Exchange Hybrid new domain

Copper Contributor

We have a requirement to add a new domain name and I’m unsure if I need to add the domain name to the SAN certificate?

Our setup:
Exchange 2016 cu17 hybrid
Central mail routing is enabled (MX and autodiscover is pointing to on-prem)
3 Replies

You probably should, if there might be a need to configure TLS with partner.
What is the domain will be used for?

The domain will be used as a primary emails for some users.

1. I understand the domain needs to be verified,
2. Run the hybrid wizard and select the new domain
3. Add this to on-prem exchange

Yes, that is  the must, here are the requirements.
If you changing the name space:

Add and to UCC SAN certificate containing other domains.

Potentially re-do virtual directories.
New DNS zone SPF MX , Autodiscover, records for the new domain.
Add custom domain in Azure, verify.

Add domain under Accepted Domains in on-prem Exchange.
Add email address policy in on-prem Exchange. (should be lastest or n-1 CU version)

Apply email address policy to users

Validate AADConnect replication status
Validate mail flow.

Change user UPNs to new domain?