Office 365 Hybrid Deployment With Exchange 2010 SP2 – Part 3

Share & Comment

We have so far signed up for Office 365 trial and have installed ADFS 2.0 on the domain controller in the test lab. Read part one and two of the series here. In this part, we will install & configure Microsoft Online Services Module for Windows PowerShell for single sign-on and setup Directory Sync in Office 365 portal.

Download the Microsoft Online Services Module for PowerShell, 32bit or 64bit depending on the server you have. Run the setup file on the domain controller (I am running ADFS 2.0 as well on the DC).

Microsoft Online Services Module for PowerShell

It is a standard install – accept the license, select the location, click install and finish.

Next step is to connect to Office365 using PowerShell & add/enable a domain for single sign-on. Launch Microsoft Online Services Module. Store the Office 365 admin credentials in a variable by running $cred = Get-Credential.

Store Credential

Connect to Office 365 by running Connect-MsolService –Credential $cred

Connect to Office365

Run Set-MsolAdfsContext –Computer “internal adfs 2.0 server fqdn” to create a context that connects you to ADFS. You don’t have to run this command if ADFS 2.0 and Online Services Module for PowerShell is installed on the same server. This is the case in my test lab and hence I have skipped this step.

Run New-MsolFederatedDomain –DomainName “domain name” where domain name is the domain to be added & enabled for single sign-on (the public domain name). I am using rajith.me in Office 365 and I have already added this domain. Hence, I will get the error below.

Convert domain to SSO domain

As the error explains, I need to run Convert-MsolDomainToFederated –DomainName rajith.me, as my domain is already added in Office 365. This command enables my domain for SSO. If you add a new domain using the command above (New-MsolFederatedDomain), the output will have instructions to create public DNS records to verify that you are the domain owner.

Next step is to enable Directory Sync in Office 365. Login to Office 365 using the admin account, click on “Users” on the left hand side, click “Setup” next to Active Directory synchronization.

Setup Dir Sync in Office 365

Click “Activate” on step 3.

Activate DirSync in Portal

Confirm that you want AD sync to be activated.

Activate DirSync Confirmation

It will take upto 24 hours for AD sync to be setup.

DisSync may take upto 24 hours

It took 4 hours in my case. We can’t progress until Office 365 shows “Active Directory synchronization is activated” in step 3.

AD Sync activated

This concludes part 3. Stay tuned for part 4!

Share & Comment
Subscribe for Updates
Never miss a blog post again
About the author: Exchange Architect, Blogger, Husband & Dad. I have been in IT for the last 11 years, with Exchange Server becoming the prime area in the last few years. I am active on TechNet forums & Experts Exchange.

4 comments… add one

  1. Turbomcp

    Thanks

    1. Rajith Enchiparambil

      No probs. Part 4 will be online soon, sometime today ;)

      1. Shailesh

        You didnt user ADFS Proxy ?? for corporate users who are outsite the office and using office laptop to access their email on owa.

  2. Tariq

    Dear Sir,

    i am following this guide & i am stuck in following troubleshoot,
    Set-HybridConfiguration
    Completed

    Exchange Management Shell command completed:
    Set-HybridConfiguration -Features ‘MoveMailbox’,’OnlineArchive’,’FreeBusy’,’Mailtips’,’MessageTracking’,’OwaRedirection’,’SecureMail’,’CentralizedTransport’ -Domains ‘postoffice.biz’ -ClientAccessServers ‘LABEX2′,’LABEX1′ -TransportServers ‘LABEX2′,’LABEX1′ -ExternalIPAddresses ‘202.63.198.208/28′ -OnPremisesSmartHost ‘mail.postoffice.biz’ -SecureMailCertificateThumbprint ‘A6ACCF89D0EDD94578AD749AF8A0F467EA947625′

    Elapsed Time: 00:00:04

    Update-HybridConfiguration
    Failed

    Error:
    Updating hybrid configuration failed with error ‘Subtask Configure execution failed: Creating Organization Relationships.

    Execution of the Set-FederatedOrganizationIdentifier cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.

    An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information “An unexpected result was received from Windows Live. Detailed information: “1007 AccessDenied: Access Denied.”.”.
    at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, Dictionary`2 parameters, Boolean ignoreNotFoundErrors)
    ‘.

    Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration_12_25_2012_13_5_32_634920375323417288.log.

    Exchange Management Shell command attempted:
    Update-HybridConfiguration -OnPremisesCredentials ‘System.Management.Automation.PSCredential’ -TenantCredentials ‘System.Management.Automation.PSCredential’

    Elapsed Time: 00:01:01

    Sir please tell me how can fix this issue

    Tariq

Leave a Comment