Office 365 Hybrid Deployment With Exchange 2010 SP2 – Part 5

We have configured ADFS 2.0, Microsoft Online Services Module for PowerShell, enabled a public domain for SSO, activated AD synchronization in Office 365, installed & configured Dir Sync tool in our on-premise environment & sync’d AD with Office 365. Read part one, two, three and four, if you have missed it. In this part, we…

We have configured ADFS 2.0, Microsoft Online Services Module for PowerShell, enabled a public domain for SSO, activated AD synchronization in Office 365, installed & configured Dir Sync tool in our on-premise environment & sync’d AD with Office 365. Read part one, two, three and four, if you have missed it. In this part, we will add the Office 365 forest in our on-premise Exchange 2010 EMC and configure hybrid deployment to have a seamless functionality irrespective of whether your mailbox is on-premise or in the cloud.

As we have a sync’d AD in the cloud, let’s add the Office 365 tenant to the Exchange 2010 EMC. Launch EMC and select “Microsoft Exchange”. Click on “Add Exchange Forest” on the right hand pane. Type in a friendly name, (say Office 365) and select “Exchange Online” as the fqdn for remote PowerShell instance & click ok.

Add office 365 in EMC

Enter the Office 365 admin credentials.

Credential for connecting o365 to emc

Wait for a minute or two and the console will display the Office 365 options in the EMC.

O365 added in EMC

This is all fine, but we really need to setup the “hybrid deployment” feature in Exchange 2010 SP2 next. A hybrid deployment provides the seamless look and feel of a single Exchange organization between on-premises and cloud based organization. Having hybrid deployment configured properly gives the following benefits for on-premise and cloud based mailbox users.

  • Free/busy sharing
  • Mailbox Moves
  • Message Tracking
  • MailTips
  • Online Archiving
  • OWA Re-direction
  • Secure email using TLS.

Let’s create a hybrid deployment in 2010 SP2. Launch EMC, select Organization Configuration and select “Hybrid Deployment” tab. Click on “New Hybrid Configuration” from the right hand pane. Click “New”.

Hybrid Configuration Wizard_1

Click “finish” and that’s it.

Hybrid Configuration Wizard_2

The above process only creates a new hybrid deployment. The next step si to configure it. Select the “Hybrid Configuration object and click “Manage Hybrid Configuration”. A new wizard starts and this is where we configure the settings for seamless functionality between on-premise and Office 365.

Make sure the pre-reqs are met and click Next. You should have a public certificate for your Exchange services configured, which any org will have.

Manage Hybrid Configuration_1

Enter the admin credentials for Office 365 and on-premise Exchange. Check the “remember my credentials” checkbox.

Manage Hybrid Configuration_2

Add the domain to configure for hybrid setup. This domain has to be an accepted domain in the on-premise Exchange.

Manage Hybrid Configuration_3

Proof of ownership for the domain has to confirmed. You will be asked to add a TXT record in your public DNS. Once that is down, check the box & select “Next”. If the replication takes a while, you can run the wizard again.

Manage Hybrid Configuration_4

Select the on-premise CAS and Hub servers.

Manage Hybrid Configuration_5

Select the public IP through which emails will be received from the cloud. Specify the on-premise hub server fqdn as well and click next.

Manage Hybrid Configuration_6

Select the certificate to be used for secure email using TLS (this has to be a public certificate on the Exchange server). The choice for email flow path can be selected as well.

Manage Hybrid Configuration_7

Have a look at the summary and click “Manage” if you are happy with the settings.

Manage Hybrid Configuration_8

Click “finish”.

Manage Hybrid Configuration_9

You will now have seamless functionality irrespective of the location of the user mailbox.

This concludes part 5. Stay tuned for part 6!


  1. Muthupandi Mk says:

    Thanks for sharing the info. I believe Organization Configuration Container is completely removed when adding Exchange Online in ON-Premise EMC.

    I been heard MS has recently announced that O365 organization changes and modification is only possible through EAC .

    Am i right?

  2. Steve Jacobs says:

    Looking for Part 6.

    Specifically though, I’m looking for information concerning how to move *from* a Hybrid Deployment (Exch 2007, Exch 2010, connected to Office 365-Exch2013) *to* Exchange Online-only. In other words, after moving all mailboxes to the cloud, how to get rid of all on-prem Exchange servers.

