Microsoft Exchange Hybrid in Just 30mins

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] [Music] this time it's the turn of microsoft exchange hybrid how does it work and what does it do and the most important question is can i do a demo in 30 minutes let's find out [Music] greetings everyone welcome back to the channel andy malone microsoft mvp as well as a microsoft certified trainer if this is your first time then you are very very welcome and it's great to see all of you here this week i've been super busy um i've been recording a new show uh well a new part of my channel uh and it's called interviews from the mothership and the first interview was recorded yesterday and i'm sure many of you are familiar uh with microsoft mechanics formerly known as garage well the guy that heads that up is jerry jeremy chapman who's a director in redmond and we had a fantastic conversation about deployment about where he thinks that microsoft 365 is going so check out that i'm going to post that in a couple of weeks time so watch out for that interviews from the mothership okay now today i thought we would take a look at exchange hybrid this is a topic that lots of people have been asking for so we're going to talk about exactly what it is how it works and more importantly what it can do for you now and what i've done is i've got a little presentation just to kind of run you through kind of the architecture how it thinks and and what it does and then i've got a nice demo uh at the end okay now if you've not subscribed to the channel then we love subscribers so hit that subscribe button ring the bell and you won't miss out on the good stuff in the future and uh as always please go ahead if you enjoy the chat uh enjoy the channel enjoy the session uh bump that like button it really does make a difference to the channel all right so without any further ado i think it's about time we got our hands dirty on exchange hybrid let's take a look let's in this session then what we're going to do is we're going to talk about an introduction to hybrid we'll talk about the hybrid architecture the configuration wizard itself uh talking briefly about a remote mailbox move although i'll cover that in a future session and i just want to kind of talk a little bit about uh troubleshooting as well so essentially a hybrid deployment is this it's essentially where you have an on-premises exchange environment so whether it be 2013 16 19 whatever and you've got an exchange online environment courtesy of microsoft 365. so essentially you'll remember that when we connect technologies like azure ad connect which is actually a prerequisite for this and you'll see that in the demo so you need to have your domain name so a verifiable domain name you also need to have azure ad connect deployed so you then need to make a connection between your on-premises and essentially exchange online and the difference between a migration is when you do a migration you basically have a server on premises and you have exchange in the cloud and essentially you're copying everything across to the cloud and then essentially disconnecting your old exchange server so you don't you're not using it anymore whereas with a hybrid deployment perhaps you've got so many users or you've got a very large infrastructure that you can't do that all right so you need to have that um continuous connectivity for a period of time to give you a chance to move your users across and some of the real major benefits by the way of hybrid include the fact that with a mailbox migration uh you have to or your users would need to log on to their brand new mailboxes put their credentials in little bit of configuration some users might not like that whereas with a hybrid server you can see here in the slide that essentially exchange on premises sees exchange online just as another server on the same network and that's really key here all right so essentially it's essentially a single organization so it's this virtual organization that we have now when you run the hybrid configuration wizard and you can run this from either on premises or as or within exchange online essentially it says okay this is where i currently am this is where i want to get to and this is what i need to do in order to get there all right and essentially it involves the use of an additional server perhaps not necessarily but at the moment you have a server on premises that takes a role called the cars server all right client access server and it's this server that allows your users to connect to things like outlook web access you know that and so your users can check in their outlook web access so what the cars web server does the additional server and by the way you don't need a license for it it's the license comes free you deploy this this additional server on your network and it essentially acts as a router on your network all right so when mail comes in it can quickly determine where that mail is is that mail online in exchange online or is it on premises and that essentially is what hybrid is really all about here all right so um with that in mind and this just gives you the kind of the five kind of detailed steps and there's loads of documentation uh on this so essentially coexistence what do we mean by coexistence well when you deploy azure ad connect it's just this provides just simple coexistence so um in the terms of exchange if you've got let's say students on premises or let's say you've got the students in the cloud in let's say microsoft 365 and you've got teachers on premises with their mailboxes in exchange then one of the benefits of azure ad connect is it gives you this unified global address list so both parties can see everybody and that's great um but look at the differences with hybrid now you've got again you've got a couple of options with hybrid you've got simple hybrid and you can go with the full hybrid so if you want to do things like calendar sharing and if you want to do things like um let's say you want to do a digital