✕ סגור 
צור קשר
תודה על ההתעניינות .

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

Exchange & Office365 Hybrid Deployment - Part 2

עידן נפתלי
|
קלה
|
February 27, 2019

בהמשך לפוסט הקודם, החלטתי להרחיב יותר בנושא התצורה ההיברידית בעבודה מול Office365  .

מה שנדרש מצד הארגון הוא לפתוח חשבון ענן במיקרוסופט, לדוגמה: admin@in.onmicrosoft.com למעשה, זהו המשתמש הראשון שנוצר במערכת לטובת שירותי O365\Azure AD.

כברירת מחדל, ההרשאה שיש לאותו משתמש היא מנהל מערכת כללי, אחת ההרשאות הכי גבוהות שבה ניתן לבצע כל שינוי מסוים, מה שרובכם מכירים כ-Global Administrator .

ישנם תפקידים נוספים שניתן להגדיר למשתמשי ניהול שנוצרים או כאלה שמסונכרנים עם ה-Azure AD Connect  כמו:

• Billing Administrator  - בהקשר של ניהול Subscriptions וחשבוניות

• Exchange Administrator  - לניהול ממשק Exchange Admin Center

• Helpdesk Administrator- מיועד בעיקר למוקד תמיכה וטכנאים.

• SharePoint Administrator – ניהול ממשקSharePoint Online.

מידע נוסף על כלל התפקידים כולל ניהול Skype For Business\Teams ,Dynamics CRM Online תוכלו למצוא כאן  

כדי להגדיר את התצורה ההיברידית מול שרתי הדואר המקומיים שלנו, לאחר שהתקנו את התעודה החיצונית והתאמנו כתובת URL’s לפי שם הDNS -.

מתוך סביבת שרתי Exchange 2013\2016\2019 ניתן להגדיר את התצורה עפ"י המדריך מטה:

Clicking on the “configure” button redirects you to the Office 365 login page. To continue, you have to enter your tenant’s global administrator credentials. By default, administrator’s login has the following format: administrator@tenant.onmicrosoft.com. In a few seconds, a page with a download link should appear:

Clicking on the link will start the download of the Office 365 Hybrid Configuration Wizard Installer. The HCW installation should start automatically. If the installation does not start on its own, just run the recently downloaded installer and follow the steps on the screen.

Wizard should start automatically. If not, run it using the shortcut.

At this stage, the installation process should be completed, and a shortcut to the HCW should have appeared on the desktop. TheOn the next screen, the wizard either searches automatically for the right Exchange server or waits for the user to specify it. In Exchange 2010 or Exchange 2013 it must point to the server with the Client Access Server Role. Another option is to set the location from which the Office 365 is hosted for the company. In most cases, it is Office 365 Worldwide.

At this point, you need to enter credentials of your on-premises admin and its cloud counterpart.

After entering the credentials, the Wizard attempts to log into each server using PowerShell. It is done in order to verify that the credentials, necessary for the Hybrid deployment to be completed, are valid.Note that in this step, there is an option to “use current Windows credentials”. If the on-premises admin validation does not work, you should unmark the checkbox and enter the right user’s credentials manually.

The next step is setting up Federation Trust. Federation Trust is a requiredfeature for the full Hybrid deployment. It enables sharing calendar free/busyinformation within a Hybrid environment, between all users.

Here, the Office 365 Hybrid Configuration Wizard lists your domains alongwith information if the Autodiscover service is available. From the domains’list, you have to choose your public domain or domains, remembering thatAutodiscover has to be configured correctly for them. At this stage, you willalso need to prove you are the domain’s owner. For each domain there, a tokenis generated.

In your DNS, you have to create a TXT record for each of your domains, witha value corresponding to the token generated in the HCW. After having createdthe TXT records, you should wait for a while so that the records propagatethroughout the network. When the TTL (time to live) has passed, click on “Ihave created a TXT record for each token in DNS” and “verify domain ownership”.The Exchange Hybrid Configuration Wizard will check whether the tokens arevisible on your domain’s DNS. After the verification is complete, go to thenext screen.Now the HCW asks you how the connection between Exchange online and Exchangeon-premises should be established. The first choice depends on whether you haveMicrosoft Edge Server or not. The next option – “Enable centralized mailtransport” enables your on-premises Exchange server to function as a smarthost. Thanks to that, all outbound emails sent from Office 365 have to gothrough the on-premises server. It gives the possibility of central managementof mail flow rules and signatures throughout the company. All from one placeand applied to every mail, regardless of the source of the email.

In the next window, you choose the server which is to receive emails sentfrom Office 365. The server should have appropriate SMTP certificate on port25. This port also cannot be blocked by any firewall software or by the router.You can easily check which certificate does your server have with the helpof .thissite

smtp.domain.commail.domain.com”.The next step is determining on which server a Send Connector will be.Remember that the public IP address of your Exchange server should point to itsinternal IP address. Apart from that, the server should have its SPF (SenderPolicy Framework) record configured. The PTR record should resolve the IPaddress to the hostname present in the certificate for SMTP service. The nameis usually in format “”, or “

The Office 365 Hybrid Configuration Wizard will also ask you to identify theTransport Certificate between on-premises Exchange and Office 365. Thecertificate is used to ensure secure communication between those servers.

.The last step is entering the fully qualified domain name (FQDN) for theon-premises organization. FQDN is resolved to the public IP address and enablesmails to be routed to the on-premises Exchange. On this address, the Exchangeserver is listening on port 25 and 443 (EWS, OWA). FQDN’s format usually islike in this example: mail.domain.com

After I pressing the “next” button, the HCW starts connecting the Office 365 with the local Exchange into a single hybrid organization.

If everything goes well and the Wizard does not encounter any difficulties,the following window will show:

דגש מאוד חשוב  

בזמן הגדרת התצורה יש להגדיר רשומות DNS ברגע שרוצים להגדירFree\Busy  בין דומיינים, ההוספה של רשומות TXT אלו מתבצעות בצד הספק ותלוי איזה דומיינים תרצו להוסיף על מנת להפעיל שירות זה ,תהליך זה מתבצע עד 24 שעות מרגע העדכון בצד הספק, בלי זה אין אפשרות להמשיך בשאר הגדרות התצורה ההיברידית.

מאת : עידן נפתלי | יועץ וארכיטקט תשתיות מחשוב, פתרונות ענן ואבטחת מידע | U-BTech Solutions.

בהמשך לפוסט הקודם, החלטתי להרחיב יותר בנושא התצורה ההיברידית בעבודה מול Office365  .

מה שנדרש מצד הארגון הוא לפתוח חשבון ענן במיקרוסופט, לדוגמה: admin@in.onmicrosoft.com למעשה, זהו המשתמש הראשון שנוצר במערכת לטובת שירותי O365\Azure AD.

כברירת מחדל, ההרשאה שיש לאותו משתמש היא מנהל מערכת כללי, אחת ההרשאות הכי גבוהות שבה ניתן לבצע כל שינוי מסוים, מה שרובכם מכירים כ-Global Administrator .

ישנם תפקידים נוספים שניתן להגדיר למשתמשי ניהול שנוצרים או כאלה שמסונכרנים עם ה-Azure AD Connect  כמו:

• Billing Administrator  - בהקשר של ניהול Subscriptions וחשבוניות

• Exchange Administrator  - לניהול ממשק Exchange Admin Center

• Helpdesk Administrator- מיועד בעיקר למוקד תמיכה וטכנאים.

• SharePoint Administrator – ניהול ממשקSharePoint Online.

מידע נוסף על כלל התפקידים כולל ניהול Skype For Business\Teams ,Dynamics CRM Online תוכלו למצוא כאן  

כדי להגדיר את התצורה ההיברידית מול שרתי הדואר המקומיים שלנו, לאחר שהתקנו את התעודה החיצונית והתאמנו כתובת URL’s לפי שם הDNS -.

מתוך סביבת שרתי Exchange 2013\2016\2019 ניתן להגדיר את התצורה עפ"י המדריך מטה:

Clicking on the “configure” button redirects you to the Office 365 login page. To continue, you have to enter your tenant’s global administrator credentials. By default, administrator’s login has the following format: administrator@tenant.onmicrosoft.com. In a few seconds, a page with a download link should appear:

Clicking on the link will start the download of the Office 365 Hybrid Configuration Wizard Installer. The HCW installation should start automatically. If the installation does not start on its own, just run the recently downloaded installer and follow the steps on the screen.

Wizard should start automatically. If not, run it using the shortcut.

At this stage, the installation process should be completed, and a shortcut to the HCW should have appeared on the desktop. TheOn the next screen, the wizard either searches automatically for the right Exchange server or waits for the user to specify it. In Exchange 2010 or Exchange 2013 it must point to the server with the Client Access Server Role. Another option is to set the location from which the Office 365 is hosted for the company. In most cases, it is Office 365 Worldwide.

At this point, you need to enter credentials of your on-premises admin and its cloud counterpart.

After entering the credentials, the Wizard attempts to log into each server using PowerShell. It is done in order to verify that the credentials, necessary for the Hybrid deployment to be completed, are valid.Note that in this step, there is an option to “use current Windows credentials”. If the on-premises admin validation does not work, you should unmark the checkbox and enter the right user’s credentials manually.

The next step is setting up Federation Trust. Federation Trust is a requiredfeature for the full Hybrid deployment. It enables sharing calendar free/busyinformation within a Hybrid environment, between all users.

Here, the Office 365 Hybrid Configuration Wizard lists your domains alongwith information if the Autodiscover service is available. From the domains’list, you have to choose your public domain or domains, remembering thatAutodiscover has to be configured correctly for them. At this stage, you willalso need to prove you are the domain’s owner. For each domain there, a tokenis generated.

In your DNS, you have to create a TXT record for each of your domains, witha value corresponding to the token generated in the HCW. After having createdthe TXT records, you should wait for a while so that the records propagatethroughout the network. When the TTL (time to live) has passed, click on “Ihave created a TXT record for each token in DNS” and “verify domain ownership”.The Exchange Hybrid Configuration Wizard will check whether the tokens arevisible on your domain’s DNS. After the verification is complete, go to thenext screen.Now the HCW asks you how the connection between Exchange online and Exchangeon-premises should be established. The first choice depends on whether you haveMicrosoft Edge Server or not. The next option – “Enable centralized mailtransport” enables your on-premises Exchange server to function as a smarthost. Thanks to that, all outbound emails sent from Office 365 have to gothrough the on-premises server. It gives the possibility of central managementof mail flow rules and signatures throughout the company. All from one placeand applied to every mail, regardless of the source of the email.

In the next window, you choose the server which is to receive emails sentfrom Office 365. The server should have appropriate SMTP certificate on port25. This port also cannot be blocked by any firewall software or by the router.You can easily check which certificate does your server have with the helpof .thissite

smtp.domain.commail.domain.com”.The next step is determining on which server a Send Connector will be.Remember that the public IP address of your Exchange server should point to itsinternal IP address. Apart from that, the server should have its SPF (SenderPolicy Framework) record configured. The PTR record should resolve the IPaddress to the hostname present in the certificate for SMTP service. The nameis usually in format “”, or “

The Office 365 Hybrid Configuration Wizard will also ask you to identify theTransport Certificate between on-premises Exchange and Office 365. Thecertificate is used to ensure secure communication between those servers.

.The last step is entering the fully qualified domain name (FQDN) for theon-premises organization. FQDN is resolved to the public IP address and enablesmails to be routed to the on-premises Exchange. On this address, the Exchangeserver is listening on port 25 and 443 (EWS, OWA). FQDN’s format usually islike in this example: mail.domain.com

After I pressing the “next” button, the HCW starts connecting the Office 365 with the local Exchange into a single hybrid organization.

If everything goes well and the Wizard does not encounter any difficulties,the following window will show:

דגש מאוד חשוב  

בזמן הגדרת התצורה יש להגדיר רשומות DNS ברגע שרוצים להגדירFree\Busy  בין דומיינים, ההוספה של רשומות TXT אלו מתבצעות בצד הספק ותלוי איזה דומיינים תרצו להוסיף על מנת להפעיל שירות זה ,תהליך זה מתבצע עד 24 שעות מרגע העדכון בצד הספק, בלי זה אין אפשרות להמשיך בשאר הגדרות התצורה ההיברידית.

מאת : עידן נפתלי | יועץ וארכיטקט תשתיות מחשוב, פתרונות ענן ואבטחת מידע | U-BTech Solutions.

עידן נפתלי
http://www.israelclouds.com/blog/exchange-office365-part2

הירשם לרשימת הדיוור של IsraelClouds

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

מילון מונחיםהשירותים שלנו תנאי שימושהרשמה לניוזלטרמדיניות פרטיות