Configure Accepted Domains for an Exchange 2007 Hybrid Deployment

  • Article

 

Applies to: Exchange Server 2010 SP1

Estimated time to complete: 10 minutes

Accepted domains are any SMTP namespaces for which an Exchange organization sends or receives e-mail. You need to configure the following accepted domains:

SMTP namespace and secondary accepted domain   This accepted domain is used as the target address for recipients that are located in the cloud-based organization. This namespace is configured in the on-premises organization. It's also created in the cloud-based organization as a secondary accepted domain. In this checklist, service.contoso.com is used for the SMTP namespace and secondary accepted domain.

Important

You must not use the service tenant FQDN, for example, contoso.onmicrosoft.com, as the SMTP namespace or secondary accepted domain. We recommend that you use service.<your domain>.

Learn more at: Understanding Accepted Domains

Delegation namespace   This accepted domain is used by federated delegation to create a federation trust between the on-premises Exchange organization and the cloud-based organization. This namespace is configured only in the on-premises organization. In this checklist, exchangedelegation.contoso.com is used for the delegation namespace.

Learn more at: Understanding Federation

Warning

This topic is meant to be read as part of the Microsoft Exchange Server 2007 and Office 365 Hybrid Deployment checklist. Information or procedures in this topic may depend on prerequisites configured in topics earlier in the checklist. To view the checklist, see Checklist - Exchange 2007 and Office 365 Hybrid Deployment

How do I configure an accepted domain in my on-premises organization?

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Accepted domains" entry in Transport Permissions.

You can use the New Accepted Domain wizard in the Exchange Management Console on the hybrid server to create a new accepted domain for the on-premises organization:

  1. In the console tree, click Organization Configuration for the on-premises Exchange forest.

  2. Navigate to Organization Configuration> Hub Transport.

  3. In the action pane, click New Accepted Domain. The New Accepted Domain wizard appears.

  4. On the New Accepted Domain page, complete the following fields:

    • Name   To identify the accepted domain for the cloud-based organization, type a unique name in the Name field. We recommend that you select a meaningful name to help you easily identify the purpose of this accepted domain. You must use a unique name for each accepted domain.

    • Accepted Domain   Use this field to identify the SMTP namespace for the cloud-based organization so that the on-premises Exchange organization also accepts e-mail messages for this domain. For example, type service.contoso.com to set the cloud-based organization service.contoso.com as an accepted domain.

  5. Select the Internal Relay Domain option to specify that e-mail messages for the cloud-based organization are delivered to recipients in your organization who have their mailbox located on the cloud-based organization.

  6. On the Completion page, review the following, and then click Finish to close the wizard:

    • A status of Completed indicates that the wizard completed the task successfully.

    • A status of Failed indicates that the task wasn't completed. If the task fails, review the summary for an explanation, and then click Back to make any configuration changes.

  7. Repeat these steps to create the accepted domain for the delegation namespace. For example, exchangedelegation.contoso.com.

How do I configure the secondary accepted domain in the cloud-based service?

You need to add a secondary domain to the cloud-based service so that the on-premises organization can route mail to the cloud-based organization. There are two ways to add a secondary domain to the cloud-based service, depending on whether you add a subdomain to a domain you've federated using Active Directory Federation Services (AD FS), or whether you've chosen another domain to route mail to the service that hasn't been federated.

If you've federated a domain name, we recommend that you use a subdomain under that federated domain. For example, if you federated the domain contoso.com, add a subdomain of service.contoso.com to your cloud-based service.

If you haven't federated a domain using AD FS, or if you decide to use another domain to route mail to the cloud-based organization, you can use the administration portal in the cloud-based service to add the domain.

Add a subdomain to a federated domain

You need to be assigned permissions before you can perform this procedure. Here are the permissions you need:

  • You must be a member of the local Administrators group on the AD FS server.

  • Your cloud-based service administrator account must be assigned Global administrator permissions.

Do the following to add a subdomain under a federated domain to the cloud-based service.

  1. Open the Microsoft Online Services Module for Windows PowerShell tool on your AD FS server.

  2. Provide your credentials by running the following command. Use the Windows Live user name and password of an administrator in your cloud-based service.

    $Credential=Get-Credential

  3. Create a context to connect to Office 365 by running the following command.

    Connect-MSOLService -Credential $Credential

  4. Create a context to connect to the AD FS server by running the following command.

    Set-MSOLADFSContext -Computer ADFS

  5. Add the subdomain for the service domain to the cloud-based service by running the following command.

    New-MSOLFederatedDomain -Domain service.contoso.com

Add a domain using the administration portal

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Manage domains" entry in Assigning administrator roles.

Perform the following steps to add a domain to the cloud-based organization.

  1. Log on to: Cloud-based service administration portal

  2. Click Admin, and then click Domains.

  3. Click Add a domain.

  4. Enter the SMTP namespace. For example, service.contoso.com. Then, click Next.

  5. Click Verify domain.

  6. Follow the instructions provided to verify your domain ownership. When complete, wait 15 minutes and then click Verify.

How do I know this worked?

The successful completion of the New Accepted Domain wizard will be your first indication that creating the new accepted domains on the hybrid server worked as expected. To further verify that the accepted domains are configured correctly, you can run the following command in the Exchange Management Shell on the hybrid server to verify the configuration settings are correct for the accepted domains.

Get-AcceptedDomain

To verify that you've successfully added the SMTP namespace as a domain in the cloud-based organization, do the following:

  1. Log on to: Cloud-based service administration portal

  2. Click Admin, and then click Domains.

  3. Find the domain you just added, and verify its status is set to Active.

Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums

 © 2010 Microsoft Corporation. All rights reserved.