[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 922
  • Last Modified:

Hybrid Office 365 - How do we configure Connectors for Cutover/Exchange Online Protection?

We are currently at the tail end of a Hybrid Staged Exchange Migration:

Exchange 2003 (20% of the mailboxes - To be decommissioned)
Exchange 2010 (no mailboxes - Hybrid Coexistence Exchange Server)
Office 365 with 80% of the mailboxes moved so far (all mailboxes will be moved to 365)
MX records point to On-Premise Exchange 2010 Hybrid Server

Once we move all mailboxes to Office 365 we want to begin using Exchange Online Protection.

We want to make sure we have the proper connectors in place.

The current o365 connectors were obviously created by the Hybrid Configuration Wizard


Hybrid Mail Flow Inbound Connector  -  Connector Type: On-Premises


Hybrid Mail Flow Outbound Connector  -  Connector Type: On-Premises
So my question is:
Once we cut our MX records over to Office 365/EOP what should our connectors look like?

We have seen this article but it seems to only reference routing through EOP onward to your On-Premise organization: https://technet.microsoft.com/en-us/library/dn751019(v=exchg.150).aspx

Thank you for your time in advance.
  • 8
  • 5
  • 3
1 Solution
Shreedhar EtteCommented:
Once you cut our MX records over to Office 365/EOP.

Disabled the Inbound and Outbound connectors created by the Hybrid Configuration Wizard from online.

However below mentioned steps to remove Hybrid Configuration:
1.      Pointed organization MX Records to Office 365.
2.      Using the Shell in the on-premises organization executed below commands:
a.      Remove-OrganizationRelationship –Identity “On Premises to Exchange Online Organization Relationship”
b.      Remove-FederationTrust –Identity “Microsoft Federation Gateway”
c.      Remove-SendConnector “Outbound to Office 365”
3.      Using EMC removed apimg.mail.onmicrosoft.com domain that was added as part of the email address policy.
4.      Removed the organization relationship from the Exchange Online organization with the executing command:
a.      Remove-OrganizationRelationship –Identity “Exchange Online to On Premises Organization Relationship”
5.      Disabled the Inbound and Outbound connectors created by the Hybrid Configuration Wizard from online.
6.      Removed Mailbox Database, Public Folder Database, Offline Address book and other receive connectors from EMC.
7.      Uninstalled Exchange 2010 from server.

Refer this article: http://blogs.technet.com/b/exchange/archive/2012/12/05/decommissioning-your-exchange-2010-servers-in-a-hybrid-deployment.aspx
K BAuthor Commented:
Thank you for your reply.  
However, my question is regarding connectors and does not have anything to do with decommissioning Exchange.  I know how to decommission Exchange Servers.  In fact, in a Hybrid environment you do not want to decommission your only Hybrid server.
Vasil Michev (MVP)Commented:
I'm a bit confused here. Why do you have hybrid (the actual hybrid co-existance, not the server) in place when you will be performing Cutover migration? Why do you want to keep Hybrid (again, not the server) if you will not keep any mailbox on prem?

Or by cutover you mean simply the fact of moving all mailboxes to the cloud, not the actual Cutover migration? :)
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

K BAuthor Commented:
Yes, sorry about that... that does sound a bit confusing.
Actually, we are currently at the tail end of a Hybrid Staged Migration.
This is a staged migration not a cutover migration.
The "cutover" I speak of is when we change the MX records to point to EOP.
The Hybrid Exchange 2010 Server will remain simply for management purposes.
Currently MX records point to on-premise.
Vasil Michev (MVP)Commented:
So in this case, just break the Hybrid (not the server) after the migration ends? Remove the org relationship, remove the federation with MFG, remove the connectors, etc. Here's an example article: http://blog.kloud.com.au/2014/05/05/removing-an-exchange-hybrid-configuration-2/
K BAuthor Commented:
Thank you for your reply.
Actually I want everything to remain as it is now.
I want the Hybrid Configuration to remain the same.
For the sake of this question, let's assume that there always will be 10 mailboxes on Exchange 2010.
I will decommission Exchange 2003 - but that shouldn't matter for what I am trying to accomplish.

