Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2011-12-13
This topic gives you an overview of the Hybrid Configuration wizards, the hybrid deployment configuration process, and the Hybrid Configuration Engine.
For more information about hybrid deployments, check out Understanding Hybrid Deployment. Looking for management tasks related to hybrid deployments? See Hybrid Deployments with the Hybrid Configuration Wizard.
Hybrid Configuration Process
Creating and configuring your hybrid deployment with the Hybrid Configuration Wizards is a two-step process. To begin, you use the New Hybrid Configuration wizard to create the foundation for the hybrid deployment. Then, you use the Manage Hybrid Configuration wizard to configure your Exchange organization for the hybrid deployment.
In the first step of the hybrid configuration process, the New Hybrid Configuration wizard creates the HybridConfiguration object in your on-premises Active Directory. This Active Directory object stores the hybrid configuration information for the hybrid deployment and is updated using the Manage Hybrid Configuration wizard.
In the second step of the hybrid configuration process, the Manage Hybrid Configuration wizard gathers existing Exchange and Active Directory topology configuration data, defines several organization parameters, and then runs an extensive sequence of configuration tasks. The general phases of the process run in the following order:
- Test account credentials Designated
on-premises and cloud organization hybrid management accounts
access the on-premises and cloud organizations to gather
prerequisite verification information and to make organization
parameter configuration changes to enable hybrid deployment
functionality. The Manage Hybrid Configuration wizard checks that
the accounts have the appropriate credentials and can connect to
the on-premises and Exchange Online organizations. The hybrid
deployment management accounts for the on-premises and cloud
organizations must be members of the Organization Management role
group for the Hybrid Configuration wizard to complete these tasks
- Verify prerequisites and perform topology
checks The Manage Hybrid Configuration wizard
verifies that your on-premises and cloud organizations can support
a hybrid deployment. Some of the items that the wizard verifies and
checks are Exchange server versions, the presence of Active
Directory synchronization in the on-premises organization, and the
presence of registered domains on the Office 365 service.
- Run the hybrid configuration
changes After testing the hybrid management
accounts, conducting the verification and topology checks, and
gathering configuration information defined by the Exchange
administrator in the wizard process, the Manage Hybrid
Configuration wizard makes the configuration changes to create and
enable the hybrid deployment. All changes to the hybrid
configuration are automatically logged in the hybrid configuration
log. By default, the hybrid configuration log is located at
The table below outlines the main areas that the Hybrid Configuration wizards modify and configure.
Configuration area Description
The wizard adds an accepted domain to the on-premises organization for hybrid mail flow and Autodiscover requests for the cloud organization. This domain, referred to as the “coexistence domain”, is added as a secondary proxy domain to any e-mail address policies which have PrimarySmtpAddress templates for domains selected in the Hybrid Configuration wizard. By default, this domain is <domain>.mail.onmicrosoft.com.
You can view the accepted domain by running the following command in the Shell on the cloud organization.
Get-AcceptedDomain | FL DomainName, IsCoexistenceDomain
The wizard checks to see if there is an existing federation trust with the Microsoft Federation Gateway for the on-premises organization. If present, the existing federation trust is used to support the hybrid deployment. If not present, the wizard creates a federation trust for the on-premises organization with the Microsoft Federation Gateway. The wizard also adds any domains selected within the hybrid configuration wizard to the federation trust.
In addition to the federation trust configuration, the wizard also creates and configures organizational relationships for both the on-premises and cloud organizations. These organization relationships allow the wizard to enable several hybrid deployment features, including free/busy sharing, Outlook Web App redirection, message tracking, and MailTips.
The wizard enables the Mailbox Replication Service (MRS) proxy on the on-premises Client Access servers included in the hybrid deployment to enable mailbox moves from the on-premises organization to the cloud organization.
The wizard configures on-premises Hub Transport servers and Forefront Online Protection for Exchange (FOPE) on your Office 365 organization for hybrid mail routing. By configuring new and existing Send and Receive connectors in the on-premises organization and Inbound and Outbound connectors in FOPE, the wizard allows you to choose whether outbound messages delivered to the Internet from the Office 365 organization will be sent directly to external mail recipients or routed through your on-premises Hub Transport servers included in the hybrid deployment.
Learn more at:
- For Exchange 2003 hybrid deployments: Understanding Transport
- For Exchange 2007 hybrid deployments: Understanding Transport
Options for an Exchange 2007 Hybrid Deployment
- For Exchange 2010 hybrid deployments: Understanding Transport
Options for an Exchange 2010 Hybrid Deployment
Important: Inbound mail flow is controlled by your organization’s MX record. Inbound Internet e-mail for a hybrid deployment isn’t configured by the Hybrid Configuration wizard.
