Hybridexchange 1.Thành phần +Exchange server: phải phiên +Office 365 (admin account) +hybrid configuration wizard +Azure Active Directory synchronization (được khuyến nghị) / ADFS (được sử dụng tổ chức lớn đa forest) uses Azure AD Connect (on-premise) to replicate on-premises Active Directory information for mail-enabled objects to the Office365 organization to support the unified global address list (GAL) and user authentication 2.Những thay đổi hybrid so với on-premises On-premises hybrid 3.Một số thứ cần xem xét • • • • • AD sync: đồng 30p/lần, giới hạn 50.000 objects (đây số objects tạo Office 365) Quản lý hybrid EAC Certificate: fai mua từ bên thứ Clients use Outlook 2016 or Outlook 2013 Di chuyển mailbox tới Office365 cần xem xét: • Determine the average mailbox size for mailboxes that will be moved to Office365 • Determine the average connection and throughput speed for your connection to the Internet from your on-premises organization • Calculate the average expected transfer speed, and plan your mailbox moves accordingly • Mỗi mailbox Office365 có licenses • Antivirus anti-spam: Mailboxes moved to Office365 are automatically provided with antivirus and anti-spam protection by Exchange Online Protection (EOP), a service provided by Office365 4.Những điều kiện trước cấu hình 4.1 Add primary SMTP domain to Office365 Cấu hình Office365 với primay SMTP namespace tổ chức on-premises Log on to: Office365 admin center preview Click Settings > Domains > Add domain Enter the primary SMTP namespace For example, contoso.com Then, click Next Follow the instructions provided to verify your domain ownership When complete, wait 15 minutes and then click Verify If the wizard says it can't verify your domain ownership, you might need to wait longer for your DNS records to update across the Internet; this might take several hours Also verify that the record you created is correct On the Required DNS settings page, click Continue setup Don't update your DNS records right now Instead, you'll update your DNS records later in your hybrid deployment On the Set up your online services page, select I'll manage my own DNS records and click Next On the Update DNS settings page, select Skip this step - I have custom DNS records, so I'll add the records I need later I understand that some Office365 services may be unavailable until I manually add the records with my registrar Click Skip, and then click Finish 4.2 Cấu hình Azure AD connect Download Azure Active Directory Connect on the computer where you'll install it, and then open it On the Welcome page, click Continue if you agree to the license terms and privacy notice On the Express Settings page, click Use express settings On the Connect to Azure AD page, enter the username and password for a user account that is a Global Administrator in your Office365 organization, and then click Next On the Connect to AD DS page, enter the username and password for a user account in your on-premises organization that is an Enterprise Administrator, and then click Next On the Ready to configure page, select both Start the synchronization process as soon as the configuration completes and Exchangehybrid deployment, and then click Install At this point, Azure AD Connect will synchronize your on-premises user accounts and their information, including passwords, to your Office365 organization Depending on how many accounts need to be synchronized, this might take a while 7 On the Configuration complete page, click Exit 4.3 Kiểm tra đồng gán giấy phép To create a mailbox in the Exchange Online organization, the following: Open Active Directory Users and Computers on an Active Directory domain controller in your on-premises organization Expand the container or organizational unit (OU) where you want to create a new Active Directory user Click Action in the menu bar, and then click New > User Enter the required user information Because this user will be associated with a test mailbox, we recommend that you clearly identify the user as such For example, name the user "Test User" In the User logon name field, provide the user name that the user should specify when logging into their user account This user name, combined with the user principal name (UPN) in the drop-down box next to the User logon name field, makes up the Microsoft Online Identity of the user The Microsoft Online Identity typically matches the user's email address, and the domain suffix chosen should match the federated domain configured in Active Directory Federation Services For example, testuser@contoso.com Click Next Enter a password for the new user, specify any options you want to set, and then click Next Click Finish Wait for directory synchronization to synchronize the new user to the Office365 organization Mặc định đông 30p Để đồng vào Windows Powershell Start-ADSyncSyncCycle -PolicyType Delta Log on to: Office365 service administration portal 10 Assign a license to the new user Learn more at: Activate synced users 4.4 Cấu hình ghi DNS: Autodiscover, SPF records 4.5 Cấu hình Exchange Web service (Cấu hình URL Virtual Directory) Open the EAC and navigate to Servers > Virtual directories In the Select server field, click the down arrow and select the Exchange 2016 Mailbox server to update 3 Click Configure external access domain On the Configure external access domain page, click Add On the Select a Server page, select the Exchange 2016 Mailbox servers you want to configure and click Add