Here is what I want to do:
I want to point MX Records to Office 365 (Exchange Online Protection) - Currently MX Records point to ON PREMISE

I want to know what to do with my existing connectors (pictured).
I also want to know what new connectors must be created if any once I point MX records to Exchange Online Protection/O365.
Vasil Michev (MVP)Commented:
First of all, doing this breaches the license agreement, you cannot host any mailboxes on the hybrid server. I'm not even sure if you are allowed to use it without having another Exchange box on-prem. Anyway, here's the article explaining hybrid connector setup for both MX pointing to on-prem and MX pointing to the cloud: https://technet.microsoft.com/en-us/library/jj659050(v=exchg.150).aspx

Or you can just remove the hybrid connectors, not the full Hybrid if you are so concerned that you will need it.
K BAuthor Commented:
I understand what you are saying about licensing.
I suppose my emphasis comes from the unusual part of this migration.
The customer has decided to utilize EOP midway through the migration.  

This is why the Hybrid server must remain in place at this time - Exchange 2003 still has mailboxes (that will be eventually migrated).

So the article is perfect.  It describes what I want to happen.  
One question I have still remains (as the article does not seem to mention the word "connector"):
I want to know what to do with my existing connectors (Seems like you said I can simply delete both connectors that I attached to this thread (pictured)).  Correct?
I also need to know what new connectors must be created, if any, once I point MX records to Exchange Online Protection/Office 365.
Vasil Michev (MVP)Commented:
Oh, guess I should update my bookmarks every now and then. Look at the slides from this session (the video is also very good, if you have the time): http://channel9.msdn.com/Events/MEC/2014/SPR401

The slides list all the scenarios with all the relevant connectors. I still dont understand what exactly you are trying to achieve. The mailflow can be configured without connectors when everything is moved to the cloud, so you dont really need them IMO. But you can leave them if you want, doesnt make much of a difference.
K BAuthor Commented:
What I am trying to achieve is:
To Route mail to Exchange Online instead of On Premise (as it is now).

Customer is having issues with their existing Trend Micro Spam Appliance, so mid-migration they want to use Exchange Online Protection (EOP).

Today: MX records point to On Premise
Tomorrow: MX records will point to EOP
so.... what must happen with existing connectors & what (if any) connectors must be created (for this change)

You said...

The mailflow can be configured without connectors when everything is moved to the cloud, so you dont really need them

...so it sounds like I don't need to do anything.. just change my MX records and I am done.

Thank you so much for your knowledge! I will check out the slideshow now.
K BAuthor Commented:
Maybe I misstated earlier.
According to the video, Exchange Online Protection (EOP) is a product where a company has no mailboxes in the cloud and they are simply using EOP as cloud-based protection for their On-Premise mailboxes.  
I thought EOP was built into Exchange Online (or Office 365).
Either way we want to point MX records from On-Premise to the Cloud.
Vasil Michev (MVP)Commented:
No, this is just one scenario, EOP can be used simply as a Hygiene service, but it's indeed included with EO.

What I meant about not needing the connectors is the fact that you can just point the MX to EO, and since you will move everything to the cloud, you dont have any need to route the mail flow to on-prem. The connectors are only needed if you have some objects on both on-prem and EO (same namespace scenario). But if you want to keep them, you can just rerun the HCW after you change the MX, it will take care of configuring the connectors for you.
Shreedhar EtteCommented:
Hi KB,

As I said in my first comment.

Just Disable both the Online Connectors and Point MX records to cloud. This should server your need.
K BAuthor Commented:
Okay I am getting conflicting information.  

Literally, what should the connectors be that I have in place once I point MX records to cloud.

Thank you.
Shreedhar EtteCommented:
Just Disable both the Online Connectors.
K BAuthor Commented:
how will mail flow from cloud to on premise?

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 8
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now