2

I have been battling with Office365 support on this case for a little while, as what they have been telling me is/isn't possible, contradicts the documentation they have directed me to.

Some info:

  • We have a 365 subscription with E3 licenses.
  • We use ADFS and Azure AD connect, to provide single sign on and sync user objects from AD to Office365
  • We wanted to extend our schema to include Exchange attributes to allow control of certain features currently not available to us
  • We wanted to install Exchange on premise to allow proper supported management of Exchange attributes

I found Microsoft will provide a free Hybrid edition license key for Exchange 2016, so I decided we would be able to install and deploy an Exchange server in Hybrid mode. We have the server installed, and are preparing to deploy the Hybrid configuration.

The support rep advised me that all mail flow must go through Exchange on prem, and cannot go via 365. Essentially I think this is nonsense, as the on prem license does not allow us to host mailboxes, so this server should not be involved in mail flow at all. All it should do is act as the bridge between Exchange online and Active Directory.

He also said wildcard certificates are not supported in a Hybrid configuration, but couldn't tell me why.

Am I wrong in thinking that this scenario should be really straight forward and should work? We simply want all mail to continue going to 365, and it should not even touch our Exchange. All Exchange does is provide attributes, management tools and the organisational trust between AD and Exchange Online.

James Edmonds
  • 1,653
  • 10
  • 36
  • 58
  • It don't think it matters what you think should work. You're dealing with a vendor and ultimately you're subject to their rules, support system and everything in between. If you have a problem with them, they're the only ones you can deal with. – GregL May 26 '16 at 16:46
  • 3
    AFAIK, your support rep is wrong regarding mailflow. – mfinni May 26 '16 at 17:57
  • I currently have an Exchange hybrid coexistence with WAAD Sync (the replacement for DirSync) and ADFS running and A) we have mail routed through Exchange Online and B) we use a wildcard cert for the ADFS farm but we do use a **UC cert for the Exchange server**. – Todd Wilcox May 26 '16 at 18:51
  • Thanks for all that guys! Yes I couldn't see any reason why mail had to go through on-prem, as the connectors between the two should be the same regardless(?). Todd, that's great to hear, as that sounds exactly like our scenario! Glad we aren't the only ones doing things this way :) – James Edmonds May 27 '16 at 10:20
  • @ToddWilcox Out of interest, did you install Exchange before or after using 365? We are installing after, and as such, a different rep tells me that even with Hybrid, the Exchange tools won't be able to manage the 365 mailboxes? – James Edmonds May 27 '16 at 16:52
  • The main reason for installing Exchange locally is to extend the AD schema for directory synchronization. Most AD attributes attached to users and mailboxes cannot be changed on the cloud copy (Azure AD) using any cloud tools. Some things can be changed in the local EAC and then synchronized, but some things can only be changed in the local AD using PowerShell, the attribute editor tab in ADUC, or ADSIEdit and then synchronized. Pretty much all "server" settings for Exchange Online can only be changed in the online EAC. I basically never use our on-premise EAC. – Todd Wilcox May 27 '16 at 17:08
  • I found a couple of articles that suggest we would have to use new-remotemailbox to link an on premise user object with an existing O365 mailbox, and we can then manage it that way. Shows up in EAC as an Office365 mailbox. Looks a little tedious for our 200 odd mailboxes, but I am sure it can be scripted :) – James Edmonds May 29 '16 at 22:23

1 Answers1

5

Regarding mailflow, to the best of my knowledge, your support rep was wrong. The recommended mailflow is described here:

https://technet.microsoft.com/en-us/library/jj937232(v=exchg.150).aspx#BKMK_HostedMailFlow

All mailboxes and mail flow managed by Office 365 (recommended)

Hosted mail flow scenarios

  1. I'm a new Office 365 customer, and all my users' mailboxes are in Office 365. I want to use all filtering solutions offered by Office 365.
  2. I'm a new Office 365 customer. I have an existing email service but plan to move all the existing users' mailboxes to the cloud at once. I want to use all filtering solutions offered by Office 365.

The on-prem server is, as you say, only existing to provide management tools and AD attribute setting.

mfinni
  • 35,711
  • 3
  • 50
  • 86
  • 1
    Confirmed, one of the main step during an Exchange on-premises to online migration is indeed to move the inbound mail flow to Exchange online, and have it deliver to Exchange on-premises only those messages whose recipients' mailboxes have not been migrated yet. – Massimo May 26 '16 at 18:07
  • When the migration is completed, you can keep an on-premises Exchange server to simplify management of Exchange-related attributes, even if it's hosting no mailboxes and it's handling no mailfow. This is exactly your scenario, only you are starting here from the beginning, instead of migrating from an actual on-premises Exchange infrastructure. – Massimo May 26 '16 at 18:08
  • 2
    **TL;DR: Support reps can be wrong; in this case, he most definitely is.** – Massimo May 26 '16 at 18:09
  • Thanks @mfinni and @Massimo! The articles and points you have made are exactly what I used/explained to the rep. Hopefully once he has perused those articles and spoken with his higher ups, he will be able to help get the hybrid in place :) – James Edmonds May 27 '16 at 10:23