Run Hybrid Configuration Wizard

  • Article

 

Estimated time to complete: 30 minutes

The Hybrid Configuration wizard helps you establish your hybrid deployment by creating the HybridConfiguration object in your on-premises Active Directory and gathering existing Exchange and Active Directory topology configuration data. The Hybrid Configuration wizard also enables you to define and configure several organization parameters for your hybrid deployment, including secure mail transport options.

Learn more at: Hybrid Configuration wizard

How do I create and configure a new hybrid deployment?

You can use the Hybrid Configuration wizard in the EAC on an Exchange 2016 server in your on-premises organization to create and configure the hybrid deployment.

  1. In the EAC on an Exchange 2016 server in your on-premises organization, navigate to the Hybrid node.

  2. In the Hybrid node, click Configure to enter your Office 365 credentials.

    Important

    If your on-premises organization is located in China and your Office 365 tenant is hosted by 21Vianet, you must select the My Office 365 organization is hosted by 21Vianet check box. If your Office 365 tenant is hosted by 21Vianet and this checkbox isn’t selected, the Hybrid Configuration wizard won’t connect to 21Vianet service, your Office 365 account credentials won’t be recognized and the wizard won’t complete properly.

  3. At the prompt to log in to Office 365, select sign in to Office 365 and enter the account credentials. The account you log into needs to be a Global Administrator in Office 365.

  4. Click Configure again to start the Hybrid Configuration wizard.

  5. On the Microsoft Office 365 Hybrid Configuration Wizard Download page, click Click here to download wizard. When you're prompted, click Install on the Application Install dialog.

    Note

    If you're doing this on a server using Internet Explorer, you might need to enable cookies (Internet Options > Privacy > Low) and enables files to be downloaded (Internet Options > Security > Custom level > Downloads > File download.

  6. Click Next, and then, in the On-premises Exchange Server Organization section, select Detect a server running Exchange 2013 CAS or Exchange 2016. The wizard will attempt to detect an on-premises Exchange 2016 server. If the wizard doesn't detect an Exchange 2016 server, or if you want to use a different server, select Specify a server running Exchange 2013 CAS or Exchange 2016 and then specify the internal FQDN of an Exchange 2016 Mailbox server.

  7. In the Office 365 Exchange Online section, select Microsoft Office 365 and then click Next.

  8. On the Credentials page, in the Enter your on-premises account credentials section, select Use current Windows credentials to have the wizard use the account you're logged into to access your on-premises Active Directory and Exchange 2016 servers. If you want to specify a different set of credentials, unselect Use current Windows credentials and specify the username and password an Active Directory account you want to use. Whichever selection you choose, the account used needs to be a member of the Organization Management role group.

  9. In the Enter your Office 365 credentials section, specify the username and password of an Office 365 account that has Global Administrator permissions. Click Next.

  10. On the Validating Connections and Credentials page, the wizard will connect to both your on-premises organization and your Office 365 organization to validate credentials and examine the current configuration of both organizations. Click Next when it's done.

  11. On the Hybrid Features page, select Full Hybrid Configuration and then click Next.

  12. Select Organization Configuration Transfer if you want the wizard to copy select organization-wide policies to your Exchange Online organization. Retention policies and retention policy tags, OWA Mailbox policies, Mobile Device Mailbox policies, and ActiveSync Mailbox policies are copied.

  13. On the Hybrid Domains, select the domains you want to include in your hybrid deployment. In most deployments you can leave the Auto Discover column set to False for each domain. Only select True next to a domain if you need to force the wizard to use the Autodiscover information from a specific domain. Click Next.

    Important

    The Hybrid Domains page only appears if you have more than one on-premises accepted domain added to your Office 365 organization.

  14. On the Federation Trust page, click Enable and click then Next.

  15. On the Domain Ownership page, click Click copy to clipboard to copy the domain proof token information for the domains you’ve selected to include in the hybrid deployment. Open a text editor such as Notepad and paste the token information for these domains. Before continuing in the Hybrid Configuration wizard, you must use this info to create a TXT record for each domain in your public DNS. Refer to your DNS host's Help for information about how to add a TXT record to your DNS zone. Click Next after the TXT records have been created and the DNS records have replicated.

    Important

    The TXT proof of ownership wizard page only displays if there is a non-federated domain selected in the previous step.

  16. {#Text:E16NoEdgeTransport#}

    On the Hybrid Configuration page, select the Configure my Client Access and Mailbox servers for secure mail transport (typical) option to configure your on-premises Client Access and Mailbox servers for secure mail transport with the Office 365. Click Next.

