Connect Dynamics 365 (on-premises) to Exchange Online

Dynamics CRM 2016
 

Updated: November 28, 2016

Applies To: Dynamics 365 (on-premises), Dynamics CRM 2016

This topic describes how to configure server-based authentication between Dynamics 365 (on-premises) and Exchange Online. The diagram below illustrates the communication between Dynamics 365 (on-premises), Azure Active Directory, and Exchange Online.

CRM on-premises and Exchange Online

Microsoft Dynamics 365

  • System Administrator security role.

  • If you are using a self-signed certificate for evaluation purposes, you must have local Administrators group membership on the computer where Microsoft Dynamics 365 Server is running.

Exchange Online

  • Office 365 Global Administrators membership. This is required for administrative-level access to the Office 365 subscription and to run the Microsoft AzurePowerShell cmdlets.

System_CAPS_importantImportant

In this deployment, the Dynamics 365 administrator can approve mailboxes.

Follow the steps in the order provided to set up Dynamics 365 (on-premises) with Exchange Online.

System_CAPS_importantImportant
  • The steps described here must be completed in the order provided. If a task is not completed, such as a Windows PowerShell command that returns an error message, the issue must be resolved before you continue to the next command, task, or step.

Before you configure Dynamics 365 (on-premises) and Exchange Online for server-based authentication, the following prerequisites must be met:

  • The Dynamics 365 (on-premises) deployment must already be configured and available through the Internet. More information: Configure IFD for Microsoft Dynamics 365

  • Microsoft Dynamics 365 Hybrid Connector. The Microsoft Dynamics 365 Hybrid Connector is a free connector that lets you use server-based authentication with Microsoft Dynamics 365 (on-premises) and Exchange Online. More information: Microsoft Dynamics 365 Hybrid Connector

  • An x509 digital certificate issued by a trusted certificate authority that will be used to authenticate between Dynamics 365 (on-premises) and Exchange Online. If you are evaluating server-based authentication, you can use a self-signed certificate.

The following software features are required to run the Windows PowerShell cmdlets described in this topic:

System_CAPS_importantImportant

At the time of this writing, there is an issue with the RTW version of Microsoft Online Services Sign-In Assistant for IT Professionals. Until the issue is resolved, we recommend that you use the Beta version. More information: Microsoft Azure Forums: Cannot install Azure Active Directory Module for Windows PowerShell. MOSSIA is not installed

Set up server-based authentication

  1. On the Microsoft Dynamics 365 Server where the deployment tools server role is running, start the Azure Active Directory Module for Windows PowerShell.

    System_CAPS_importantImportant

    The computer where you run the following PowerShell commands must have the prerequisite software features described earlier in Verify prerequisites.

  2. Prepare the certificate. Replace contoso\adminstrator with your domain\account.

    $CertificateScriptWithCommand = “.\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx -password personal_certfile_password -updateCrm -certificateType S2STokenIssuer -serviceAccount contoso\administrator -storeFindType FindBySubjectDistinguishedName”
    
    Invoke-Expression -command $CertificateScriptWithCommand
    

Run ConfigureCRMServerSideSync command to do the following:

  1. Set up the Dynamics 365 Principal Name in Azure Active Directory Access Control Services (ACS).

  2. Configure Dynamics 365 for server-based authentication with Exchange Online.

  3. Set the Exchange Online tenant ID.

To run the ConfigureCRMServerSideSync command

  1. In Windows PowerShell, change your directory to the folder that contains ConfigureCRMServerSideSync.ps1, as shown in this example.

    cd C:\Program Files\Microsoft Dynamics CRM\Tools
    
  2. Run the ConfigureCrmServerSideSync.ps1 script. Type the following command, and press ENTER.

    .\ConfigureCrmServerSideSync.ps1
    
  3. Enter the following parameters.

    Parameter

    Description

    rootDomainName

    The name of the server running Dynamics 365 on-premises.

    privateKeyPassword

    The password you used for your x509 digital certificate used to authenticate between Dynamics 365 (on-premises) and Exchange Online.

    cerFilePath

    The path to the security certificate file. For example: c:\Personalcertfile.cer

    pfxFilePath

    The path to the Personal Information Exchange file. For example: c:\Personalcertfile.pfx

    organizationName

    The name of your Dynamics 365 organization. For example: Contoso

    O365AdminEmail

    The Office 365 tenant email address. For example: user@contoso.onmicrosoft.com

Error: Failed Authentication. This error can be returned when the certificate used for server-to-server authentication is missing or invalid. Update or install the certificate and try again.

  1. Go to Settings > Email Configuration > Email Server Profiles.

  2. Click New > Exchange Online (Hybrid).

  3. For an Exchange email server profile, specify the following details.

    Fields

    Description

    General

    Name

    Specify a meaningful name for the profile.

    Description

    Type a short description about the objective of the email server profile.

    Server Type

    Pre-populated with Exchange Online (Hybrid).

    Owner

    Pre-populated with the name of the owner of the email server profile.

    Use Default Tenant ID

    If you've used the PowerShell commands above to set the Exchange Online tenant ID (recommended), click Yes to use that ID. If you set this to No, you must specify the Exchange Online tenant ID manually (not recommended!).

    Exchange Online Tenant ID

    If you've used the PowerShell commands above to set the Exchange Online tenant ID (recommended), the ID is pre-populated in this field.

    Auto Discover Server Location

    Pre-populated with the Exchange Online URL. Click Yes (recommended), if you want to use the auto discover service to determine the server location. If you set this to No, you must specify the email server location manually.

