In this article. The wizard adds an accepted domain to the on-premises organization for hybrid mail flow and Autodiscover requests for the cloud organization. This domain, referred to as the coexistence domain, is added as a secondary proxy domain to any email address policies which have PrimarySmtpAddress templates for domains selected in the Hybrid Configuration wizard. The wizard requires you to select a specific certificate issued by a third-party Certificate Authority CA that's used to authenticate and secure email messages sent between the on-premises and Exchange Online organizations.
The wizard checks to see if there is an existing OAuth authentication relationship or a federation trust with the Azure Active Directory authentication system for the on-premises organization. If present, existing OAuth authentication or the federation trust is used to support the hybrid deployment.
If not present, the wizard configures OAuth authentication or creates a federation trust for the on-premises organization with the Azure AD authentication system, depending on the type of on-premises Exchange configuration. The wizard also adds any domains selected within the Hybrid Configuration wizard to the federation trust if needed.
In addition to the OAuth authentication or federation trust configuration, the wizard also creates and configures organizational relationships for both the on-premises and Exchange Online organizations.
Note: There are additional considerations if the tenant is hosted in the Office U. In these environments, you must run the Set-FederationTrust cmdlet in the on-premises Exchange environment with a different value for the MetadataUrl parameter. See Set-FederationTrust for more information. The wizard allows you to select and configure which Exchange servers to handle secure mail transport between the on-premises and Exchange Online organizations.
In Exchange , this is Hub Transport server. In Exchange , this is a Client Access server. In Exchange and newer, this is a Mailbox server. The wizard configures your on-premises Exchange and Exchange Online organization for hybrid mail routing. By configuring new and existing Send and Receive connectors in the on-premises organization and Inbound and Outbound connectors in Exchange Online, the wizard allows you to choose whether outbound messages delivered to the Internet from the Exchange Online organization will be sent directly to external mail recipients or routed through your on-premises Exchange servers included in the hybrid deployment.
Important : Inbound mail flow is controlled by your organization's MX record. Was this information helpful? Yes No. Thank you! Any more feedback? The more you tell us the more we can help.
Can you help us improve? Resolved my issue. Clear instructions. Easy to follow. No jargon. Pictures helped. Didn't match my screen.
Incorrect instructions. Too technical. Not enough information. Not enough pictures. OAuth is required for some features today, such as cross premises discovery and automatic archive retention. Because of that, we want to ensure that OAuth is by default configured so all of the Hybrid features work when you complete the HCW.
One downside to this is that the current OAuth configuration experience previously had a high rate of failure. We have gone through and fixed a good portion of the experience and we have also added logic to the new HCW so that if the OAuth portion fails we will disable the OAUTH configuration by disabling the IntraOrganizationConnector and let you know we disabled it and give you remediation steps. This will ensure that a failed OAuth configuration does not prevent other hybrid features such as cross premises Free Busy from working.
Many more… The above are just a few of the issues that have been addressed with the latest version of the HCW. There are many example that we could have used such as a couple of issues we addressed with mail flow, Multi-Forest deployments, and many more.
In this latest version we strived for feature parity, while improvement the failure rate, and allowing for future innovation. We think we have hit the mark.
We are not going to go through each option in depth as most of them have not changed from Exchange Figure 8 shows the entry point. The first and most important purpose is that we can redirect a small subset of customers based on pre-defined criteria to an alternate HCW experience. As discussed previously in this blog, this allows us to pilot new features without affecting the production HCW experience. The second benefit of this landing page is that it allows us to provide a proper error message if the browser version, popup blockers, etc.
See figure 9 for a view of the landing page. Figure 9: Landing page Welcome Screen The Welcome screen see figure 10 will provide you with a link that will inform you about what a Hybrid configuration is along with an additional link at the bottom that explains what the HCW application is going to do. The Second link is at the bottom-left of the screen and says What does this application do?
On this screen you will simply click next to continue. Figure Welcome screen Server Detection Page The next screen allows you to choose which server you will use to perform your hybrid configuration. This is the machine that the HCW will remote PowerShell into in order to perform all of the hybrid configuration tasks. The selected server must be running a version of Exchange that is within two releases of our currently released Cumulative update.
Keep in mind that even though the HCW will allow you to proceed if you are two versions older than the current release n-2 , we actually only support going one version back for Hybrid n If for you were to select a server that is running an unsupported version, the HCW will provide you with an error stating that you are not running a supported version.
In addition, the HCW will provide you with a list of servers that are running a supported version if any exist. Figure Unsupported version The HCW will try to select the best server to perform the configuration tasks from using the following logic: First we look to see if the server we are on is running the latest supported version of Exchange in the organization.
Next we look to see if there is an existing Exchange server in the site running the latest supported version of Exchange. Finally, we attempt to connect to an out of site Exchange server typically in a different geographical location running the latest supported version. If you do not like the server selection the HCW made via the above mentioned detection logic you can manually specify the server name that you want to connect to.
You can use the short name ServerName or the long name ServerName. The last option on this page allows you to select the tenant location. Figure Server detection Credentials page The main improvement on this page is the fact that we do not force you to type in your on-premises credentials.
However, if you are not signed in as the user with the Organization Management Role you can manually override this behavior and provide separate credentials. Figure Credentials page Connection Status page We will then show you the connection status window, which will let you know if improper credentials were provided on the previous step. Usually this is a pretty uneventful window and you just click next. Figure Connection status Mail flow options page The rest of the questions in the HCW from this page on are related to the mail flow options.
The experience and windows you see from this point forward may vary depending on the options selected. For more information on the mail flow options you have please review this article. You can have a mix of and servers selected. We do not allow you to choose Exchange servers from these menus. Figure Receive Connector Figure Send Connector Certificate selection page We described the enhancements to this certificate selection page previously in the blog, we covered the experience you will get if a valid certificate cannot be found on any one of the Sending and Receiving servers selected on the previous page figure 16 and figure This certificate page is what you should expect to see when the certificates are installed properly on all servers.
In this case you will get a list of certificates that are meeting all of the requirements and installed on all of the selected servers. In most cases the list includes only one certificate that meets the list of requirements. The HCW is now able to detect and license your designated on-premises Exchange , Exchange , or Exchange hybrid server for free without going to a separate web site or calling Microsoft support.
You can access the HCW here. Note that the free Exchange Server license is not available for Exchange hybrid servers. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info.
0コメント