Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Hybrid Office 365 - How do we configure Connectors for Cutover/Exchange Online Protection?

Posted on 2015-01-29
16
Medium Priority
?
783 Views
Last Modified: 2015-02-14
We are currently at the tail end of a Hybrid Staged Exchange Migration:

Exchange 2003 (20% of the mailboxes - To be decommissioned)
Exchange 2010 (no mailboxes - Hybrid Coexistence Exchange Server)
Office 365 with 80% of the mailboxes moved so far (all mailboxes will be moved to 365)
MX records point to On-Premise Exchange 2010 Hybrid Server

Once we move all mailboxes to Office 365 we want to begin using Exchange Online Protection.

We want to make sure we have the proper connectors in place.

The current o365 connectors were obviously created by the Hybrid Configuration Wizard

1

Hybrid Mail Flow Inbound Connector  -  Connector Type: On-Premises

2

Hybrid Mail Flow Outbound Connector  -  Connector Type: On-Premises
So my question is:
Once we cut our MX records over to Office 365/EOP what should our connectors look like?

We have seen this article but it seems to only reference routing through EOP onward to your On-Premise organization: https://technet.microsoft.com/en-us/library/dn751019(v=exchg.150).aspx

Thank you for your time in advance.
K.B.
0
Comment
Question by:K B
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 3
16 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 40577598
Once you cut our MX records over to Office 365/EOP.

Disabled the Inbound and Outbound connectors created by the Hybrid Configuration Wizard from online.

However below mentioned steps to remove Hybrid Configuration:
1.      Pointed organization MX Records to Office 365.
2.      Using the Shell in the on-premises organization executed below commands:
a.      Remove-OrganizationRelationship –Identity “On Premises to Exchange Online Organization Relationship”
b.      Remove-FederationTrust –Identity “Microsoft Federation Gateway”
c.      Remove-SendConnector “Outbound to Office 365”
3.      Using EMC removed apimg.mail.onmicrosoft.com domain that was added as part of the email address policy.
4.      Removed the organization relationship from the Exchange Online organization with the executing command:
a.      Remove-OrganizationRelationship –Identity “Exchange Online to On Premises Organization Relationship”
5.      Disabled the Inbound and Outbound connectors created by the Hybrid Configuration Wizard from online.
6.      Removed Mailbox Database, Public Folder Database, Offline Address book and other receive connectors from EMC.
7.      Uninstalled Exchange 2010 from server.

Refer this article: http://blogs.technet.com/b/exchange/archive/2012/12/05/decommissioning-your-exchange-2010-servers-in-a-hybrid-deployment.aspx
0
 
LVL 8

Author Comment

by:K B
ID: 40577615
Thank you for your reply.  
However, my question is regarding connectors and does not have anything to do with decommissioning Exchange.  I know how to decommission Exchange Servers.  In fact, in a Hybrid environment you do not want to decommission your only Hybrid server.
0
 
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 40577965
I'm a bit confused here. Why do you have hybrid (the actual hybrid co-existance, not the server) in place when you will be performing Cutover migration? Why do you want to keep Hybrid (again, not the server) if you will not keep any mailbox on prem?

Or by cutover you mean simply the fact of moving all mailboxes to the cloud, not the actual Cutover migration? :)
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 8

Author Comment

by:K B
ID: 40577981
Yes, sorry about that... that does sound a bit confusing.
Actually, we are currently at the tail end of a Hybrid Staged Migration.
This is a staged migration not a cutover migration.
The "cutover" I speak of is when we change the MX records to point to EOP.
The Hybrid Exchange 2010 Server will remain simply for management purposes.
Currently MX records point to on-premise.
0
 
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 40578015
So in this case, just break the Hybrid (not the server) after the migration ends? Remove the org relationship, remove the federation with MFG, remove the connectors, etc. Here's an example article: http://blog.kloud.com.au/2014/05/05/removing-an-exchange-hybrid-configuration-2/
0
 
LVL 8

Author Comment

by:K B
ID: 40578056
Thank you for your reply.
Actually I want everything to remain as it is now.
I want the Hybrid Configuration to remain the same.
For the sake of this question, let's assume that there always will be 10 mailboxes on Exchange 2010.
I will decommission Exchange 2003 - but that shouldn't matter for what I am trying to accomplish.

