Jump to content
  • entries
  • comments
  • views

Exchange 2007/2010 Hybrid Deployment & Migrating to Office 365




Αυτό το post είναι οι σημειώσεις μου από διάφορα migrations Exchange 2007 & 2010 σε Office 365 Hybrid Deployment. Για Exchange 2013 είναι σχεδόν το ίδιο, αλλά αρκετά πιο εύκολο!
Όπως είπα είναι οι σημειώσει μου μαζί με διάφορες προσθέσεις από διάφορα blogs, κάτι σαν Checklist και όχι Tytorial ή Guide.


1. Τι χρειάζεται:
2 x ADFS NLB (for identity federation)
2 x ADFS Proxy Servers NLB (for identity federation)
1 x domain member server for DIrSync
1 x SQL 2008 R2 server that will store the DirSync database
1 x Exchange 2010 Service Pack 2 + based hybrid deployment server (for rich coexistence with Exchange Online)
Access to public DNS of Domain (company.com)
3rd Party Certificates (if you have on old exchange 2007 a wildcard export and import to 2010)
Domain User for ADFS service account
Configure UPN for company.com domain


2. Γενικά τα βήματα:
1. Add Domain (company.com) to Office 365
2. Add TXT record to DNS for verification
3. Specify domain cervices (Exchange, Lync, Sharepoint)


4. ADFS (&/or Farm)
Add IIS Role, Configure NLB sts.company.local (add hosts, add A record, enable MAC spoofing), add Certificate (SelfSigned or 3rd Party) & bind default site to 443
Setup ADFS Federation server
AD FS 2.0 Federation Server Configuration Wizard
Domain User for ADFS service account


5. ADFS Proxy (&/or Farm)
Add IIS Role, Configure NLB sts.company.com (add hosts, add A record, enable MAC spoofing), add Certificate (SelfSigned or 3rd Party) & bind default site to 443
Add host A to Public DNS (sts.company.com)
Add host record to proxy servers for sts.company.local local IP (ADFS NLB Address)
Setup ADFS Federation server proxy
AD FS 2.0 Federation Server Configuration Wizard


6. Convert Domain to a Federated Domain
On Office 365 portal then downloads then step 3 “Set up and configure your office desktop apps”
de-select everything (only to install MOSM for powershell)
On office 365 portal then users then manage (SSO), install MOSM for powershell
Open MOSM and “$Cred=Get-Credential” add creds, then “Connect-Msolservice –Credentials $Cred” then “Convert-MsolDomainToFederated –DomainName “office365lab.dk”” and “Get-MsolDomain | fl”
Configure UPN for company.com domain
Go to login.microsoftonline.com and check SSO login


7. DirSync
o365 portal then users then set up under directory synchronization (after activate needs some hours)
o365 portal then users then set up ude active directory synchronization under step 4 download DirSync tool
Verify dirsync:
o365 portal then users then set up under actice directory synchronization check “active directory synchronization is activated” or powershell: “Get-MsolCompanyInformation | fl DirectorySynchronizationEnabled”
run “Directory Sync Configuration”, add creds, check “Enable Exchange hybrid deployment”. If you want to select OU, groups, users, etc then dont check “synchronize directories now”
Edit sync: “C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell” and run “miisclient” guide (http://blogs.msdn.com/b/denotation/archive/2012/11/21/installing-and-configure-dirsync-with-ou-level-filtering-for-office365.aspx)
Force Sync:
With powershell go to C:\Program Files\Microsoft Online Directory Sync” folder and from here run the “DirScConfigshell.psc1” script and on the new windows run “Start-ynOnlineCoexistenceSync”


8. Hybrid Deployment
Configure NLB on Exchange 2010 HUB/CAS
ADD 3rd party certificate (if you have on old exchange 2007 a wildcard export and import to 2010)
assign services SMTP & IIS
Configure URLS
Set-OwaVirtualDirectory -Identity “EX03\OWA (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/OWA -ExternalURL https://hybrid.office365lab.dk/OWA
Set-OwaVirtualDirectory -Identity “EX04\OWA (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/OWA -ExternalURL https://hybrid.office365lab.dk/OWA
Set-EcpVirtualDirectory -Identity “EX03\ECP (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/ECP -ExternalURL https://hybrid.office365lab.dk/ECP
Set-EcpVirtualDirectory -Identity “EX04\ECP (Default Web Site)” -InternalURLhttps://hybrid.office365lab.dk/ECP -ExternalURL https://hybrid.office365lab.dk/ECP
Active Sync
Set-ActivesyncVirtualDirectory -Identity “EX03\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync -ExternalURLhttps://hybrid.office365lab.dk/Microsoft-Server-Activesync
Set-ActivesyncVirtualDirectory -Identity “EX04\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync -ExternalURL https://hybrid.office365lab.dk/Microsoft-Server-Activesync
Set-OABVirtualDirectory -Identity “EX03\oab (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/oab -ExternalURL https://hybrid.office365lab.dk/oab
Set-OABVirtualDirectory -Identity “EX04\oab (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/oab -ExternalURL https://hybrid.office365lab.dk/oab
Set-WebServicesVirtualDirectory -Identity “EX03\EWS (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/ews/exchange.asmx -ExternalURLhttps://hybrid.office365lab.dk/ews/exchange.asmx
Set-WebServicesVirtualDirectory -Identity “EX04\EWS (Default Web Site)” -InternalUrlhttps://hybrid.office365lab.dk/ews/exchange.asmx -ExternalURLhttps://hybrid.office365lab.dk/ews/exchange.asmx
Set-ClientAccessServer –Identity EX03 -AutoDiscoverServiceInternalUri:https://hybrid.office365lab.dk/Autodiscover/Autodiscover.xml
Set-ClientAccessServer –Identity EX04 -AutoDiscoverServiceInternalUri: https://hybrid.office365lab.dk/Autodiscover/Autodiscover.xml


