none
Configuring hybrid on exchange 2013 with existing EOP RRS feed

  • Question

  • Here is the scenario.

    O365 tenant contains two trusted domains - mydomain.contoso.com and contoso.com. 

    Users on mydomain.contoso.com have o365 exchange online mailboxes and login through ADFS SSO. Account is synced through Azure AD connect on premise. 

    Users on contoso.com have mailboxes on premise exchange 2013 and are synced through the same azure ad connect as above with password hash sync. The on premise exchange uses O365 EOP and the MX record points to EOP while the mailboxes are on prem. There are working connectors between the O365 and the on premise exchange. We want to set up hybrid for the on prem exchange users from contoso.com in order to migrate them over time to exchange online. 

    My questions:

    1. The hybrid set up will reconfigure the existing connectors that are in place between the on prem exchange and O365 (contoso.com domain). Will this affect the mail flow for users from the first domain (mydomain.contoso.com) who already have mailboxes in the cloud in the same tenant? 

    2. There is ADFS trust rule in place and users from mydomain.contoso.com use it to authenticate to O365 mailboxes. Since, the users from on premise exchange domain (contoso.com) are already synced through password hash, will the hybrid configuration disrupt the SSO piece for the other users from mydomain.contoso.com? I am thinking not since this would be something that is configured through the Azure AD connect. However, wanted to get a second opinion. 

    Thanks!



    • Edited by Xchromosome Thursday, September 12, 2019 6:29 PM
    Thursday, September 12, 2019 4:09 PM

All replies

  • Questions:

    1. I think it won't affect the mail flow for mydomain.contoso.com since HCW will only create connector between Exchange on-premise server and contoso.com in Office 365.

    2. It won't affect the SSO for the mydomain.contoso.com, contoso.com and mydomain.contoso.com have their own on-premises AD servers although they share the same root domain.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, September 13, 2019 8:18 AM
    Moderator
  • Thank you Manu. 

    Yes, they have separate AD servers. However, the synchronization happens through a single Azure AD connect server (mydomain.contoso.com is set up for SSO while contoso.com uses password hash sync). There is a single ADFS server for both. 

    My understanding is it won't affect anything. But if we want to set up SSO on the "contoso.com" then we will need tweak the azure ad and adfs trust rule to have it SSO federated. 

    Please let me know if my assumption is correct. 

    Friday, September 13, 2019 2:19 PM
  • The hybrid ran and the mail flow works. Still working through the kinks on mailbox migration to/fro O365.
    Tuesday, September 17, 2019 4:05 PM
  • Thank you Manu. 

    Yes, they have separate AD servers. However, the synchronization happens through a single Azure AD connect server (mydomain.contoso.com is set up for SSO while contoso.com uses password hash sync). There is a single ADFS server for both. 

    My understanding is it won't affect anything. But if we want to set up SSO on the "contoso.com" then we will need tweak the azure ad and adfs trust rule to have it SSO federated. 

    Please let me know if my assumption is correct. 

    OK. From my point of view, if we only deploy ADFS with mydomain.contoso.com, then Azure AD will only authenticate with mydomain.contoso.com, not contoso.com.

    But if you want to deploy SSO with contoso.com, that is another question.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, September 19, 2019 2:50 AM
    Moderator
  • The hybrid ran and the mail flow works. Still working through the kinks on mailbox migration to/fro O365.

    See this: Move mailboxes between on-premises and Exchange Online organizations in hybrid deployments

    Or use the Office 365 mail migration advisor.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, September 19, 2019 2:55 AM
    Moderator
  • Just checking in to see if above information was helpful. Please let us know if you would like further assistance.

    Regards, 

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, September 23, 2019 9:50 AM
    Moderator