investigation against one of your users you want to you know it just requires a bit more complexity then you can go with the full hybrid as well all right so you can see these are the different types of migration just to remind you you've got that imap migration and that covers pretty much every type of mailbox so whether you're using pegasus whether you're using i'm trying to think of old ones here i'm sure you can come up with something but essentially really you know maybe old systems um any kind of kind of web-based system google but the key thing about this is it just takes the mail all right so if you've got calendars and contacts and things like that it doesn't bring those across and in fact in many cases if you've got pst files you can copy a user's contacts or calendars into a pst file uh you do the imap migration and then you basically ingest the pst file as well that that's typically for a small company and then in the realms of exchange you've got two options you've got what we call a cut-over migration and a staged migration so a stage migration would maybe use um let's say you've got azure ad connect already deployed within the organization whereas a cut over cut over migration you don't need anything it's a is where you've maybe got a just a couple of hundred users and you basically want to migrate them across in the in the weekend at the end of the migration you cut the cord kick the box over and essentially use it as a coffee table all right whereas a hybrid deployment as i said a hybrid deployment you're deciding to look i need that we've got so many users that we can't migrate them in a weekend and also rather than the migration with a an exchange hybrid essentially what's happening here is that you put in this let's say i'm i've got an exchange 2000 le this is just an example here um so you can see that you've got this client access server and this is the pivot yes this is the pivot so yes you've got your azure ad connect which is syncing your contacts your groups and possibly your devices and then you've got the exchange uh client access service there as well okay um so why deploy exchange hybrid you want that long term coexistence to take place typically used for very large migrations the benefit for the user is it's completely transparent so unlike a traditional migration hybrid when you move a mailbox from on-premises into the cloud it's completely transparent to the user because of course hybrid sees the cloud as another server on the same network and that is just brilliant okay so there's no ost or offline stores there's no clunkiness no having to re-log off and log back on again user just comes in on monday morning switches on they're good to go that's a real benefit or right um prerequisites you need to have azure ad connect uh you need to have that free hybrid server forget 2010 they're pretty old um yeah i mean you still can do it but you wouldn't so typically 2013 16 19 you must have a public digital certificate so you need to purchase a digital certificate domain name you're going to have that because of course connectivity needs that https um adfs is optional if you're using that and again if you're using an edge transport server again that's also optional as well so essentially the process works a little bit like this you deploy exchange on premises of course um configure your sso so things like single sign-on uh configure that so you know that might involve azure ad connect adfs if you're using that but typically azure ad connect then you'll install that public certificate onto your exchange server as i've mentioned uh configure the web service um then we run the hybrid wizard and this is what you're going to see at the end of this demo so again then finally once you've done that you'll configure your mx records um and then essentially you're good to go that's you you're uh in hybrid okay now i've got to be honest years back when i first started this there was no nice ui that you could just click through in those days it was all powershell and it was about 50 power shell steps so it was quite um quite complex in its days a couple of things you need to know mailbox permissions don't don't come across so if you're you know let's say you're bringing bob and mary's mailboxes across and let's say bob's got access to mary's mailbox he's he's her assistant or something like that i'm being politically correct um any permissions so send on behalf of send ask permissions they don't come across so you would need to go in and you would need to set them up again all right um in the in the days of your i was just talking about uh exchange 2010 there it was a truly horrible experience uh when we talked about uh the the hybrid configuration wizard it was very painful uh nowadays it's much easier so we've now got a single a single step adaptive wizard and essentially this is what the wizard is really doing when you run the wizard it basically says this is where i want to get this is where i currently am and this is what i need to do in order to get to that state all right and then off it goes configures that and then essentially at the end of the day with an in hybrid um just for your own kind of benefit your own knowledge this is what it's doing underneath okay so you can see here get dash hybrid configuration uh and it basically is determining where we are so what have we currently got all right um and it also checks the connectors both the inbound and the outbound connectors so this is okay where do we want to be all right and get the accepted domains and you can see i just put in the powershell command let's see and you can go back and you can slow this video down to see this if you want to and then we're creating the service domain adding the domain to the actual address policy and if any time you can type in get dash federation information in exchange powershell and this will def the verify that you actually own that domain name of course then the wizard will off it goes it will then create a federation trust with