Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Hybrid Office 365 - How do we configure Connectors for Cutover/Exchange Online Protection?

Posted on 2015-01-29
16
Medium Priority
?
847 Views
Last Modified: 2015-02-14
We are currently at the tail end of a Hybrid Staged Exchange Migration:

Exchange 2003 (20% of the mailboxes - To be decommissioned)
Exchange 2010 (no mailboxes - Hybrid Coexistence Exchange Server)
Office 365 with 80% of the mailboxes moved so far (all mailboxes will be moved to 365)
MX records point to On-Premise Exchange 2010 Hybrid Server

Once we move all mailboxes to Office 365 we want to begin using Exchange Online Protection.

We want to make sure we have the proper connectors in place.

The current o365 connectors were obviously created by the Hybrid Configuration Wizard

1

Hybrid Mail Flow Inbound Connector  -  Connector Type: On-Premises

2

Hybrid Mail Flow Outbound Connector  -  Connector Type: On-Premises
So my question is:
Once we cut our MX records over to Office 365/EOP what should our connectors look like?

We have seen this article but it seems to only reference routing through EOP onward to your On-Premise organization: https://technet.microsoft.com/en-us/library/dn751019(v=exchg.150).aspx

Thank you for your time in advance.
K.B.
0
Comment
Question by:K B
  • 8
  • 5
  • 3
16 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 40577598
Once you cut our MX records over to Office 365/EOP.

Disabled the Inbound and Outbound connectors created by the Hybrid Configuration Wizard from online.

However below mentioned steps to remove Hybrid Configuration:
1.      Pointed organization MX Records to Office 365.
2.      Using the Shell in the on-premises organization executed below commands:
a.      Remove-OrganizationRelationship –Identity “On Premises to Exchange Online Organization Relationship”
b.      Remove-FederationTrust –Identity “Microsoft Federation Gateway”
c.      Remove-SendConnector “Outbound to Office 365”
3.      Using EMC removed apimg.mail.onmicrosoft.com domain that was added as part of the email address policy.
4.      Removed the organization relationship from the Exchange Online organization with the executing command:
a.      Remove-OrganizationRelationship –Identity “Exchange Online to On Premises Organization Relationship”
5.      Disabled the Inbound and Outbound connectors created by the Hybrid Configuration Wizard from online.
6.      Removed Mailbox Database, Public Folder Database, Offline Address book and other receive connectors from EMC.
7.      Uninstalled Exchange 2010 from server.

Refer this article: http://blogs.technet.com/b/exchange/archive/2012/12/05/decommissioning-your-exchange-2010-servers-in-a-hybrid-deployment.aspx
0
 
LVL 8

Author Comment

by:K B
ID: 40577615
Thank you for your reply.  
However, my question is regarding connectors and does not have anything to do with decommissioning Exchange.  I know how to decommission Exchange Servers.  In fact, in a Hybrid environment you do not want to decommission your only Hybrid server.
0
 
LVL 44

Expert Comment

by:Vasil Michev (MVP)
ID: 40577965
I'm a bit confused here. Why do you have hybrid (the actual hybrid co-existance, not the server) in place when you will be performing Cutover migration? Why do you want to keep Hybrid (again, not the server) if you will not keep any mailbox on prem?

Or by cutover you mean simply the fact of moving all mailboxes to the cloud, not the actual Cutover migration? :)
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 8

Author Comment

by:K B
ID: 40577981
Yes, sorry about that... that does sound a bit confusing.
Actually, we are currently at the tail end of a Hybrid Staged Migration.
This is a staged migration not a cutover migration.
The "cutover" I speak of is when we change the MX records to point to EOP.
The Hybrid Exchange 2010 Server will remain simply for management purposes.
Currently MX records point to on-premise.
0
 
LVL 44

Expert Comment

by:Vasil Michev (MVP)
ID: 40578015
So in this case, just break the Hybrid (not the server) after the migration ends? Remove the org relationship, remove the federation with MFG, remove the connectors, etc. Here's an example article: http://blog.kloud.com.au/2014/05/05/removing-an-exchange-hybrid-configuration-2/
0
 
LVL 8

Author Comment

by:K B
ID: 40578056
Thank you for your reply.
Actually I want everything to remain as it is now.
I want the Hybrid Configuration to remain the same.
For the sake of this question, let's assume that there always will be 10 mailboxes on Exchange 2010.
I will decommission Exchange 2003 - but that shouldn't matter for what I am trying to accomplish.

