Tag Archives: Exchange Online

Moving from Exchange 2010 to Office 365 Part II

In my previous blogpost, I’ve discussed the prerequisites for moving from Exchange 2010 to Office 365 when using Directory Synchronization (using Azure AD Connect). In this blogpost I’ll discuss how to create an Exchange 2010 hybrid environment.

Exchange 2010 Hybrid

Now that Directory Synchronization is in place using Azure AD Connect we can focus on connecting the on-premises Exchange environment to Exchange Online, this a called an Exchange Hybrid Configuration.

Hybrid configurations can consist of Exchange 2010, Exchange 2013 or Exchange 2016 or a combination of versions, so it is possible to have an Exchange 2010 and Exchange 2013 coexistence scenario on-premises, and connect this to Exchange Online. However, when using multiple versions of Exchange in a Hybrid configuration there’s always add complexity, and when configured incorrectly you can get unexpected results. Therefore, I typically recommend using only one version, so if you’re running Exchange 2010 on-premises, there’s no need to add an Exchange 2013 or Exchange 2016 server to your configuration, just as a ‘hybrid server’. Despite what other people tell you, there’s no need to add a newer version, and Exchange 2010 Hybrid is fully supported by Microsoft. Better is to create an Exchange 2010 hybrid environment, and when the mailboxes (or most the mailboxes) are moved to Office 365 upgrade your existing Exchange 2010 environment to Exchange 2016. But that might be an interesting topic for a future blog post Smile.

Basically, we will create the following configuration (again, there is no Exchange 2016 server installed in the existing organization):


Figure 14. Exchange 2010 hybrid configuration.

In February 2016 Microsoft released a new Office 365 Hybrid Configuration Wizard (HCW) for Exchange 2010, replacing the old HCW that was initiated from the Exchange Management Console. To start the new Hybrid Configuration Wizard logon to the Exchange 2010 server and go to https://aka.ms/HybridWizard to download and start the new HCW. This will automatically download the new HCW from Office 365, click Install to start the new HCW.

This will start the Hybrid Configuration Wizard that will configure the Hybrid configuration, or long term coexistence configuration between Exchange 2010 and Office 365. When the HCW wizard appears click Next to start the wizard.


The wizard will look in Active Directory for installed Exchange servers, and it will try to detect the optimal Exchange server to configure. Since Inframan has only one Exchange server it will automatically select this server.

When you click on the Office 365 Exchange Online dropdown box you’ll see an overview of all available Office 365 environments. For our environment, we should select the default Office 365 Worldwide. Click next to continue.


In the next window, enter the credentials of your Office 365 tenant administrator and if needed, change the credentials of your on-premises domain administrator and click next to continue.


The HCW will now login to both your on-premises Active Directory and your Office 365 tenant. If all goes well, you’ll see six green dots for Exchange and Office 365 (including ‘Succeeded’). Click next to continue.


Now there are two options:

  • Minimal Hybrid Configuration – This is a very minimal hybrid configuration that can be used for moving your mailboxes from Exchange 2010 to Exchange Online in a short amount of time, where a coexistence scenario is not needed. This can be used for smaller organizations that want to move to Office 365 at all, but keep Directory Synchronization in place.
  • Full Hybrid Configuration – As the name implies this is a true hybrid configuration with a long term coexistence scenario. You can easily move mailboxes back and forth, but also use secure mail between Exchange on-premises and Exchange online, use free/busy information cross-premises and use stuff like out-of-office information and mailtips.

For the Inframan organization (which requires a long-term coexistence) select Full Hybrid Configuration and click next to continue.


If you want to implement a hybrid configuration, a trust is needed between Exchange Online and Exchange on-premises. This is not something like a forest- or domain-trust as you see in Active Directory on-premises, but this is a Federation Trust. Before a Federation Trust is implemented, Microsoft must make sure you own the domain you want Microsoft to federate with (i.e. the Inframan.nl domain). Click enable to continue and start the domain validation process.


The validation process is similar to the validation process when adding a new domain to Office 365, but instead of a simple ‘MS=ms123456’ text string a much more complex string needs to be added to public DNS. Click to copy to clipboard option to copy the text string to the clipboard of your computer. This contains the TXT records that needs to be added to your public DNS, and will be something like:


You can use NSLOOKUP to check if the new TXT record is available on the internet, and when it is check the I have created a TXT record for each token in DNS checkbox and click verify domain ownership.


The next window will be about configuring your Client Access servers and Mailbox servers for secure mail transport. You can leave this option default (typical), and in this scenario mail from Exchange Online to the Internet will be sent directly by the Exchange Online mail servers. If you select the Enable centralized mail transport option, you can configure the mail flow to use Exchange on-premises. In this scenario mail from Exchange Online sent to the Internet will always be sent via your Exchange on-premises organization. This lets you have full control over your inbound and outbound SMTP mail flow. One of my customers is actually doing this, and they perform DKIM signing on all outbound messages on-premises, even when messages originate from Exchange Online.

For Inframan we don’t use the centralized mail transport, click next to continue.


For secure mail between Exchange Online and Exchange on-premises we must select a Hub Transport server (in Exchange 2010) or a Mailbox server (in Exchange 2013/2016) to configure with Send and Receive Connectors. For mutual TLS, the Exchange servers also need to be configured with a valid 3rd party SSL certificate.