    Incoming Server Location and Outgoing Server Location

    If you select No in Auto Discover Server Location, enter a URL for Incoming Server Location and Outgoing Server Location.

    Advanced

    Additional Settings

    Process Email From

    Select a date and time. Email received after the date and time will be processed by server-side synchronization for all mailboxes associated with this profile. If you set a value less than the current date, the change will be applied to all newly associated mailboxes and their earlier processed emails will be pulled.

    Minimum Polling Intervals in Minutes

    Type the minimum polling interval, in minutes, for mailboxes that are associated with this email server profile. The polling interval determines how often server-side synchronization polls your mailboxes for new email messages.

    Move Failed Emails to Undeliverable Folder

    To move the undelivered email to the Undeliverable folder, click Yes. If there’s an error in tracking email messages in Dynamics 365 as email activities, and if this option is set to Yes, the email message will be moved to the Undeliverable folder.

  4. Click Save.

  5. Click Test Connection and review the results. To diagnose issues, see the following section.

If you’ve run Test Connection and have issues with the Exchange Online (Hybrid) profile connection, use the information in the Test Connection dialog box to diagnose and fix the connection.

You can find information on recurring issues and other troubleshooting information in Blog: Test and Enable Mailboxes in Microsoft Dynamics CRM 2015 and Troubleshooting and monitoring server-side synchronization.

Set server-side synchronization to be the default configuration method.

  1. Go to Settings > Email Configuration > Email Configuration Settings.

  2. Set the processing and synchronization fields as follows:

    • Server Profile: The profile you created in the above section.

    • Incoming Email: Server-Side Synchronization or Email Router

    • Outgoing Email: Server-Side Synchronization or Email Router

    • Appointments, Contacts, and Tasks: Server-Side Synchronization or Email Router

      System_CAPS_noteNote

      If your users primarily use Dynamics 365 for Outlook on their desktop computers, Microsoft Dynamics 365 for Outlook might be a better choice.

    If you leave the Email processing form unapproved user and queues at the default values (selected), you will need to approve emails and queues for user mailboxes as directed below in Approve Email.

    System Settings for server-side synchronization
  3. Click OK.

To set mailboxes to use the default profile, you must first set the Server Profile and the delivery method for email, appointments, contacts, and tasks.

In addition to administrator permissions, you must have Read and Write privileges on the Mailbox entity to set the delivery method for the mailbox.

Select one of the following methods:

  1. Go to Settings > Email Configuration > Mailboxes.

  2. Click Active Mailboxes.

  3. Select all the mailboxes that you want to associate with the Exchange Server profile you created, click Apply Default Email Settings, verify the settings, and then click OK.

    Apply default email settings

    By default, the mailbox configuration is tested and the mailboxes are enabled when you click OK.

  1. Go to Settings > Email Configuration > Mailboxes.

  2. Click Active Mailboxes.

  3. Select the mailboxes that you want to configure, and then click Edit.

  4. In the Change Multiple Records form, under Synchronization Method, set Server Profile to the Exchange Server profile you created earlier.

  5. Set Incoming and OutgoingEmail to Server-Side Synchronization or Email Router.

  6. Set Appointments, Contacts, and Tasks to Server-Side Synchronization.

    System_CAPS_noteNote

    If your users primarily use Dynamics 365 for Outlook on their desktop computers, Microsoft Dynamics 365 for Outlook might be a better choice.

  7. Click Change.

You need to approve each user mailbox or queue before that mailbox can process email.

  1. Go to Settings > Email Configuration > Mailboxes.

  2. Click Active Mailboxes.

  3. Select the mailboxes that you want to approve, and then click More Commands () > Approve Email.

  4. Click OK.

  1. Go to Settings > Email Configuration > Mailboxes.

  2. Click Active Mailboxes.

  3. Select the mailboxes you want to test, and then click Test & Enable Mailboxes.

    This tests the incoming and outgoing email configuration of the selected mailboxes and enables them for email processing. If an error occurs in a mailbox, an alert is shown on the Alerts wall of the mailbox and the profile owner. Depending on the nature of the error, Microsoft Dynamics 365 tries to process the email again after some time or disables the mailbox for email processing.

    The result of the email configuration test is displayed in the Incoming Email Status, Outgoing Email Status, and Appointments, Contacts, and Tasks Status fields of a mailbox record. An alert is also generated when the configuration is successfully completed for a mailbox. This alert is shown to the mailbox owner.

System_CAPS_tipTip

If you’re unable to synchronize contacts, appointments, and tasks for a mailbox, you may want to select the Sync items with Exchange from this Dynamics 365 org only, even if Exchange was set to sync with a different org check box. Read more about this check box.

  1. Go to Settings > Email Configuration > Email Server Profiles.

  2. Select the profile you created, and then click Test & Enable Mailboxes.

    When you test the email configuration, an asynchronous job runs in the background. It may take a few minutes for the test to be completed. Microsoft Dynamics 365 tests the email configuration of all the mailboxes associated with the Exchange Server profile. For the mailboxes configured with server-side synchronization for synchronizing appointments, tasks, and contacts, it also checks to make sure they’re configured properly.

System_CAPS_tipTip

If you’re unable to synchronize contacts, appointments, and tasks for a mailbox, you may want to select the Sync items with Exchange from this Dynamics 365 org only, even if Exchange was set to sync with a different org check box. Read more about this check box.

© 2016 Microsoft. All rights reserved. Copyright

Community Additions

ADD
Show: