cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exchange Hybrid Clarifications

Curious_Kevin16
Brass Contributor

‎Apr 20 2023 12:44 AM - edited ‎Apr 20 2023 12:46 AM

‎Apr 20 2023 12:44 AM - edited ‎Apr 20 2023 12:46 AM

Exchange Hybrid Clarifications

I currently have a single Exchange 2016 server and planning to migrate to 365 by deploying an additional Hybrid server. Have a couple of questions with regards to Hybrid deployment and appreciate if anyone can shed some lights !

 

1. My current server has a Wildcard certificate with these SANs. Do I need a dedicated new certificate for the new Hybrid server or can I use the existing wildcard without any changes ?

SANS - *.abc.com , abc.com 

 

2. Should I change any records to point to the new Hybrid server from the current mailbox server (autodiscover etc.. etc..) ? At which point should I change these? Just trying to make sure I follow the right steps to keep the mailflow running after executing the HCW. 

 

Thank you all very much ! 

729 Views
0 Likes
5 Replies
Reply
5 Replies
Simo_baz

‎Apr 20 2023 05:07 AM

‎Apr 20 2023 05:07 AM

Re: Exchange Hybrid Clarifications

there's several steps to follow indeed, first off create your tenant and register your domain in the tenant. you can find all the required steps easily in Microsoft documentation.

https://learn.microsoft.com/en-us/microsoft-365/education/deploy/create-your-office-365-tenant

deploy azure ad connect on a server not the hybrid exchange server !
follow the link info provided.
0 Likes
Reply
Dan Snape

‎Apr 20 2023 04:43 PM

‎Apr 20 2023 04:43 PM

Re: Exchange Hybrid Clarifications

Is there a reason you want an additional server? The existing server can function as the hybrid server just fine as long as it's had the latest CUs installed and it's patched...this will save a lot of work and compute resources.
A wildcard certificate is fine, and gives you a bit of flexibility in the namespace you use for hybrid connectivity.
0 Likes
Reply
Curious_Kevin16

‎Apr 21 2023 01:03 AM - edited ‎Apr 21 2023 01:05 AM

‎Apr 21 2023 01:03 AM - edited ‎Apr 21 2023 01:05 AM

Re: Exchange Hybrid Clarifications

@Dan Snape,

Thanks for your response!.

A second server (dedicated for Hybrid) Is simply because the current server runs Windows Server 2012. Apparently the minimum supported Windows for Hybrid is 'Windows Server 2012 R2'. I just wanted to stay out of 'In-place upgrade' and a migration to a new server which takes even more effort.

Wildcard cert - Thanks for that Dan. Happy days then I can easily use the existing cert with no modifications to SANs given it covers the domain entirely.

Additional Question though - In terms of Autodiscover record, I should be able to leave it as is (continue to point to the current Mailbox server) and let the new server solely act as the Hybrid EndPoint for 365 connectivity, I suppose? should there be any DNS record level modifications o to point to the Hybrid Server in this scenario ?

Thank you so much again Dan !

0 Likes
Reply
Dan Snape

‎Apr 27 2023 11:52 PM

‎Apr 27 2023 11:52 PM

Re: Exchange Hybrid Clarifications

I don't believe there is a server OS requirement for Exchange hybrid, only requirements for the version of Exchange itself https://learn.microsoft.com/en-us/exchange/hybrid-deployment-prerequisites
You can leave autodiscover pointing at the existing server, however generally it's best practice to have all connectivity going through the server with the latest version of Exchange installed. Exchange online will need a namespace in external DNS to connect to the on-prem hybrid server via https (port 443), and your network needs to be configured to facilitate that. You can create a new namespace specifically for that (ie hybrid.domain.com) or reconfigure something you already have to point to the new hybrid server (you might use webmail.domain.com for OWA already and this can be used by Exchange Online)
0 Likes
Reply
Andres Bohren

‎May 01 2023 04:50 AM

‎May 01 2023 04:50 AM

Re: Exchange Hybrid Clarifications

@Curious_Kevin16 

 

>A second server (dedicated for Hybrid) Is simply because the current server runs Windows Server 2012.

>Apparently the minimum supported Windows for Hybrid is 'Windows Server 2012 R2'.

>I just wanted to stay out of 'In-place upgrade' and a migration to a new server which takes even more effort.

 

On what OS are you running Exchange 2016?

Supported OS are from 2008 R2 up to Windows Server 2022.

https://learn.microsoft.com/en-us/exchange/plan-and-deploy/system-requirements?view=exchserver-2016 

The Problem would most likely be that the OS is running out of Support. The Extended Support for Windows Server 2012 R2 ends in October 2023.

https://learn.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2 

 

If you want to upgrade Exchange to a newer OS you will need to install a new Server with Exchange and make a Swing Migration from Exchange 2016 (with old OS) to Exchange 2016 (with new OS).

 

Don't be confused with  "Hybrid Server" - such a Role does not exist. It's just a Configuration that applies to the whole Exchange Organization and makes sure Mailflow, Free/Busy and EWS Access (for Mailtips and Migration) are configured correctly.

 

Make sure you run a supported Version of AAD Connect

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history 

 

And also make sure that all Servers have TLS1.2 enabled

 

Regards

Andres Bohren

0 Likes
Reply