the microsoft gateway and under the under its skirt this is essentially what's going on here yes so it's creating that on-prem relationship so this is one of the reasons why you need those three dns records really important of course you need your mx record your mail exchanger you need the auto discover record for outlook and you also need that spf record uh for security um again finally it will then configure the organization uh relationship so things like free busy your archive access if you're using mail tips anything like that finally it will then configure the mail flow now to be honest sometimes you may need to go in afterwards so in the demo that i'm using today i'll go through the entire wizard but then what you would need to do is just go in and test and configure your mail flow at the end okay and this is what it looks like so at the moment um there are two versions of the configuration wizard you can either do it through powershell at the bottom or you can do it through the configuration wizard which is what i i'm gonna do now um if you do have issues um one of the nice things is the wizard will tell you it will fail and it will give you a reason why it failed and again it could be a bad credential typically the reasons why it fails invalid credentials let's say things like you've not got the digital certificate correctly installed those are the kind of the main reasons all right um check the log files it does have log files and that's where you'll find them and also again get dash federation information dash your domain name and it will just confirm that you're actually um in hybrid there one thing when you do run the wizard um it prompts you to where do you currently want your exchange content to go make sure that you click on the right one here obviously if you're in norway there's a norwegian option um sweden as well um the uk and this list is a little out of date there's more options here now as well um in terms of smtp of course um again these are some of the current limits on it so again make sure that you've got the appropriate licensing of course for your users tls um is obviously required in there as well so again configure those so once you've configured a hybrid of course the real benefit then is you can then schedule those mailbox moves so essentially you right click your mailboxes and you say hey i want to schedule a mailbox move and at the appropriate time it will then start first of all what it does is it copies it creates that mailbox and the remote location copies the content in and essentially deletes the on-premises option but at the same time it's um the service that makes this possible is the mrs proxy the mailbox a replication service proxy and you can see that this is that gateway this the pendulum that's essentially moving that content so when um a user says hey you know where's john's mailbox or when's john's mail it's that mrs proxy that says yeah he's over here in exchange online or he's over here in microsoft 365. um real benefit for the user of course is it's completely transparent so of course i'm using single sign-on um it makes it the whole experience so much easier you don't need all this stuff about a password you don't need to worry about that of course because because it's all uh fully single sign-on all right so preparation is the key again verified domain name deploy azure ad connect and make sure that you've got that public uh digital certificate for your domain name okay um and there you go okay okay so just a quick review of hybrid right now i think we'll take a look at the actual demo okay so before you can do a deployment of exchange we need to go ahead and i'm just going to go ahead here and i've got a public digital certificate that i'm just going to install so i've just got the pfx file here and i'm just going to go ahead and install that onto this current machine and of course you need to be a local admin for this so i'm just going to go ahead and just pop in the password there now as i mentioned previously there are a number of prerequisites this is the first of those prerequisites um as is a custom domain name so assuming that you've gone out you've purchased your domain name for your organization already and of course you go you need to go ahead as well as and deploy things like azure ad connect as well so i'm going to come here into my microsoft 365 portal here and essentially we're just looking at some of the prerequisites for exchange hybrid so i'm going to flip down here i'm going to go into my domains and i've kind of sped this video up a little bit just to really kind of save time and i'm going to go in and i'm now going to add in my custom domain name and i'm going to then once i've done that of course it will then ask me to verify the record so i've got a txt record and that will typically give me an ms equals ms um identifier and using that i then use paste that into my dns server and that will then verify now once that's been verified the other things that you will need to do here you will need to add in your exchange records and this includes your mx record your um c name record so your alias record for microsoft outlook also along with an spf record as well so you can see here again i've just sped that up a little bit you can see that these have now been installed and my custom domain name is now verified and i'm just using kind of a lab environment here just for demo all right so now that i've done that another prerequisite of course is you need to have azure ad connect installed so here i'm going to just open up the azure ad connect wizard again i'm just going to very quickly flip through this so i'm just gonna go in through my express settings this time the only additional thing you might want to do in fact you will want to do is click on the sso single sign-on option so i'm just logging in with my credentials here so this is of course what you're doing is you're creating that connector between the two organizations so between your on-premises organization and the