now, please send me an email to jaap [at] wesselius.info
LikeLike