The yellow man in the hat has been breathing down on me lately to continue my exploits. Today I’ll cover how we setup trusts and start to configure a hybrid Exchange environment. In my lab I have a CAS/HT server and a MBX server both are Exchange 2010 SP1 RU5. From our previous discussion I also have an ADFS server and Dirsync server setup and I’ve now tested SSO successfully. I used the deployment Assistant found here wizard and all my questions were “Yes”. In my case as with many of my academic customers I have chosen to use my on-premises system for ingress/egress. My MX will point at my on-premises deployment. With the hybrid deployment I want the following:
Shared Global Address Lists (GAL)
Shared Calendar and free/busy information
Message tracking, MailTips, and Multi-mailbox search
The first thing I did was to configure EMC so I could see Exchange on-line parameters in the GUI.
To do so you select “add Exchange Forest” from action pane. Specify the friendly name. I original chose my service tenant. Not the best name I settled with the generic “cloud”. I know not original but easily understood. Specify the FQDN or URL of the server running the remote powershell instance. Select Exchange Online and logon with default credentials for your cloud tenant. For remote powershell you need to user your credentials to login to the tenant. I created a powershell script to ease my pain. Here’s my script:
$cred = Get-Credential
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
$importresults = Import-PSSession $s
$importresults.ExportedFunctions.Count Get-Command -Module $importresults | Out-Host –Paging
Enable Mailbox moves
From on-premises hybrid server open the web.config file. Make sure you make a backup before modifying the file and store in a safe location. Browse to this location and change in text editor:
<Exchange Install Path\V14\ClientAccess\ExchWeb\EWS\web.config
In the file find the section that has the following information:
<!—Mailbox Replication Proxy Service Configuration –>
MaxMRSConnections = “100”
Change the value of Isenabled to “true”
Save and Close the file.
You’ll still need to enable the cmdlet later but this is required as well.
Configuring Virtual Directories
Follow configuration of virtual directories with the Exchange Deployment Assistant. Set the EWS directory, OAB Directory, and ActiveSync Directory. These were already defined for my on-premises installation so I made no changes here.
Configure Accepted Domains
Accepted domains are the SMTP namespaces for which Exchange sends and receives mail. You’ll need to configure both primary and secondary accepted domains for this hybrid deployment. In my case I have 3 accepted domains. The first is my primary domain which is authoritative “edustl.com” and set to default. The other two are my federated namespace (delegated namespace) or account namespace used in federation (I’ll show you shortly) and service domain which is my secondary domain. The documentation suggest using service.xyz.com for troubleshooting but you can use any namespace that makes sense for you. Both of these domains are Internal Relay.
For the cloud tenant you also need to add the federated domain. Since I configured this domain for my SSO with ADFS it’s already configured for me as a MSOLFederatedDomain. If you need to add it follow the deployment assistant and connect to MSOL-Service. Using the MSOL Module for Powershell.
Connect-MSOLService –Credential $Cred
Set-MSOLADFSContext –Computer ADFS (or whatever you named ADFS Server or Farm)
New-MSOLFederatedDomain –domain serviced.edustl.com
or Convert from Standard to Federated domain if already defined.
Standard is the Microsoft Online ID vs. the Federated or ADFS ID.
Curious Greg apparently got lost in the store and is causing some havoc so we continue our lab later. Enjoy.