cloud you need to uh click on to that so uh next it will ask me to put in my on-premises so this is my a datum organization here so i'm just pasting that in and i'm gonna click next and it's then saying okay you can see that it's verified my uh go deploy labs um lab dns record there and i'm just gonna accept that and i'm gonna move on now just to say i'm using um you can see it's using a password synchronization option but definitely make sure that you check this check box this is the exchange hybrid deployment now even if you're not ready for that deployment it's just a good idea to go ahead and click it anyway so now that you've done that there is of course one other couple of other little things that you need to do and again not every document or every book actually makes this correct what i would probably do is going and make sure that you've enabled the recycle bin it's just in active directory on your on-premises server so here i'm just going to go into active directory i'm going to go into the local admin center here and i'm just going to go ahead and enable that recycle bin now you need for that you need windows server 2008 and above so make sure that that's enabled the reason for that is because if you delete objects in the cloud they or if you delete objects on premises it deletes them in the cloud and of course if you try and restore them in the cloud there's no recycle bin on premises so you have an orphaned object so make sure that you go ahead and enable that so those ladies and gentlemen are the prerequisites okay so you can see that those the domains are in the connectors are in it's now syncing so if i just go into my active users here and you can see at the moment i've just got on premises sorry rather in cloud accounts but i've just refreshed you can see that on-premises directory synchronization connector and you can now see that some of those user accounts are coming in so if i just refresh this page in a moment you'll just see that okay there you go so you can now see those on-premises users uh have now synced into 365. the one thing i would say of course is they don't come in licensed so make sure that you go ahead and you license that now um next thing that we want to do is we're now ready to obviously deploy so i'm going to click into other features in my exchange server and i'm going to click on those on that hybrid settings and what this does it will run the hybrid configuration wizard now you can either do this from your on-premises server or your cloud-based server it doesn't really make any difference so it's selecting my on-premises exchange server i only have one and for the purpose of this demo i'm just choosing exchange worldwide and you can see it's already picked up my credentials so that's great and all i need to do now is put in my account details for microsoft 365 so i'm just pasting in my username and my password here all right that just takes a moment to come through okay so now we what this is doing is it's now creating that organizational relationship that i mentioned in the slides all right so now that that just takes a few minutes to run through by the way and it says okay do you want to do a minimal hybrid do you want to do a full hybrid and this is good because it gives you a lot of additional content or are you likely to just kind of uh is this like a one-time hybrid and you want to get rid of it and well i'm looking for things like um sharing free busy connections um and i want a more complex option so i'm choosing that one now it says here do you want to use a um classic or the modern so you might use the modern solution but i'm going to use the classic solution here and the reason is it it requires me to enter more content and it just it's so that you can actually see what's happening so it now prompts me for my exchange admin credentials so again i'm just oh sorry i just made a mistake uh it's gonna ask me for my credentials and my username and my password and i'm just going to click on that okay so now the configuration comes through and it says i want to configure my client as a mailbox and client access server and it says okay what's your receive connector so where's it coming from again for this demo i'm only using one server but you might have multiple ones here likewise i'm also clicking on my send connector here and i'm clicking on next and it will now prompt me for that um exchange transport certificate okay now just be careful with this because when you click on the drop down arrow it does offer a couple of internal certificates the one that we actually need is the top one here which is our external one that we purchased okay so we need that for the mail relay okay so i'm gonna go ahead and click on next and everything is looking good so far yeah okay so i'm just putting in my organization's fully qualified domain name so that looks good and now what's happening is a whole bunch of powershell is actually running and you can see there it's actually running those powershell commands and again for the purpose of this demo i've shortened this because this does take a little bit of time so you kind of need to be patient here so once that has finished it should hopefully um work now look at the message there it said uh configuring mrs proxy settings did you see that that's the mailbox replication service that i mentioned earlier and we'll see that in a moment all right so hopefully yes okay so says congratulations uh and it explains what it's done and it's what there's also a couple of links there that will take you through to docs.microsoft.com so again feel free to go off and have a look at those all right so now that we've done that i'm just gonna go ahead and click on the close button and the next thing that we want to do is actually go ahead and look at what it's actually done with those mrs proxy settings now um as i mentioned the one thing that you would then just go and check are your um your mailbox uh rules so um yeah things like your connectors so okay so you can see that those