Notes from MEC: Exchange Multi-Org Hybrid

I’m going to do a series of blog posts going over some of the things we learned at the Microsoft Exchange Conference this year. For me, the number one thing I got from MEC was Microsoft’s announcement that they now support Multi-Org Hybrid deployments done by civilians (non MCS/ACS deployments). By “Multi-Org Hybrid” we mean connecting multiple Exchange on-premises organizations to the same Office 365 tenant. I’ve had several customers asking for this deployment for years now, so it is a great boon for me to be able to do these deployments now.

There are a number of specific requirements for a Multi-Org Hybrid deployment that differ from a standard Office 365 Hybrid deployment.

  1. Each Exchange Organization must be authoritative for at least one SMTP namespace and the corresponding AutoDiscover namespace.
  2. If there are shared domains (e.g. across multiple Exchange organizations, then both mail routing and AutoDiscover needs to be configured and working properly between the Exchange orgs before you start.
  3. Office 365 must be able to query AutoDiscover in each Exchange Organization.
  4. Exchange 2013 Service Pack 1 Hybrid is required in each Exchange organization.
  5. Free/busy is NOT transitive.  Org relationships between on-premises orgs is NOT configured via HCW.
  6. A different public certificate must be used for TLS negotiation in each on-premises Exchange Organization.

This sounds like a fairly short list of minor requirements, but this is not an insignificant amount of work. Depending on the number of on-premises organizations that are involved in your Office 365 migration it could potentially take months of configuration work before you get to the point where you are ready to start setting up your Hybrid configuration itself. If you have Exchange 2003 in any of your organizations, you have to do a complete migration to Exchange 2010 and remove all your Exchange 2003 servers before you can install the Exchange 2013 Hybrid server.

After getting all your 2003 deployments upgraded, you have to get mail flow and AutoDiscover working between all your on-premises organizations. This requires that for each mailbox in Forest A, a corresponding mailuser object must exist in each additional Exchange forest with the targetAddress property configured to the SMTP address in Forest A. If you are deploying this Hybrid configuration across more than two on-premises Exchange organizations, it is easy to imagine how this can turn into a huge amount of work to manage. Microsoft best practice would require that FIM is used to manage these mailuser objects across all your organizations. I expect Multi-Org Hybrid deployments will be fairly rare because of the complexity of these deployments, not to mention that maintaining these deployments is going to require a significant effort.

I am going to start working on a full deployment guide shortly. Look for that to show up in this space in the coming weeks.