Click OK On the Configure external access domain page, enter the externally accessible FQDN of your Internet-facing Exchange 2016 Mailbox server in the Enter the domain name you will use with your external Client Access servers text box For example, mail.contoso.com Click Save Click Close when the wizard completes 4.5 Cấu hình Cert Như on-premises (Cert lấy từ bên thứ 3) Cấu hình Hybrid EAC on-premises Trong mục Hybrid , click Configure to enter your Office365 credentials Important: If your on-premises organization is located in China and your Office365 tenant is hosted by 21Vianet, At the prompt to log in to Office 365, select sign in to Office365 and enter the account credentials The account you log into needs to be a Global Administrator in Office365 Click Configure again to start the Hybrid Configuration wizard On the Microsoft Office365Hybrid Configuration Wizard Download page, click Click here to download wizard When you're prompted, click Install on the Application Install dialog Note: If you're doing this on a server using Internet Explorer, you might need to enable cookies (Internet Op Click Next, and then, in the On-premises Exchange Server Organization section, select Detect a server running Exchange 2013 CAS or Exchange 2016 The wizard will attempt to detect an on-premises Exchange 2016 server If the wizard doesn't detect an Exchange 2016 server, or if you want to use a different server, select Specify a server running Exchange 2013 CAS or Exchange 2016 and then specify the internal FQDN of an Exchange 2016 Mailbox server In the Office365Exchange Online section, select Microsoft Office365 and then click Next On the Credentials page, in the Enter your on-premises account credentials section, select Use current Windows credentials to have the wizard use the account you're logged into to access your on-premises Active Directory and Exchange 2016 servers If you want to specify a different set of credentials, 10 11 unselect Use current Windows credentials and specify the username and password an Active Directory account you want to use Whichever selection you choose, the account used needs to be a member of the Organization Management role group In the Enter your Office365 credentials section, specify the username and password of an Office365 account that has Global Administrator permissions Click Next On the Validating Connections and Credentials page, the wizard will connect to both your on-premises organization and your Office365 organization to validate credentials and examine the current configuration of both organizations Click Next when it's done On the Hybrid Features page, select Full Hybrid Configuration and then click Next On the Hybrid Domains, select the domains you want to include in your hybrid deployment In most deployments you can leave the Auto Discovercolumn set to False for each domain Only select True next to a domain if you need to force the wizard to use the Autodiscover information from a specific domain Click Next Important: The Hybrid Domains page only appears if you have more than one on-premises accepted domain add 12 On the Federation Trust page, click Enable and click then Next 13 On the Domain Ownership page, click Click copy to clipboard to copy the domain proof token information for the domains you’ve selected to include in the hybrid deployment Open a text editor such as Notepad and paste the token information for these domains Before continuing in the Hybrid Configuration wizard, you must use this info to create a TXT record for each domain in your public DNS Refer to your DNS host's Help for information about how to add a TXT record to your DNS zone Click Next after the TXT records have been created and the DNS records have replicated Important: The TXT proof of ownership wizard page only displays if there is a non-federated domain selected in t 14 On the Hybrid Configuration page, select the Configure my Client Access and Mailbox servers for secure mail transport (typical) option to configure your onpremises Client Access and Mailbox servers for secure mail transport with the Office365 Click Next Important: If you want Office365 to send all outbound messages to external recipients to your on-premises transp 15 On the Receive Connector Configuration page, select the Receive connector that will be used to accept secure mail from Exchange Online, and then click Next 16 On the Send Connector Configuration page, select the Send connector that will used to send secure mail to Exchange Online, and then click Next 17 On the Transport Certificate page, select the certificate to use for secure mail 18 19 20 21 transport This list displays the digital certificates issued by a third-party certificate authority (CA) installed on the Exchange server selected in the previous step Click Next On the Organization FQDN page, enter the externally accessible FQDN for your Internet-facing Exchange 2016 Mailbox server Office365 uses this FQDN to configure the service connectors for secure mail transport between your Exchange organizations For example, enter “mail.contoso.com” Click Next The hybrid deployment configuration selections have been updated, and you’re ready to start the Exchange services changes and the hybrid deployment configuration Click Update to start the configuration process While the hybrid configuration process is running, the wizard displays the feature and service areas that are being configured for the hybrid deployment as they