- For Exchange 2003 hybrid deployments: Understanding Transport Options
Hybrid Configuration Features
The Manage Hybrid Configuration wizard automatically enables all hybrid deployment features by default. If you want to enable or disable specific hybrid configuration features, you can run the Manage Hybrid Configuration wizard again, or use the Exchange Management Console and the Exchange Management Shell to update hybrid deployment parameters. The following hybrid deployment features are enabled by default by the wizard:
- Free/busy sharing The free/busy sharing
feature enables calendar information to be shared between
on-premises and cloud-based organization users. Free/busy sharing
is enabled as part of the federated delegation and organization
relationship configuration for the on-premises and cloud-based
Exchange organizations. Learn more at Understanding Federated
- Mailbox moves The mailbox move feature
enables on-premises mailboxes to be moved to the cloud organization
while preserving user’s Microsoft Office Outlook profiles and
offline .ost folders. Mailbox move also enables moving cloud
mailboxes to the on-premises organization.
- Message tracking The message tracking
feature records the SMTP transport activity of all messages
transferred to and from the hybrid Hub Transport servers between
the on-premises and cloud-based organizations. You can use message
tracking logs for message forensics, mail flow analysis, reporting,
and troubleshooting. Learn more at Understanding Message
- MailTips MailTips are informative
messages displayed to users while they're composing a message. By
enabling MailTips in the hybrid deployment, on-premises and
cloud-based senders can adjust messages they're composing to avoid
undesirable situations or non-delivery reports (NDRs) between the
organizations. Learn more at Understanding
- Online archiving Online archiving
enables the cloud-based organization to host user e-mail archives
for both on-premises and cloud-based users. Learn more at Configure Exchange
- Outlook Web App redirection Outlook Web
App redirection provides a single, common URL to access both
on-premises and cloud-based Exchange mailboxes. The hybrid server
automatically redirects Outlook Web App requests to the on-premises
mailbox server or provides a link to users for their mailbox in the
cloud-based organization. Learn more at:
- For Exchange 2003 hybrid deployments: Understanding Access to
Outook Web App with a Single URL
- For Exchange 2007 hybrid deployments: Understanding Access to
Outlook Web App with a Single URL for an Exchange 2007 Hybrid
- For Exchange 2010 hybrid deployments: Understanding Access to
Outlook Web App with a Single URL for an Exchange 2010 Hybrid
- For Exchange 2003 hybrid deployments: Understanding Access to Outook Web App with a Single URL
- Secure mail Secure mail enables
secure message delivery between the on-premises and cloud
organization via Transport Layer Security (TLS) protocol. The
on-premises and cloud organizations are mutually authenticated
through digital certificate subjects and e-mail headers and
rich-text message formatting are preserved across the
Hybrid Configuration Engine
The Hybrid Configuration Engine executes the core
actions necessary for configuring and updating a hybrid deployment.
Responsible for processing the
Update-HybridConfiguration cmdlet actions, the Hybrid
Configuration Engine compares the state of the
HybridConfiguration Active Directory object with current
on-premises Exchange and Exchange Online configuration settings and
then executes tasks to match the deployment configuration settings
to the parameters defined in the HybridConfiguration Active
Directory object. If the current on-premises Exchange and Exchange
Online deployment configuration states already match the settings
defined in the HybridConfiguration Active Directory object,
no changes are made by the Hybrid Configuration Engine to either
the on-premises or Exchange Online organizations.
When updating an existing hybrid deployment, the Hybrid Configuration Engine performs the following steps:
- Step 1 The
Update-HybridConfiguration cmdlet triggers the Hybrid
Configuration Engine to start.
- Step 2 The Hybrid Configuration Engine
reads the “desired state” stored on the
HybridConfigurationActive Directory object.
- Step 3 The Hybrid Configuration Engine
discovers topology data and current configuration from the
on-premises Exchange organization.
- Step 4 The Hybrid Configuration Engine
discovers topology data and current configuration from the Exchange
- Step 5 Based on the desired state,
topology data, and current configuration, across both the
on-premises Exchange and Exchange Online organizations, the Hybrid
Configuration Engine establishes the “difference” and then executes
configuration tasks to establish the “desired state.”
The following figure shows a summary of how the Hybrid Configuration Engine retrieves and modifies on-premises Exchange server and Exchange Online in Office 365 configuration settings during the hybrid deployment process.