Before You Configure an Exchange 2003 Hybrid Deployment


Applies to: Exchange Server 2010 SP1

Topic Last Modified: 2012-07-23

Configuring a hybrid deployment in your organization provides many benefits. However, to enjoy those benefits, you'll need to first do some careful planning. Before you go any further with the Exchange Server Deployment Assistant, we urge you to review this entire topic to make sure that you fully understand how configuring a hybrid deployment could affect your existing network and Exchange organization.

To successfully configure your organization for a hybrid deployment, you must create a cloud-based organization in the Microsoft Office 365 for enterprises service. We’ll give you instructions to sign up for Office 365 later in the checklist.

In the Deployment Assistant, a hybrid deployment is when you create a new cloud-based Exchange organization in Microsoft Office 365 for enterprises and then connect it to your existing on-premises Exchange 2003 organization by adding and configuring an Exchange 2010 hybrid server. After deploying the hybrid server, the following features can be enabled between the organizations:

  • Mail routing

  • Mailbox moves

  • Shared global address list (GAL)

  • Shared calendar and free/busy information

  • Message tracking, MailTips, and Multi-mailbox search

Learn more at: Understanding Hybrid Deployment

Take a look at the following figure. It's an example topology that provides an overview of a typical Exchange 2003 deployment. Contoso, Ltd. is a single forest, single domain organization with two domain controllers and one Exchange 2003 mail server. Contoso users use Outlook Web App to connect to Exchange 2003 over the Internet to check their mailboxes and access their Outlook calendar.

By the way, the name of the organization in this example, Contoso, Ltd., is also used throughout the Deployment Assistant. When you're working through the steps in your checklist, remember to replace the references to with your organization's domain name.

Existing Contoso on-premises organization

On-premises organization before coexistence

Let's say that the network administrator for Contoso is interested in configuring a hybrid deployment and decides to use the Exchange Server Deployment Assistant. The admin answers "Yes" to each of the initial questions posed by the Deployment Assistant. After completing the hybrid deployment checklist, the new topology has the following configuration:

  • Users will use their existing network account credentials for logging on to the on-premises and cloud-based organizations.

  • User mailboxes located on-premises and in the cloud-based organization will use the same e-mail address domain. For example, mailboxes located on-premises and mailboxes located in the cloud-based organization will both use in user e-mail addresses.

  • All mail is delivered to the Internet by the on-premises organization. The on-premises organization controls all messaging transport and serves as a relay for the cloud-based organization.

  • On-premises and cloud-based organization users can share calendar free/busy information with each other. Organization relationships configured for both organizations also enable cross-premises message tracking, MailTips, and message search.

  • On-premises and cloud-based users use the same URL to connect to their mailboxes over the Internet.

Using those answers, the Admin begins to work through the hybrid deployment checklist that's tailored to Contoso. After completing the checklist, Contoso has the following organization configuration.

Configuration of Contoso hybrid deployment

Overview of major coexistence components

If you compare Contoso's existing organization configuration and the hybrid deployment configuration, you'll see that configuring a hybrid deployment has added servers and services that support additional communication and features that are shared between the on-premises and cloud-based organizations. Here's an overview of the changes that a hybrid deployment has made from the initial on-premises Exchange organization.


Configuration Before hybrid deployment After hybrid deployment

Hybrid server

Not applicable; single organization only

Installed in the on-premises organization to enable hybrid deployment features

Mailbox location

Mailboxes on-premises only

Mailboxes on-premises and cloud-based

Message transport

On-premises mailbox server handles all inbound and outbound message routing

On-premises hybrid server handles message inbound and outbound message routing for both the on-premises and cloud-based organization

Outlook Web App

On-premises mailbox server receives all Outlook Web App requests and displays mailbox information

On-premises hybrid server redirects Outlook Web App requests to either the on-premises Exchange 2003 mailbox server or provides a link to log on to the cloud-based organization

Unified GAL for both organizations

Not applicable; single organization only

On-premises Active Directory synchronization server replicates Active Directory information for mail-enabled objects to the cloud-based organization

Single-sign on used for both organizations

Not applicable; single organization only

On-premises Active Directory Federation Services (AD FS) server supports using single-sign on credentials for mailboxes located either on-premises or in the cloud-based organization

Organization relationship established and a federation trust with Microsoft Federation Gateway

Not applicable, single organization only

Trust relationship with the Microsoft Federation Gateway. Organization relationship established between the on-premises and cloud-based organization

Free/busy sharing

Free/busy sharing between on-premises users only

Free/busy sharing between both on-premises and cloud-based users

Now that you're a little more familiar with what a hybrid deployment is, it's time to carefully consider some important issues. Configuring a hybrid deployment could affect multiple areas in your current network and Exchange organization.

The Deployment Assistant is specifically targeted to on-premises Exchange 2003 deployments that are contained to a single Active Directory forest and domain. If your organization contains multiple domains, other versions of Exchange, or mail systems other than Exchange, you will need to perform additional steps not outlined in the Deployment Assistant. If your existing on-premises organization is a multiple Active Directory forest and domain deployment, we recommend you delay configuring a hybrid deployment until the Deployment Assistant is updated to support these types of organizations.