are updated When the wizard has completed all of the tasks it can perform automatically, it'll list any tasks that you need to address manually before your hybrid deployment configuration is complete The wizard displays a completion message and the Close button is displayed Click Close to complete the hybrid deployment configuration process and to close the wizard Test 6.1 Move mailbox tới Office365 Open the EAC and navigate to Office365 > Recipients > migration Click Add and select Migrate to Exchange Online On the Select a migration type page, select Remote move migration and then click Next On the Select the users page, click Add , select the on-premises users to move to Office365 and click Add, and then click OK Click Next On the Enter the Windows user account credential page, enter the on-premises administrator account name in the On-premises administrator name text field and enter the associated password for this account in the On-premises administrator password text field For example, “corp\administrator” and a password Click Next On the Confirm the migration endpoint page, verify that the FDQN of your onpremises Mailbox server is listed when the wizard confirms the migration endpoint For example, “mail.contoso.com” Click Next On the Move configuration page, enter a name for the migration batch in the New migration batch name text field Use the down arrow to select the target delivery domain for the mailboxes that are migrating to Office365 In most hybrid deployments, this will be the primary SMTP domain used for both on-premises and Office365 mailboxes For example, user@contoso.com Verify that the Move primary mailbox along with archive mailboxoption is selected, and then click Next On the Start the batch page, select at least one recipient to receive the batch complete report Verify that the Automatically start the batch and Automatically complete the migration batch options are selected Click New Sau mailboxes moved trạng thái migration chuyển từ Synching thành Completed 6.2 Tạo Mailbox Office365 Log into the EAC on an on-premises Exchange 2016 server In the EAC, navigate to Enterprise > Recipients > Mailboxes Click Add and select Office365 mailbox On the new Office365 mailbox page, specify the following settings: o First Name Type the first name of the new user o Initials Type the initials of the new user o Last Name Type the last name of the new user o Name Type the full name of the user if the automatically generated name is not correct o User logon name Type the user logon name of the new user and select the primary SMTP domain used for your other on-premises users For example, @contoso.com o Mailbox type Use to select the mailbox type for the new mailbox For example, select User mailbox for a new user o New Password Type the password o Confirm password Retype the password Verify that the Create an archive mailbox check box is not selected Click Save to create the new mailbox Mặc định đồng tới tiếng, để đồng lập tức, cmd Azure AD connect server gõ lệnh "%ProgramFiles%\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe" Log on tới tài khoản admin Office365 Assign a license to the new user 6.3 Cấu hình ghi MX để chuyển hướng mail tới Office365 To find the FQDN that you should use for your MX record, the following: Log on to: Office365 admin portal Select Domains Select the primary SMTP namespace for your Office365 organization (for example, contoso.com) and then click Domain settings 4 On the DNS management page, verify that Exchange Online is listed under Domain purpose If it's not, the following: a Under Domain purpose, click Change domain purpose b Select Outlook on the web for email, calendar, and contacts, and then click Next Important: On the next couple pages, you'll see instructions on how to configure MX, Autodiscover, MSOID, and SP c On the Add the following DNS records page, click Okay, I've added the records d On the next page, you'll see Some DNS records have to be fixed and one or more DNS records will show an error You can safely ignore these errors Click Ignore these errors at the bottom of the page, and then click Finish e On the Manage domains page, select your primary SMTP namespace again and click Domain settings Exchange Online should now be listed under Domain purpose In the Exchange Online DNS records table, find the row where Type equals MX Use the value in the Points to address field For example, contosocom.mail.protection.outlook.com Important: Don't change the Autodiscover record for your domain to the value in the Exchange Online table Doing so will After you've found the FQDN to use with your MX record, create the MX record in your DNS zone For example, the MX record for contoso.com is the following: Primary SMTP namespace contoso.com Để troubleshoot vấn đê kết nối: sử dụng Microsoft Remote Connectivity Analyzer tool (là free web-based) ... provided by Office 365 4.Những điều kiện trước cấu hình 4.1 Add primary SMTP domain to Office 365 Cấu hình Office 365 với primay SMTP namespace tổ chức on-premises Log on to: Office 365 admin center... to Office 365, select sign in to Office 365 and enter the account credentials The account you log into needs to be a Global Administrator in Office 365 Click Configure again to start the Hybrid. .. Mailbox Office 365 Log into the EAC on an on-premises Exchange 2016 server In the EAC, navigate to Enterprise > Recipients > Mailboxes Click Add and select Office 365 mailbox On the new Office 365