Understanding the Hybrid Configuration Wizard
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2011-12-13
This topic gives you an overview of the Hybrid Configuration wizards, the hybrid deployment configuration process, and the Hybrid Configuration Engine.
For more information about hybrid deployments, check out Understanding Hybrid Deployment. Looking for management tasks related to hybrid deployments? See Hybrid Deployments with the Hybrid Configuration Wizard.
Creating and configuring your hybrid deployment with the Hybrid Configuration Wizards is a two-step process. To begin, you use the New Hybrid Configuration wizard to create the foundation for the hybrid deployment. Then, you use the Manage Hybrid Configuration wizard to configure your Exchange organization for the hybrid deployment.
In the first step of the hybrid configuration process, the New Hybrid Configuration wizard creates the HybridConfiguration object in your on-premises Active Directory. This Active Directory object stores the hybrid configuration information for the hybrid deployment and is updated using the Manage Hybrid Configuration wizard.
In the second step of the hybrid configuration process, the Manage Hybrid Configuration wizard gathers existing Exchange and Active Directory topology configuration data, defines several organization parameters, and then runs an extensive sequence of configuration tasks. The general phases of the process run in the following order:
Test account credentials Designated on-premises and cloud organization hybrid management accounts access the on-premises and cloud organizations to gather prerequisite verification information and to make organization parameter configuration changes to enable hybrid deployment functionality. The Manage Hybrid Configuration wizard checks that the accounts have the appropriate credentials and can connect to the on-premises and Exchange Online organizations. The hybrid deployment management accounts for the on-premises and cloud organizations must be members of the Organization Management role group for the Hybrid Configuration wizard to complete these tasks successfully.
Verify prerequisites and perform topology checks The Manage Hybrid Configuration wizard verifies that your on-premises and cloud organizations can support a hybrid deployment. Some of the items that the wizard verifies and checks are Exchange server versions, the presence of Active Directory synchronization in the on-premises organization, and the presence of registered domains on the Office 365 service.
Run the hybrid configuration changes After testing the hybrid management accounts, conducting the verification and topology checks, and gathering configuration information defined by the Exchange administrator in the wizard process, the Manage Hybrid Configuration wizard makes the configuration changes to create and enable the hybrid deployment. All changes to the hybrid configuration are automatically logged in the hybrid configuration log. By default, the hybrid configuration log is located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration.
The table below outlines the main areas that the Hybrid Configuration wizards modify and configure.
Configuration area Description
The wizard adds an accepted domain to the on-premises organization for hybrid mail flow and Autodiscover requests for the cloud organization. This domain, referred to as the “coexistence domain”, is added as a secondary proxy domain to any e-mail address policies which have PrimarySmtpAddress templates for domains selected in the Hybrid Configuration wizard. By default, this domain is <domain>.mail.onmicrosoft.com.
You can view the accepted domain by running the following command in the Shell on the cloud organization.
Get-AcceptedDomain | FL DomainName, IsCoexistenceDomain
The wizard checks to see if there is an existing federation trust with the Microsoft Federation Gateway for the on-premises organization. If present, the existing federation trust is used to support the hybrid deployment. If not present, the wizard creates a federation trust for the on-premises organization with the Microsoft Federation Gateway. The wizard also adds any domains selected within the hybrid configuration wizard to the federation trust.
In addition to the federation trust configuration, the wizard also creates and configures organizational relationships for both the on-premises and cloud organizations. These organization relationships allow the wizard to enable several hybrid deployment features, including free/busy sharing, Outlook Web App redirection, message tracking, and MailTips.
The wizard enables the Mailbox Replication Service (MRS) proxy on the on-premises Client Access servers included in the hybrid deployment to enable mailbox moves from the on-premises organization to the cloud organization.
The wizard configures on-premises Hub Transport servers and Forefront Online Protection for Exchange (FOPE) on your Office 365 organization for hybrid mail routing. By configuring new and existing Send and Receive connectors in the on-premises organization and Inbound and Outbound connectors in FOPE, the wizard allows you to choose whether outbound messages delivered to the Internet from the Office 365 organization will be sent directly to external mail recipients or routed through your on-premises Hub Transport servers included in the hybrid deployment.
