Posts tagged ‘azure’
How to offboard Exchange Online Mailboxes to Exchange On-Prem using Exchange Hybrid Environment
Recently , we had a project to offboard Exchange Online Mailboxes to On-Prem Exchange. In this environment customer already have Entra Connect Server. I would like to share the steps we followed during the project so it could be referred by anybody who is having a similar requirements.
However , I am not going to list out any commands here as it is freely available in many web sites.
- First we deployed Exchange On-Prem Server and completed all the configuration like DAG , Connector etc.
- Then we deployed the Exchange hybrid Configurations with Centralized Mail Transport.
- All the autodiscover,MX and other Exchange related DNS records were re-pointed to Exchange On-Prem Public IP’s.
- Created a TestMailbox in Exchange On-Prem and tested the email flow.
– Email sent to Exchange On-Prem Mailbox from Outside delivered successfully.
– Email sent to ExchangeOnline Mailbox from outside bounced back with an error user not found in the organization.
– Email tests sent from Exchange On-Prem to Exchange Online and vice versa failed. - After troubleshooting we found out the Exchange Online mailboxes were not visible on Exchange-On-Prem ECP. Further troubleshooting revealed that the AD user attribute for the AD synced users does not have Remote Routing Address.(e.g testdomain.mail.onmicrosoft.com)
- So we decided to do a bulk update of all the users to populate their Remote Routing Address.(You must do a Delta AD Sync after this process). Thereafter , we were able to see all the Exchange Online Mailboxes in the Exchange On-Prem ECP.
- Tested all the email scenarios and confirmed everything is working fine.
- The other obstacle we faced is that , when an email sent from Exchange Online Mailboxes to outside world the relaying was denied by the Exchange On-Prem server.Even though , we believed the default FrontEnd receive connector in Exchange On-Prem had all the requirement for this, we ended up creating a new Receive Connector and added all the Exchange Online IP’s to allow the email relay and resume the e-mail flow.
Hope it helps some one who is struggling to find a proper article for similar scenario. In case , if you want to reach out to me for detailed steps like commands used for bulk import/export/AD properties update , please feel free to reach out to me.
How to migrate the AAD Connect to a new Server
For those who running AAD Connect to Synchronize their On-Premise AD , may come across a requirement to upgrade the OS on the AAD connect server. In this situation , the safest approach would be to install a new server with latest OS version and then migrate the AAD connect with the below mentioned steps safely without facing lengthy outages.
- Prepare a new server with the Operating System.
- Install the AAD Connect (Preferably the same version as the existing or the latest version available).
- Now , Prior to proceed with the migration you need to ensure two things.
– Take a backup of existing configuration using the AAD Connect –> View or Export configuration
–>Click on Export Settings. This will create a json file in X:\Program Data\AADConnect. (Copy it to the new server)
– Secondly use the Azure AD Sync Configuration Documenter to collect the existing configuration in HTML format.(https://github.com/Microsoft/AADConnectConfigDocumenter/releases) . The Installation instruction can be found in https://github.com/Microsoft/AADConnectConfigDocumenter/wiki.
Thereafter , proceed with the installation of AADC on the new server , select the Customize option (instead of Express) –> Import Synchronization settings ,and import the configuration using the json filed copied in the above step and press Next.
In the last screen of the AADC Installation wizard , select the below options.
– Start the synchronization process when the configuration completes.
– Enable staging mode.
Now , you using the AADC configuration documenter capture the settings on the new AADC server. Then run the below command to compare both the configuration.(Refer the wiki for instructions) after copying both the files in the same location.
AzureADConnectSyncDocumenterCmd.exe “AADC-SERVER-OLD” “AADC-SERVER-NEW”
After reviewing the output and confirming the configuration are identical proceed with the final steps in the migration.
– Enable the staging mode on the Old AADC server.(by running the AADC – Tasks- Configure Staging mode).
– Disable the staging mode on the New AADC server.
– Perform a test and confirm the synchronization is working as expected.
– Uninstall the AADC from the old server and proceed with the decommission.
Hope you like it.. 