We will need to ensure a few-prerequisites are met:
- Exchange 2010 should be running SP3
- Ensure your current exchange environment is accessible externally (can verify using the Remote Connectivity Analyzer)
We will firstly setup dirsync (now Azure AD Connect) between our on-premise environment and Azure:
Download and install: Azure AD Connect
** During the installation of Azure AD Connect ensure 'Exchange hybrid deployment' is selected under 'Optional Features. ***'
Download and install the Azure Powershell addon
Download and install Microsoft Online Services Sign-In Assistant for IT Professionals RTW
Download and install Azure Active Directory Module for Windows PowerShell (64-bit version)
Once installed launch PowerShell with administrative privileges and import the Azure model:
Import-Module Azure
authenticate yourself with:
$login = Get-Credential
and connect to Exchange Online:
Connect-MsolService -Credential $login
and enable dirsync:
Set-MsolDirSyncEnabled -EnableDirSync $true
We should proceed by hooking up our Exchange Online environment with our on-premis install.We will firstly setup dirsync (now Azure AD Connect) between our on-premise environment and Azure:
Download and install: Azure AD Connect
** During the installation of Azure AD Connect ensure 'Exchange hybrid deployment' is selected under 'Optional Features. ***'
Download and install the Azure Powershell addon
Download and install Microsoft Online Services Sign-In Assistant for IT Professionals RTW
Download and install Azure Active Directory Module for Windows PowerShell (64-bit version)
Once installed launch PowerShell with administrative privileges and import the Azure model:
Import-Module Azure
authenticate yourself with:
$login = Get-Credential
and connect to Exchange Online:
Connect-MsolService -Credential $login
and enable dirsync:
Set-MsolDirSyncEnabled -EnableDirSync $true
** Note: I have had problems sometimes connecting this way and received the following message:
Format of the Exchange object version is wrong parameter name: ExchangeBuild
Apparently Microsoft is working on a 'fix' for this - but they haven't provided any update now since late February - so please refer to below:
I had to obtain the Office 365 Hybrid Wizard and run it on the local Exchange server instead:
http://aka.ms/HybridWizard
(Run the above link from Internet Explorer - not Chrome, Firefox etc..)
After launching the wizard enter your local Exchange details (i.e. a user in the 'Organizational Management' security group.)
You will then need to enter a TXT record on your domain's zone file / DNS for verification of ownership of your domain name.
Configure the HUB transport service and specify the external IP address you would like to use to communicate with the Exchange Online service.
** Note that you should update your firewall ruleset in order to allow the Exchange Online group of IP's to communicate with the above IP - more info can be found here: https://support.office.com/en-gb/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#BKMK_EXO
I encountered the following error at the last hurdle:
HCW8073 -
PowerShell failed to invoke 'Set-EmailAddressPolicy': The recipient policy "Default Policy" with mailbox manager settings cannot be managed by the current version of Exchange Management Console. Please use a management console with the same version as the object.
This was because the email policy had not been upgraded when migrating from an older version of Exchange. The specific feature causing problems is the 'Mailbox Manager' (now defunct in later versions of Exchange.) To fix this we should refer to the following article and then run the following command to upgrade our email address policy:
Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”} | Set-EmailAddressPolicy –IncludedRecipients AllRecipients
After this I re-ran the configuration wizard and it finally went though.
After launching the wizard enter your local Exchange details (i.e. a user in the 'Organizational Management' security group.)
You will then need to enter a TXT record on your domain's zone file / DNS for verification of ownership of your domain name.
Configure the HUB transport service and specify the external IP address you would like to use to communicate with the Exchange Online service.
** Note that you should update your firewall ruleset in order to allow the Exchange Online group of IP's to communicate with the above IP - more info can be found here: https://support.office.com/en-gb/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#BKMK_EXO
I encountered the following error at the last hurdle:
HCW8073 -
PowerShell failed to invoke 'Set-EmailAddressPolicy': The recipient policy "Default Policy" with mailbox manager settings cannot be managed by the current version of Exchange Management Console. Please use a management console with the same version as the object.
This was because the email policy had not been upgraded when migrating from an older version of Exchange. The specific feature causing problems is the 'Mailbox Manager' (now defunct in later versions of Exchange.) To fix this we should refer to the following article and then run the following command to upgrade our email address policy:
Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”} | Set-EmailAddressPolicy –IncludedRecipients AllRecipients
After this I re-ran the configuration wizard and it finally went though.
Launch the Exchange Management Console and review the Send Connectors and Receive Connectors - you should notice that there are two Office 365 connectors (inbound and outbound.)
Ensure you have included all of the whitelisted hosts on the receive connector in your firewall config!
Also ensure that your firewall will allow outbound access to EOP (Exchange Online Protection) as this is what your send connector will use - the IP's are here.
If you are sharing a domain between your on premis environment and Exchange Online (i.e. both have @domain.com addresses) we need to ensure that the 'remote domain' entry for the domain under the 'Office 365 Tenant' domain tab has 'Use this domain for my Office365 tenant' ticked.
We should also ensure the 'accepted domain' entry for the domain is 'Internal Relay' if it is a shared domain.
We can now create a new user in our Exchange Online Administration Portal - so go and login to your Office 365 portal and then go to Users >> Active Users >> New User and once the user is created - select it and hit the 'Assign Licenses' from the right hand navigation pane and select 'Exchange Online.'
Now proceed to go to Admin >> Exchange to launch the Exchange admin center and then go to: Recipients >> and you should now see your new user.
We can quickly propagate settings across our on-premise and Office 365 with the following commands (make sure you run this with administrative privileges!):
$OnPremisesCreds = Get-Credential
$TenantCreds = Get-Credential
Update-HybridConfiguration -OnPremisesCredentials $OnPremisesCreds -TenantCredentials $TenantCreds
To view federation information for your domain we can issue:
Get-FederationInformation yourdomain.mail.onmicrosoft.com
and to view organizational relationships we can issue:
Get-OrganizationRelationship
We can connect to our Exchange Online tenant via PS like follows:
$session = New-PSSession -ConfigurationName:Microsoft.Exchange -Authentication:Basic -ConnectionUri:https://ps.outlook.com/powershell -AllowRedirection:$true -Credential:(Get-Credential)
Import-PSSession $session
No comments:
Post a Comment