Here is what I want to do:
I want to point MX Records to Office 365 (Exchange Online Protection) - Currently MX Records point to ON PREMISE

Questions:
I want to know what to do with my existing connectors (pictured).
I also want to know what new connectors must be created if any once I point MX records to Exchange Online Protection/O365.
2015-01-29-1343-O365-Connectors.png
0
 
LVL 44

Expert Comment

by:Vasil Michev (MVP)
ID: 40578240
First of all, doing this breaches the license agreement, you cannot host any mailboxes on the hybrid server. I'm not even sure if you are allowed to use it without having another Exchange box on-prem. Anyway, here's the article explaining hybrid connector setup for both MX pointing to on-prem and MX pointing to the cloud: https://technet.microsoft.com/en-us/library/jj659050(v=exchg.150).aspx

Or you can just remove the hybrid connectors, not the full Hybrid if you are so concerned that you will need it.
0
 
LVL 8

Author Comment

by:K B
ID: 40578327
I understand what you are saying about licensing.
 
I suppose my emphasis comes from the unusual part of this migration.
The customer has decided to utilize EOP midway through the migration.  

This is why the Hybrid server must remain in place at this time - Exchange 2003 still has mailboxes (that will be eventually migrated).

So the article is perfect.  It describes what I want to happen.  
One question I have still remains (as the article does not seem to mention the word "connector"):
I want to know what to do with my existing connectors (Seems like you said I can simply delete both connectors that I attached to this thread (pictured)).  Correct?
I also need to know what new connectors must be created, if any, once I point MX records to Exchange Online Protection/Office 365.
0
 
LVL 44

Expert Comment

by:Vasil Michev (MVP)
ID: 40578488
Oh, guess I should update my bookmarks every now and then. Look at the slides from this session (the video is also very good, if you have the time): http://channel9.msdn.com/Events/MEC/2014/SPR401

The slides list all the scenarios with all the relevant connectors. I still dont understand what exactly you are trying to achieve. The mailflow can be configured without connectors when everything is moved to the cloud, so you dont really need them IMO. But you can leave them if you want, doesnt make much of a difference.
0
 
LVL 8

Author Comment

by:K B
ID: 40578519
What I am trying to achieve is:
To Route mail to Exchange Online instead of On Premise (as it is now).

Customer is having issues with their existing Trend Micro Spam Appliance, so mid-migration they want to use Exchange Online Protection (EOP).

Today: MX records point to On Premise
Tomorrow: MX records will point to EOP
so.... what must happen with existing connectors & what (if any) connectors must be created (for this change)

You said...

The mailflow can be configured without connectors when everything is moved to the cloud, so you dont really need them

...so it sounds like I don't need to do anything.. just change my MX records and I am done.

Thank you so much for your knowledge! I will check out the slideshow now.
0
 
LVL 8

Author Comment

by:K B
ID: 40578667
Maybe I misstated earlier.
According to the video, Exchange Online Protection (EOP) is a product where a company has no mailboxes in the cloud and they are simply using EOP as cloud-based protection for their On-Premise mailboxes.  
I thought EOP was built into Exchange Online (or Office 365).
Either way we want to point MX records from On-Premise to the Cloud.
0
 
LVL 44

Accepted Solution

by:
Vasil Michev (MVP) earned 2000 total points
ID: 40579258
No, this is just one scenario, EOP can be used simply as a Hygiene service, but it's indeed included with EO.

What I meant about not needing the connectors is the fact that you can just point the MX to EO, and since you will move everything to the cloud, you dont have any need to route the mail flow to on-prem. The connectors are only needed if you have some objects on both on-prem and EO (same namespace scenario). But if you want to keep them, you can just rerun the HCW after you change the MX, it will take care of configuring the connectors for you.
0
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 40579615
Hi KB,

As I said in my first comment.

Just Disable both the Online Connectors and Point MX records to cloud. This should server your need.
0
 
LVL 8

Author Comment

by:K B
ID: 40581789
Okay I am getting conflicting information.  

Literally, what should the connectors be that I have in place once I point MX records to cloud.

Thank you.
0
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 40586663
Just Disable both the Online Connectors.
0
 
LVL 8

Author Comment

by:K B
ID: 40586668
how will mail flow from cloud to on premise?
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question