Single On-Premises Exchange to Multiple Office 365 Tenants – Part 1

There are many organizations with On Premises Exchange hosting multiple departments each with different email domains. These organizations may need to migrate each department to different Office 365 tenants. Microsoft officially included the support for Single On-Premises to Multi-Tenant in the September 2020 update of Hybrid Configuration Wizard.

Key Points in the release notes are
1. Official Support for one Exchange to maximum 5 Office 365 tenants
2. At least one Exchange 2016/2019 server required in the exchange organization with latest CU to support One-to-Many Hybrid.
3. Hybrid modern authentication is not supported for One-to-Many scenarios
4. Users in the on-premises Active Directory must not be synchronized to more than one tenant

Details can be found here

You might need to consider the below points slightly different, while setting up One-to-Many Hybrid than One-to-One Hybrid

Azure AD Authentication

Pass through authentication is probably the best suited authentication method, if you have that security guy who does not want to sync your password to Azure AD. However pass through authentication recommends to have 3 agents for a tenant. So if you need to setup hybrid with 3 tenants you would end up in deploying 9 agents and so on.

Since you sill have that security guy, Federation is the best choice, as there is no additional complexity involved whether the hybrid is One-to-One or One-to-Many.

If you managed to convince that security guy and you do not have Federation already, simply set up password hash sync.

Centralized Transport

Centralized transport is not recommended for most One-to-One Hybrid scenarios. But it might be a good option for One-to-Many Hybrid scenarios until all the users are completely migrated to their respective tenants.

Address Book

This is one of the key challenges you would face in One-to-Many Hybrid scenario. Exchange On-premises users can easily access the address book of other co hosted departments through outlook and other email clients. However, when the department is moved to a Office 365 tenant, they will not see the address book of other entities since those users are synced to a different Office 365 tenant. Department users may still want the other department address list for proper business function.
Even if there is no requirement for other department address book, users may face mail failures due to to outlook cache of X500 (legacyDN) email address.

Possible solutions are
1. Buy Galsync solutions for $1 per user !
2. Take dump of recipients and create contact with X500 address in each tenant

While the second option look easy, handling the new contacts, removing the obsolete contacts and updating the the user changes are tedious.

I have created the Sync-GalToMutipleTenants tool to handle the address book for One-to-Many scenarios, and it is available in the Powershell Gallery for free.

Whats Next

In the upcoming parts of this blog, we will analyze the on premises architecture of a fictional organization TechPoss. We will also see how TechPoss use the latest version of hybrid configuration wizard to migrate departments from one exchange on-premises organization to two Office 365 tenants.

Complete guide to setup Sync-GalToMutipleTenants tool is also coming up in the next parts.

Continue Reading – Part 2

– Thanks for your visit –

Leave a Reply

Your email address will not be published. Required fields are marked *