connectors have come in um everything's looking good all right so yeah you've got your accepted domains um again those connectors are all in the correct place again you would maybe go ahead and do some mail flow just check the mail flow rules to make sure that they're okay and again any kind of misconfigurations this is a good opportunity to kind of go in and fix that there are some great documentation by the way on docs.microsoft.com so you can go ahead and you can check that out now um next thing likewise i'm just going to pop up here to my exchange server now and again you can see that we've got everything here everything looks good and i'm just going to click on those mail flow rules you can see again that those connectors have come in and the next thing that i want to do is i'm going to click onto the servers option and there's the exchange web service okay and i'm going to go into virtual directories um just double checking the certificate is in place yet there's that uh digital certificate so that's great that's gone in now so i've got that secure connectivity so that's good um and exchange default web services here you can see that and i'm just going to go ahead and double click on that by the way you'll notice that my browser is not secure this is again this was just for demo purposes but look there you go the mrs endpoints so the mailbox replication service endpoint it's pointing to the correct place so there you go we have now successfully performed an exchange hybrid okay looks good just double check the permissions yet and that's great and just click on save all right so there you have it exchange hybrid isn't that cool uh so i really hope that you enjoyed that by the way right it's that time again it's question time [Music] [Music] okay so this week's question time have you ever posted a video and then later on wish that you hadn't well for me it was my bit locker video uh don't get me wrong i know thousands of people have looked at it and i'm so grateful for that but every day i get this question uh i forgot my bit locker password or it's locked or something or my my disk is encrypted or there's something terribly wrong uh can you help me fix it no i can't is the short answer okay but what i can do is i can give you some great advice okay if you're running a windows system make sure that you back up your bitlocker key and if you're brave enough to use encryption on your hard drives especially if you've got windows 11 and things like that you backing up that key is absolutely critical okay without that key you're in you're in a world of pain let me put it that way another good suggestion is guys we're in the cloud here we're in microsoft 365. take advantage of onedrive for business sharepoint make sure that you back up your content to these places and then worst case scenario if you're encrypted drive you just can't get back into it then you can just reformat the disk reinstall a fresh copy of windows and your data is still there all right that is my advice to you and please don't call me especially on a friday afternoon asking for support in fact don't call me at all remember um you know in in terms if you're looking for personal support we're not a support company okay so reach out to the uh appropriate vendor but questions comments absolutely absolutely get them in here and very very soon we're going to be launching our own support forum where you guys can answer and ask questions between you as well so watch out for that that's going to be very cool that's coming soon by the way so there you go wow what a busy session that was this week now you're a little bit wiser about microsoft uh hybrid hey listen thanks so much for tuning in and remember if you've not subscribed bump that subscribe button ring the bell and you won't miss out on the good stuff in the future and as always i really do appreciate you bumping that like button okay comments questions about this or any of my other sessions please get them down below there and remember what i said uh watch out for that episode uh with jeremy chapman in a couple of weeks time from microsoft mechanics that is going to be such a cool episode all right so uh thanks again you stay safe and i'll see you next time thanks very much hey thanks so much for dropping by today here's a couple of videos that you may enjoy and while you're here go ahead click on the subscribe button and you won't miss out [Music]
Info
Channel: Andy Malone MVP
Views: 47,508
Rating: undefined out of 5
Keywords: Learn microsoft exchange hybrid, microsoft exchange hybrid, deploy microsoft exchange server hybrid, Exchange server 2019, Microsoft 365 hybrid, Andy malone mvp, exchange migration, microsoft 365, hybrid exchange, what is hybrid cloud
Id: JZFr57rWhNk
Channel Id: undefined
Length: 38min 6sec (2286 seconds)
Published: Mon Jul 25 2022
Related Videos
Microsoft Exchange Online How Mailbox Sharing REALLY Works!
Andy Malone MVP
20K
Mastering Microsoft Exchange Server 2019 Expert Skills in just 30 Mins
Andy Malone MVP
22K
Get Rid of Your Exchange Server
Pro Tech Show
11K
Exchange On-Premise to Office 365 Hybrid | Mailbox Migration Exchange Online | Step by Step Guide
Cloud Inspired
97K
Getting Started with Microsoft Exchange Online with Andy Malone MVP
Andy Malone MVP
33K
Administering Microsoft Exchange Online with Andy Malone MVP
Andy Malone MVP
27K
Is Microsoft Loop the End of OneNote?
Jonathan Edwards
277K
How to configure exchange online migration ! Types of Migration ! Concept of O365 Migration
Teach Me Cloud
14K
Copilot for Microsoft 365 How it ACTUALLY Works!
Andy Malone MVP
170K
Why are you NOT Using These 5 Microsoft 365 Apps?
Andy Malone MVP
8.2K
AZ-900 Azure Fundamentals Study Cram - 2022 Edition! - OVER ONE MILLION VIEWS!
John Savill's Technical Training
1M
Microsoft 365 Groups - How they really work!
Andy Malone MVP
40K
Microsoft Office 365 Migration
Data Networks Inc
217K
12 Tips to Get More Done Using Microsoft Outlook
Jonathan Edwards
68K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.