9. Configure DNS to Exchange 2010
Configure SPF Record (http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/)
Add public DNS v=spf1 ip4: ip4: include:outlook.com -all
o365 portal then domains then SMTP domain properties under DNS management create SPF TXT record (name @ value v=spf1 ip4: ip4: include:outlook.com -all)


10. Add o365 Tenant to EMC
from EMC add exchange forest
Connect to Exchange Online with powershell “$TenantCreds = Get-Credential” then “$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUrihttps://ps.outlook.com/powershell/ -Credential $TenantCreds -Authentication Basic –AllowRedirection” then “Import-PSSession $Session” then to test “Get-Mailbox | Get-MailboxStatistics | ft -a” or “Get-AcceptedDomain”


11. Configuring Exchange 2010 Hybrid
EMC – on premises – Organization Configuration” – “Hybrid Configuration” – “New Hybrid Configuration”
Add TXT record to public DNS
Add transport certificate (3rd party)


12. Now on can use EMS Get-HybridConfiguration για έλεγχο ότι όλα είναι OK.
EMC on-premises
A federation trust with the Microsoft Federation Gateway (MFG) has been established for the specified domain | On-Premises Org Configuration – federation trust
an organizational relationship has been established with the Exchange Online organization in Office 365 | On-Premises Org Configuration | organization relationships
“tenant_name.mail.onmicrosoft.com” has been added as an accepted domain | on-premisis – org conf – hub – accepted domains
“tenant_name.mail.onmicrosoft.com” and “office365lab.dk” has been added as a remote domain | on-premises – org conf – hub – remote domains
The default E-Mail Address policy has been updated, so that it stamps a secondary proxy address (alias@tenant_name.mail.onmicrosoft.com) on mailbox user objects | on-premisis – org conf – hub – e-mail address policies
The HCW also creates a receive connector on each of the hybrid servers | on-premiss – server conf – HUB – receive connectors
the HCW will create a send connector that will route all e-mail messages destined for “tenant_name.mail.onmicrosoft.com” to Exchange Online in Office 365 | on-premisis – org conf – hub – send connectors
EMS: Get-OrganizationRelationship | fl
EMC online
Org conf – HUB – remote domains
Org conf – Organization Relationships
FOPE (forerfront access form ECP – Mail Control
check Two connectors (inbound & outbound)


Move mailbox = new remote move request | it will move to Mail Contact
New mailbox online: Mail Contact – new remote mailbox


13. After move
Generally, Windows Phone 8 and iOS clients will be able to automatically update the ActiveSync profile, while Android based clients must have their ActiveSync profile recreated.
Outlook will need to close with admin message, re-open and add credentials


14. Decommission
Move all mailboxes to Exchange Online, point all on-premise line of business applications, network devices and so on to Exchange Online, configures mail flow to go directly in and out of Exchange Online. In this scenario, you decommission all on-premise Exchange servers, but still use DirSync and ADFS for federation. With DirSync, the on-premise Active Directory is the source of authority, which means you should provision users in the on-premise Active Directory and then have them synchronized to Office 365/Exchange Online. In this cae, it’s usually a good idea to keep a single Exchange 2010 server on-premise, so you can use the Exchange 2010 EMC or cmdlets for the provisioning. Alternatively, you remove all Exchange 2010 servers and have an identity solution such as FIM provision the on-premise Active Directory objects with the required mail attributes in order for Exchange Online to treat them as mail enabled users. Bear in mind that with DirSync enabled, most user/mailbox attributes in Exchange Online are read-only meaning you must write to them via the on-premise Active Directory user/group object.


source: http://www.e-apostolidis.gr/everything/exchange-20072010-hybrid-deployment-migrating-to-office-365/



Recommended Comments

There are no comments to display.

Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...