Active Directory synchronization between the on-premises and cloud-based organizations is a requirement for configuring a hybrid deployment. The Microsoft Office 365 service has an upper limit for replicating mail-enabled Active Directory objects to the cloud-based organization of 10,000 objects. If your Active Directory environment contains more than 10,000 objects, contact the Microsoft Online Services support team to open a service request for an exception and indicate the number of objects you need to synchronize.

Secure Sockets Layer (SSL) digital certificates play a significant role in configuring a hybrid deployment. They help to secure communications between the on-premises hybrid server and the cloud-based organization. If you're already using digital certificates in your Exchange organization, you may have to modify the certificates to include additional domains or purchase additional certificates from a trusted certificate authority (CA). If you aren't already using certificates, you will need to purchase one or more certificates from a trusted CA. Certificates are needed early in the hybrid deployment checklist and are a requirement to configure several types of services.

Learn more at: Understanding Certificate Requirements

Your network connection to the Internet will directly impact the communication performance between your on-premises organization and the cloud-based organization. This is particularly true when moving mailboxes from your on-premises Exchange 2003 server to the cloud-based organization. The amount of available network bandwidth, in combination with mailbox size and the number of mailboxes moved in parallel, will result in varied times to complete mailbox moves. Additionally, other Office 365 cloud-based services, such as Microsoft SharePoint Online and Lync Online, may also impact the available bandwidth for messaging services.

Before moving mailboxes to the cloud-based organization, you should:

  • Determine the average mailbox size for mailboxes that will be moved to the cloud-based organization.

  • Determine the average connection and throughput speed for your connection to the Internet from your on-premises organization.

  • Calculate the average expected transfer speed, and plan your mailbox moves accordingly.

Learn more at: Company Network Requirements

The Deployment Assistant doesn't support the migration or preservation of any existing Unified Messaging services for mailboxes that are moved from the on-premises organization to the cloud-based organization. If you're using an existing on-premises Unified Messaging solution, moving mailboxes from the on-premises Exchange 2003 mailbox server to the cloud-based organization will disable Unified Messaging for the cloud-based users. Existing Unified Messaging services for user mailboxes that remain on-premises should not be affected by configuring a hybrid deployment. However, on-premises users will not be able to perform any Unified Messaging functions, such as transferring calls and leaving voice mail, to user mailboxes on the cloud-based organization.

Mobile devices are supported in a hybrid deployment. Exchange ActiveSync is enabled by default on the hybrid server and will automatically redirect requests from mobile devices to mailboxes located in either the cloud-based organization or the on-premises mailbox server. All mobile devices that support Exchange ActiveSync should be compatible with a hybrid deployment.

Learn more at: Mobile Phones

We recommend that your clients use Microsoft Office Outlook 2010 for the best experience and performance in the hybrid deployment. Outlook 2007 is compatible with a hybrid deployment, but some features may not be available.

Pre-Outlook 2007 clients are not supported by the Office 365 service or by on-premises organizations configured for hybrid deployment. Pre-Outlook 2007 clients that connect directly to the Office 365 service, and clients that connect to on-premises Exchange servers that coexist with Office 365, must be upgraded to a supported version.

To create mailboxes in, or move mailboxes to, a cloud-based organization, you need to sign up for Office 365 for enterprises and you must have licenses available. When you sign up for Office 365, you'll receive a specific number of licenses that you can assign to new mailboxes or mailboxes moved from the on-premises organization. Each mailbox in the cloud-based service must have a license.

Mailboxes moved to the cloud-based organization are automatically provided with antivirus and anti-spam protection by Forefront Online Protection for Exchange (FOPE). We recommend that you evaluate whether FOPE services protecting your cloud-based organization are sufficient to cover the antivirus and anti-spam needs of your on-premises organization. You may need to upgrade or configure your on-premises antivirus and anti-spam solutions for maximum protection across your organization.

Learn more at: Microsoft ForeFront Online Protection for Exchange

Existing Exchange public folders have limited support in a hybrid deployment. Free/busy information in your existing public folders will be replicated to the hybrid server and client requests for free/busy information are automatically directed to the hybrid server for processing for both on-premises and cloud-based organization users.

Outlook Web Access in Exchange 2003 isn’t compatible with public folders hosted on Exchange 2010 servers. On-premises Exchange 2003 Outlook Web Access users won’t be able to view free/busy information for cloud-based users.

To enable free/busy information sharing in a hybrid deployment, the OU=EXTERNAL (FYDIBOHF25SPDLT) and OU=Exchange Administrative Group (FYDIBOHF23SPDLT) public folders in your organization must be replicated to the hybrid server. After these replicas have been fully replicated to the hybrid server, you must remove the replicas for these public folders from other Exchange 2003 servers in your organization.

To avoid a single point of failure for these public folder replicas, you should consider adding additional Exchange 2010 SP1 servers to your on-premises organization for redundancy. Additional Exchange 2010 SP1 servers used for hosting public folder replicas should only have the Mailbox server role installed to avoid mail transport configuration problems.

Other public folders are not supported in the cloud-based organization and cloud-based mailboxes won't have access to public folders located in the on-premises organization.

Learn more at: Understanding Shared Free/Busy

Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums

 © 2010 Microsoft Corporation. All rights reserved.