Again, in Inframan we only have one Exchange 2010 server which we can select using the drop-down box. Select the server and click next to continue.


Enter the public IP address that Exchange on-premises uses for inbound and outbound mail flow and click next to continue.

The HCW will no try to detect the SSL certificates on the Exchange server. One of these servers need to be used to enable mutual TLS. In this Exchange 2010 server I only have one SSL certificate with CN=webmail.inframan.nl, the autodiscover.inframan.nl domain name is a Subject Alternative Name on this certificate.


Select this SSL certificate and click next to continue.

Enter the FQDN of your Exchange organization (i.e. the FQDN Exchange Online will use to connect to your Exchange environment) and click next to continue.

The HCW has now gathered enough information to configure the hybrid configuration. Click update to start the configuration of the hybrid configuration.


The status of the configuration is shown on the console:


After a couple of minutes the hybrid configuration wizard has finished. If all goes well no errors are generated and you can rate your experiences at the end of the wizard. If you are extremely satisfied you can rate five stars, and click close to finish the HCW.


You have now successfully configured a hybrid configuration with Exchange 2010 on-premises and Exchange Online. And… without using an Exchange 2016 server Smile

In my next blog I will discuss testing the hybrid configuration , and will discuss moving mailboxes from Exchange 2010 to Exchange Online.

Moving from Exchange 2010 to Office 365

There are a lot of articles on the Internet on how to create a hybrid environment, where Exchange 2016 is connected to Office 365. Now that’s fine, but when you’re running Exchange 2016 you most like are NOT going to move to Office 365 anytime soon I guess. If you are running Exchange 2010 chances are that you will move to Office 365 (soon), but there aren’t that much articles about moving from Exchange 2010 to Office 365. And a lot of the articles available don’t have the right approach I’m afraid, and will result in you (the customer) having to pay way too much money to your system integrator.

In this article, I’ll try to outline the recommended approach when moving from Exchange 2010 to Office 365 in a hybrid scenario. With Azure AD Connect for synchronization purposes. Cliffhanger: I’m not going to install Exchange 2016 into the existing Exchange 2010 environment Smile

Existing Exchange environment

Our organization is called Inframan and they have their own on-premises Exchange 2010 environment which they have been running for 5 years now without too much issues. There are internal Outlook clients using Outlook 2010 and higher, and there are external clients using Outlook Anywhere. There are also mobile clients using ActiveSync to connect to their Mailboxes. Of course, there is Outlook Web Access, but POP3 and IMAP4 are not used.


Figure 1. Overview of the Inframan Exchange 2010 environment.

Continue reading Moving from Exchange 2010 to Office 365

Disable automatic forwarding in Office 365

By default automatic forwarding and automatic replies of email messages is turned on in Exchange Online (Office 365). You can turn this of in the Exchange Admin Center of Exchange Online (https://outlook.office.com/ecp).

Logon using your tenant administrator, select mail flow in the navigation menu and select the remote domains tab.


Open the Default remote domain and deselect the Allow automatic replies and Allow automatic forwarding checkboxes under Automatic replies.


When you click Save automatic forwarding and automatic replies will be turned off in your Office 365 tenant. Please be aware that it can take some time before the settings becomes active (I think due to replication issue).

Delegated Mailbox Permissions cross-premises

This is one of the most requested features in an Exchange hybrid scenario (i.e. Exchange Online combined with Exchange on-premises) and as of early February 2016 it is finally officially supported: Cross premises Full Access Permissions.

This means that if you have a manager’s Mailbox on-premises, and an assistant Mailbox in Exchange Online, the assistant can open the manager’s Mailbox. This works both ways, so if the manager’s Mailbox is in Exchange Online and the assistant’s Mailbox is in Exchange on-premises the results are the same.

There are some caveats however:

  • This only works when Full Access permissions are granted, and this is achieved using the Exchange Admin Center or Exchange Management Shell in Exchange Online.
  • Send-As, Receive-As and Send-on-behalf-of permissions are not supported cross-premises.
  • Your Outlook 2013 should be patched with at least the November 2015 update.
  • The first time users open a Mailbox in the other organization they might see a credentials pop-up

The people picker in in the EAC in Exchange Online supports adding Mail-Enabled Users (MEU) and regular Mailboxes, so you can use EAC in Exchange Online to add cross-premises permissions. The EAC in Exchange 2013/2016 on-premises only supports adding Mailboxes, so the online version of EAC need to be used.

More information can be found on the following Microsoft articles:

Change SMTP mail flow in hybrid scenario

After building a hybrid Exchange environment as outlined in a couple of previous blog posts we have an Exchange 2013/2016 environment where some Mailboxes exist on-premises and some Mailboxes exist in Exchange Online. Autodiscover is still pointing to the on-premises environment, and so are the MX records. Inbound SMTP mail flow from the Internet is still accessing the on-premises Exchange 2016 Edge Transport servers before being delivered to the intended recipients.


Figure 1. The Exchange hybrid environment with Mailboxes on-premises and in Exchange online.

Continue reading Change SMTP mail flow in hybrid scenario