    Maintaining DirSync is acceptable.

    I’m looking for an officially accepted, supported procedure to do this, ideally something that is documented by MSOL.


  3. Shankar D says:

    Hi Rajith,

    When the part 6 will be released? Waiting for that eagerly

    1. Rajith Enchiparambil says:

      Pretty soon Shankar. What exactly do you want to be covered?

  4. Hi Rajith
    this is without doubt the best article i have found on this subject – technet documentation is too complex to understand for someone new to exchange but this is well explained –
    what is the ‘forefront online protection for exchange’ bit? Is this referring to the cloud org or on premise org? I thought Forefront is a seperate paid for product that basically is anti virus for Exchange? Sorry for my ignorance. Cheers

    1. Rajith Enchiparambil says:

      HI Nicholas,

      Forefront Online Protection for Exchange is the cloud based, paid antispam/antivirus solution from Microsoft. It is called FOPE.
      Forefront Protection 2010 for Exchange is the antispam/antivirus software which gets installed on the on-premise Exchange services. Again, it is from Microsoft.

  5. In the product documentation you find this information, but this is a very good proces illustrated with pictures, thank you very much.
    Recommend to the six part how to:
    Create mailboxes between organizations
    Moving mailboxes between organizations
    Validate the mail flow, and features of exchange.

    1. Rajith Enchiparambil says:

      Thanks Samuel.

  6. One question

    My Domain name and smtp names are different one is something say (which not owned) and my smtp is (which i owned) so i can i solve my issue?

    Please help me out in this.

    Thanks in advance.

  7. Hi Rajith

    Your are the star ***

    can’t wait for part 6……


    1. Rajith Enchiparambil says:

      Thanks Shailesh.

  8. MrKingson says:

    Hi Techies,

    I am awaiting for Part 6..We may have to discuss about the issues which may come up when we create hybrid..

    I would like to be a part of that discussion,


    1. Rajith Enchiparambil says:

      Hi King,

      I will put together Part 6. It’s a case of finding time ;)

  9. Any idea when Part 6 will be posted? How many more parts to go?

  10. Thanks so much for this post. i am having trouble with the Hybrid Server ont he last step of configuration because of a cert error ”
    The Client Access Server Mail1 does not have a Certificate that contains the On-premises Web Services External Url domain ( in the certificate Subject or Alternate Names”. I am using my public cert for webmail.. it should be complete. can someone help? thanks

  11. jay peterson says:

    Thank you much! can’t wait to see part 6!


    1. Rajith Enchiparambil says:

      Hi Jay,

      I wasn’t well for a few days and hence the lack of post. Will do part 6 soon ;)

  12. Learner4Life says:

    Timely & appreciated! Maybe Part6 will have discuss mail flow/message tracking a little more and Hub Transport/Journal rules administration some? Exchange Active Sync mobility? UAG? Mailbox provising & move-to-cloud scripting? :) So many more pieces – but you are great – thank you for your blog!!

    1. Rajith Enchiparambil says:

      Hi Learner,

      I wasn’t well for a few days and hence no posts. I haven’t decided what Part 6 should have, but I like your pointers ;)

  13. MSEBlogger says:


    ‘Update-HybridConfiguration’ above may fail if the following conditions are true:

    1/ If using a certificate that includes the e= field in the Subject Name, then the ‘Hybrid Configuration Wizard’ will fail. Interim Update KB2664448 will fix this issue, or you can wait for Update Rollup 1 for E2010 SP2 which will also resolve this.

    2/ In addition, a ‘Free’ certificate from FreeSSL or StartSSL may fail with ‘Invalid Date’ when selecting it via the ‘Hybrid Confguration Wizard’, even though when importing, Exchange reports the certificate ‘Valid for Exchange Server usage’. I am yet to discover why this occurs, but in essence, a pucker UCC SSL cert will not experience this issue currently. So if testing, there may be some odd experiences.

    Hope this helps to keep some ‘testers’ sane.



    1. Rajith Enchiparambil says:

      Thanks for the info MSE.

    2. Rajith Jose Enchiparambil says:

      Thanks MSEBlogger.

Leave a Reply

Your email address will not be published. Required fields are marked *