Here is what I want to do:
I want to point MX Records to Office 365 (Exchange Online Protection) - Currently MX Records point to ON PREMISE

Questions:
I want to know what to do with my existing connectors (pictured).
I also want to know what new connectors must be created if any once I point MX records to Exchange Online Protection/O365.
2015-01-29-1343-O365-Connectors.png
0
 
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 40578240
First of all, doing this breaches the license agreement, you cannot host any mailboxes on the hybrid server. I'm not even sure if you are allowed to use it without having another Exchange box on-prem. Anyway, here's the article explaining hybrid connector setup for both MX pointing to on-prem and MX pointing to the cloud: https://technet.microsoft.com/en-us/library/jj659050(v=exchg.150).aspx

Or you can just remove the hybrid connectors, not the full Hybrid if you are so concerned that you will need it.
0
 
LVL 8

Author Comment

by:K B
ID: 40578327
I understand what you are saying about licensing.
 
I suppose my emphasis comes from the unusual part of this migration.
The customer has decided to utilize EOP midway through the migration.  

This is why the Hybrid server must remain in place at this time - Exchange 2003 still has mailboxes (that will be eventually migrated).

So the article is perfect.  It describes what I want to happen.  
One question I have still remains (as the article does not seem to mention the word "connector"):
I want to know what to do with my existing connectors (Seems like you said I can simply delete both connectors that I attached to this thread (pictured)).  Correct?
I also need to know what new connectors must be created, if any, once I point MX records to Exchange Online Protection/Office 365.
0
 
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 40578488
Oh, guess I should update my bookmarks every now and then. Look at the slides from this session (the video is also very good, if you have the time): http://channel9.msdn.com/Events/MEC/2014/SPR401

The slides list all the scenarios with all the relevant connectors. I still dont understand what exactly you are trying to achieve. The mailflow can be configured without connectors when everything is moved to the cloud, so you dont really need them IMO. But you can leave them if you want, doesnt make much of a difference.
0
 
LVL 8

Author Comment

by:K B
ID: 40578519
What I am trying to achieve is:
To Route mail to Exchange Online instead of On Premise (as it is now).

Customer is having issues with their existing Trend Micro Spam Appliance, so mid-migration they want to use Exchange Online Protection (EOP).

Today: MX records point to On Premise
Tomorrow: MX records will point to EOP
so.... what must happen with existing connectors & what (if any) connectors must be created (for this change)

You said...

The mailflow can be configured without connectors when everything is moved to the cloud, so you dont really need them

...so it sounds like I don't need to do anything.. just change my MX records and I am done.

Thank you so much for your knowledge! I will check out the slideshow now.
0
 
LVL 8

Author Comment

by:K B
ID: 40578667
Maybe I misstated earlier.
According to the video, Exchange Online Protection (EOP) is a product where a company has no mailboxes in the cloud and they are simply using EOP as cloud-based protection for their On-Premise mailboxes.  
I thought EOP was built into Exchange Online (or Office 365).
Either way we want to point MX records from On-Premise to the Cloud.
0
 
LVL 43

Accepted Solution

by:
Vasil Michev (MVP) earned 2000 total points
ID: 40579258
No, this is just one scenario, EOP can be used simply as a Hygiene service, but it's indeed included with EO.

What I meant about not needing the connectors is the fact that you can just point the MX to EO, and since you will move everything to the cloud, you dont have any need to route the mail flow to on-prem. The connectors are only needed if you have some objects on both on-prem and EO (same namespace scenario). But if you want to keep them, you can just rerun the HCW after you change the MX, it will take care of configuring the connectors for you.
0
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 40579615
Hi KB,

As I said in my first comment.

Just Disable both the Online Connectors and Point MX records to cloud. This should server your need.
0
 
LVL 8

Author Comment

by:K B
ID: 40581789
Okay I am getting conflicting information.  

Literally, what should the connectors be that I have in place once I point MX records to cloud.

Thank you.
0
 
LVL 34

Expert Comment

by:Shreedhar Ette
ID: 40586663
Just Disable both the Online Connectors.
0
 
LVL 8

Author Comment

by:K B
ID: 40586668
how will mail flow from cloud to on premise?
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cancel future meetings from user mailboxes in Office 365 using Remove-CalendarEvents
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question