    Important

    If you want Office 365 to send all outbound messages to external recipients to your on-premises transport servers, select the Enable centralized mail transport check box in the More options section. The on-premises transport servers will be responsible for delivering the messages to external recipients. This approach is helpful in compliance scenarios where all mail to and from the Internet must be processed by on-premises servers. If this check box is not selected, Office 365 will bypass the on-premises organization and deliver messages to external recipients directly using the recipient’s external DNS settings.

  17. {#Text:E16NoEdgeTransport2#}

    On the Receive Connector Configuration page, select the Receive connector that will be used to accept secure mail from Exchange Online, and then click Next.

  18. {#Text:E16NoEdgeTransport3#}

    On the Send Connector Configuration page, select the Send connector that will used to send secure mail to Exchange Online, and then click Next.

  19. {#Text:E16NoEdgeTransport4#}

    On the Transport Certificate page, select the certificate to use for secure mail transport. This list displays the digital certificates issued by a third-party certificate authority (CA) installed on the Exchange server selected in the previous step. Click Next.

  20. {#Text:E16UseEdgeTransport1#}

    On the Hybrid Configuration page, select the Configure my Edge Transport servers for secure mail transport option to configure your on-premises Edge Transport servers for secure mail transport with Office 365. Click Next.

    Important

    If you want Office 365 to send all outbound messages to external recipients to your on-premises transport servers, select the Enable centralized mail transport check box in the More options section. The on-premises transport servers will be responsible for delivering the messages to external recipients. This approach is helpful in compliance scenarios where all mail to and from the Internet must be processed by on-premises servers. If this check box is not selected, Office 365 will bypass the on-premises organization and deliver messages to external recipients directly using the recipient’s external DNS settings.

  21. {#Text:E16UseEdgeTransport2#}

    On the Edge Transport Servers page, select the Edge Transport server you want to configure for secure mail transport. click Next.

  22. {#Text:E16UseEdgeTransport3#}

    On the Transport Certificate page, in the Select a reference server field, select Exchange 2016 Mailbox server that has the certificate you configured earlier in the checklist.

  23. {#Text:E16UseEdgeTransport4#}

    In the Select a certificate field, select the certificate to use for secure mail transport. This list displays the digital certificates issued by a third-party certificate authority (CA) installed on the Mailbox server selected in the previous step. Click Next.

  24. On the Organization FQDN page, enter the externally accessible FQDN for your Internet-facing Exchange 2016 Mailbox server. Office 365 uses this FQDN to configure the service connectors for secure mail transport between your Exchange organizations. For example, enter “mail.contoso.com”. Click Next.

  25. The hybrid deployment configuration selections have been updated, and you’re ready to start the Exchange services changes and the hybrid deployment configuration. Click Update to start the configuration process. While the hybrid configuration process is running, the wizard displays the feature and service areas that are being configured for the hybrid deployment as they are updated.

  26. {#Text:E16NoEdgeTransport5#}

    When the wizard has completed all of the tasks it can perform automatically, it'll list any tasks that you need to address manually before your hybrid deployment configuration is complete.

  27. {#Text:E16UseEdgeTransport5#}

    When the wizard has completed all of the tasks it can perform automatically, it'll list any tasks that you need to address manually before your hybrid deployment configuration is complete. You'll probably need to configure the Receive connector on your Edge Transport server by doing the following.

    1. Open the Exchange Management Shell on your Exchange 2016 Edge Transport server.

    2. Run the following command to list the Receive connectors on your Edge Transport server. Make note of the Receive connector that's listening on TCP port 25.

      Get-ReceiveConnector

    3. Run the following command to configure the Receive connector. Replace the name of the Receive connector in the following command with the name of the connector you identified in the previous step.

      Set-ReceiveConnector "Edge\Default internal receive connector Edge" -TlsDomainCapabilities mail.protection.outlook.com:AcceptOorgProtocol -Fqdn "mail.contoso.com"

  28. The wizard displays a completion message and the Close button is displayed. Click Close to complete the hybrid deployment configuration process and to close the wizard.

How do I know this worked?

The successful completion of the Hybrid Configuration wizard will be your first indication that creating the Hybrid Deployment Active Directory object and completing the hybrid deployment configuration steps worked as expected. To further verify that the hybrid deployment is configured correctly, you can also run the following command in the Shell for the on-premises organization.

Get-HybridConfiguration

Learn more at: Get-HybridConfiguration

You can also confirm that Hybrid Configuration wizard completed all the configuration steps by examining the hybrid configuration log. By default, the hybrid configuration log is located at C:\Users\<user logged on when wizard was run>\AppData\Roaming\Microsoft\Exchange Hybrid Configuration.

Learn more at: Hybrid Configuration wizard

Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums