Office 365 Hybrid Deployment With Exchange 2010 SP2 – Part 3

We have so far signed up for Office 365 trial and have installed ADFS 2.0 on the domain controller in the test lab. Read part one and two of the series here. In this part, we will install & configure Microsoft Online Services Module for Windows PowerShell for single sign-on and setup Directory Sync in Office 365 portal.

Download the Microsoft Online Services Module for PowerShell, 32bit or 64bit depending on the server you have. Run the setup file on the domain controller (I am running ADFS 2.0 as well on the DC).

Microsoft Online Services Module for PowerShell

It is a standard install – accept the license, select the location, click install and finish.

Next step is to connect to Office365 using PowerShell & add/enable a domain for single sign-on. Launch Microsoft Online Services Module. Store the Office 365 admin credentials in a variable by running $cred = Get-Credential.

Store Credential

Connect to Office 365 by running Connect-MsolService –Credential $cred

Connect to Office365

Run Set-MsolAdfsContext –Computer “internal adfs 2.0 server fqdn” to create a context that connects you to ADFS. You don’t have to run this command if ADFS 2.0 and Online Services Module for PowerShell is installed on the same server. This is the case in my test lab and hence I have skipped this step.

Run New-MsolFederatedDomain –DomainName “domain name” where domain name is the domain to be added & enabled for single sign-on (the public domain name). I am using in Office 365 and I have already added this domain. Hence, I will get the error below.

Convert domain to SSO domain

As the error explains, I need to run Convert-MsolDomainToFederated –DomainName, as my domain is already added in Office 365. This command enables my domain for SSO. If you add a new domain using the command above (New-MsolFederatedDomain), the output will have instructions to create public DNS records to verify that you are the domain owner.

Next step is to enable Directory Sync in Office 365. Login to Office 365 using the admin account, click on “Users” on the left hand side, click “Setup” next to Active Directory synchronization.

Setup Dir Sync in Office 365

Click “Activate” on step 3.

Activate DirSync in Portal

Confirm that you want AD sync to be activated.

Activate DirSync Confirmation

It will take upto 24 hours for AD sync to be setup.

DisSync may take upto 24 hours

It took 4 hours in my case. We can’t progress until Office 365 shows “Active Directory synchronization is activated” in step 3.

AD Sync activated

This concludes part 3. Stay tuned for part 4!

4 thoughts on “Office 365 Hybrid Deployment With Exchange 2010 SP2 – Part 3”

  1. Dear Sir,

    i am following this guide & i am stuck in following troubleshoot,

    Exchange Management Shell command completed:
    Set-HybridConfiguration -Features ‘MoveMailbox’,’OnlineArchive’,’FreeBusy’,’Mailtips’,’MessageTracking’,’OwaRedirection’,’SecureMail’,’CentralizedTransport’ -Domains ‘’ -ClientAccessServers ‘LABEX2′,’LABEX1’ -TransportServers ‘LABEX2′,’LABEX1’ -ExternalIPAddresses ‘’ -OnPremisesSmartHost ‘’ -SecureMailCertificateThumbprint ‘A6ACCF89D0EDD94578AD749AF8A0F467EA947625’

    Elapsed Time: 00:00:04


    Updating hybrid configuration failed with error ‘Subtask Configure execution failed: Creating Organization Relationships.

    Execution of the Set-FederatedOrganizationIdentifier cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

    An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information “An unexpected result was received from Windows Live. Detailed information: “1007 AccessDenied: Access Denied.”.”.
    at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, Dictionary`2 parameters, Boolean ignoreNotFoundErrors)

    Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration_12_25_2012_13_5_32_634920375323417288.log.

    Exchange Management Shell command attempted:
    Update-HybridConfiguration -OnPremisesCredentials ‘System.Management.Automation.PSCredential’ -TenantCredentials ‘System.Management.Automation.PSCredential’

    Elapsed Time: 00:01:01

    Sir please tell me how can fix this issue



Leave a Comment