Learn more at:
For Exchange 2003 hybrid deployments: Understanding Transport Options
For Exchange 2007 hybrid deployments: Understanding Transport Options for an Exchange 2007 Hybrid Deployment
For Exchange 2010 hybrid deployments: Understanding Transport Options for an Exchange 2010 Hybrid Deployment
Important: Inbound mail flow is controlled by your organization’s MX record. Inbound Internet e-mail for a hybrid deployment isn’t configured by the Hybrid Configuration wizard.
The Manage Hybrid Configuration wizard automatically enables all hybrid deployment features by default. If you want to enable or disable specific hybrid configuration features, you can run the Manage Hybrid Configuration wizard again, or use the Exchange Management Console and the Exchange Management Shell to update hybrid deployment parameters. The following hybrid deployment features are enabled by default by the wizard:
Free/busy sharing The free/busy sharing feature enables calendar information to be shared between on-premises and cloud-based organization users. Free/busy sharing is enabled as part of the federated delegation and organization relationship configuration for the on-premises and cloud-based Exchange organizations. Learn more at Understanding Federated Delegation.
Mailbox moves The mailbox move feature enables on-premises mailboxes to be moved to the cloud organization while preserving user’s Microsoft Office Outlook profiles and offline .ost folders. Mailbox move also enables moving cloud mailboxes to the on-premises organization.
Message tracking The message tracking feature records the SMTP transport activity of all messages transferred to and from the hybrid Hub Transport servers between the on-premises and cloud-based organizations. You can use message tracking logs for message forensics, mail flow analysis, reporting, and troubleshooting. Learn more at Understanding Message Tracking.
MailTips MailTips are informative messages displayed to users while they're composing a message. By enabling MailTips in the hybrid deployment, on-premises and cloud-based senders can adjust messages they're composing to avoid undesirable situations or non-delivery reports (NDRs) between the organizations. Learn more at Understanding MailTips.
Online archiving Online archiving enables the cloud-based organization to host user e-mail archives for both on-premises and cloud-based users. Learn more at Configure Exchange Online Archiving.
Outlook Web App redirection Outlook Web App redirection provides a single, common URL to access both on-premises and cloud-based Exchange mailboxes. The hybrid server automatically redirects Outlook Web App requests to the on-premises mailbox server or provides a link to users for their mailbox in the cloud-based organization. Learn more at:
For Exchange 2003 hybrid deployments: Understanding Access to Outook Web App with a Single URL
For Exchange 2007 hybrid deployments: Understanding Access to Outlook Web App with a Single URL for an Exchange 2007 Hybrid Deployment
For Exchange 2010 hybrid deployments: Understanding Access to Outlook Web App with a Single URL for an Exchange 2010 Hybrid Deployment
Secure mail Secure mail enables secure message delivery between the on-premises and cloud organization via Transport Layer Security (TLS) protocol. The on-premises and cloud organizations are mutually authenticated through digital certificate subjects and e-mail headers and rich-text message formatting are preserved across the organizations.
The Hybrid Configuration Engine executes the core actions necessary for configuring and updating a hybrid deployment. Responsible for processing the
Update-HybridConfiguration cmdlet actions, the Hybrid Configuration Engine compares the state of the HybridConfiguration Active Directory object with current on-premises Exchange and Exchange Online configuration settings and then executes tasks to match the deployment configuration settings to the parameters defined in the HybridConfiguration Active Directory object. If the current on-premises Exchange and Exchange Online deployment configuration states already match the settings defined in the HybridConfiguration Active Directory object, no changes are made by the Hybrid Configuration Engine to either the on-premises or Exchange Online organizations.
When updating an existing hybrid deployment, the Hybrid Configuration Engine performs the following steps:
Step 1 The Update-HybridConfiguration cmdlet triggers the Hybrid Configuration Engine to start.
Step 2 The Hybrid Configuration Engine reads the “desired state” stored on the
HybridConfigurationActive Directory object.
Step 3 The Hybrid Configuration Engine discovers topology data and current configuration from the on-premises Exchange organization.
Step 4 The Hybrid Configuration Engine discovers topology data and current configuration from the Exchange Online organization.
Step 5 Based on the desired state, topology data, and current configuration, across both the on-premises Exchange and Exchange Online organizations, the Hybrid Configuration Engine establishes the “difference” and then executes configuration tasks to establish the “desired state.”
The following figure shows a summary of how the Hybrid Configuration Engine retrieves and modifies on-premises Exchange server and Exchange Online in Office 365 configuration settings during the hybrid deployment process.