Forum Discussion

Ivan54's avatar
Ivan54
Bronze Contributor
Sep 20, 2016

Custom Domain for O365 Groups in a Federated Hybrid Environment

So, I'm trying to wrap my head around my current problem and could use a little help. What we have:   Office 365 with a verified custom domain (e.g. contoso.com) Exchange 2013 onPrem also the M...
exchange
groups
Office 365 Groups
Ivan54's avatar
Ivan54
Bronze Contributor
Oct 07, 2016

Hi Ankit,

 

Yes, I've verified that onPrem

  • groups.contoso.com is in the accepted domains and set to internal relay
  • groups.contoso.com is added to the "Outbound to Office 365" Send Connector (through that powershell cmd line)

 

But I agree with Tonys comments, that there must be something wrong with the mail flow somehow. Because I've realized that I can't even send mails from onPrem to O365 for @groups.contoso.com groups that have this set as a primary SMTPaddress.

 

Here's the NDR:

Delivery has failed to these recipients or groups:

<GROUP DISPLAY NAME>
A problem occurred and this message couldn't be delivered. Check to be sure the email address is correct. If the problem continues, please contact your helpdesk.




Diagnostic information for administrators:

Generating server: servername.subdomain.contoso.com

groupaliasmailto:iakw_it@groups.acv.at.contoso.com
Remote Server returned '< #5.4.4 smtp;554 5.4.4 SMTPSEND.DNS.NonExistentDomain; nonexistent domain>'

Original message headers:

Received: from servername.subdomain.contoso.com (INTERNAL EXCHANGE IP) by servername.subdomain.contoso.com (INTERNAL EXCHANGE IP) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 6 Oct 2016 09:48:16 +0200Received: from sservername.subdomain.contoso.com ([IP v6 ADDRESS]) by servername.subdomain.contoso.com ([IP v6 ADDRESS]) with mapi id 15.00.1210.000; Thu, 6 Oct 2016 07:48:16 +0000Content-Type: multipart/mixed;        boundary="_000_83f62b9e9c1142f3be0bbdf4ec953e69smx01vcorpacvat_"From: "UNGER, Ivan (ADMIN)" <mailto:adminunger@acv.at>To: IAKW IT <mailto:iakw_it@groups.acv.at>Subject: test to groups.contoso.com 3Thread-Topic: test to groups.contoso.com 3Thread-Index: AQHSH6X/JciWgSC/2Eyop2WgMGxIbQ==Date: Thu, 6 Oct 2016 07:48:16 +0000Message-ID: <mailto:83f62b9e9c1142f3be0bbdf4ec953e69@smx01v.corp.acv.at>Accept-Language: en-US, de-ATContent-Language: en-USX-MS-Has-Attach:X-MS-TNEF-Correlator: <mailto:83f62b9e9c1142f3be0bbdf4ec953e69@smx01v.corp.acv.at>x-ms-exchange-transport-fromentityheader: Hostedx-originating-ip: [CLIENT IP v4 ADDRESS]x-esetresult: clean, is OKx-esetid: 37303A2962C4E3676C7D62MIME-Version: 1.0X-OrganizationHeadersPreserved: servername.subdomain.contoso.com

 

Mail Flow for user mailboxes that use the contoso.com domain seems to be working just fine. So it can't be all wrong with the send connector. It just not working for Office 365 groups from onPrem to O365 (contoso.com or groups.contoso.com).

 

Ankit Kapoor's avatar
Ankit Kapoor
Former Employee
Oct 07, 2016

Hi Ivan,

 

We are aware of the issue because of which on-prem transport raises AuthRequired NDR messages from external users to groups (even if group allows external users).

 

On-prem transport throwing NonExistentDomain NDR only for groups even for the org. users is something new. We will need more details to debug it and hence I suggest you to open a ticket for the same.

 

Thanks

Ankit 

  • Adam Wheat's avatar
    Adam Wheat
    Copper Contributor
    Oct 28, 2016

    Ankit,

    I believe that I have the identical issue/architecture as OP with regard to the on-premesis server returning 5.7.1 Authentication Required errors when an esternal sender trys to email an Office365 Group.

     

    You note that you are aware of this issue... is there any update/resolution?

     

    Thanks

    • Ivan54's avatar
      Ivan54
      Bronze Contributor
      Nov 18, 2016

      Hi everyone, so I think I know what the issue is, though I don't know how to solve it, or if it is even solvable. 

       

      Looking at this page (https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-feature-preview)  I've found this paragraph "This group will be represented as a distribution group in on-premises AD DS. Your on-premises Exchange server must be on Exchange 2013 cumulative update 8 (released in March 2015) or Exchange 2016 to recognize this new group type."

       

      Our single Exchange Server 2013 server is CU13, so this shouldn't not be an issue. I will update to CU14 in the coming days though just to be sure.

      I believe Exchange onPrem is not recognizing the recipient (the Office 365 Group with groupname@custom.domain). When I run "get-recipient groupname@custom.domain" I don't get a hit, even though the group is written back to ADDS as a distribution group. But I've noticed that the written back distribution group does not appear in the Exchange Admin Center (ECP) under Recipients > Groups.

      That's why I believe the Exchange Server is returning mails from external senders. 

       

      The question is, should O365 Groups that are written back to ADDS also appear in the ECP, and should get-recipient find the groups primary SMTP address?

      Any input?

       

      *EDIT1*: get-distributiongroup doesn't return the written back group as well.

      • Ankit Kapoor's avatar
        Ankit Kapoor
        Former Employee
        Nov 21, 2016

        Written back objects have "RemoteGroupMailbox" as the RecipientTypeDetails hence they won't show up in ECP and Get-DistributionGroup cmdlets. You can verify the written back objects using ldp and also these objects should get reolved in GAL (if you are on the right Exchange version).

Resources