I have now received a lot of inquiries about Exchange and hybrid mode with Office 365. I have therefore decided to focus more on the topic of Office 365 in conjunction with local Exchange servers in the future. Here is the first article on Exchange 2016 in conjunction with Office 365 and hybrid mode. This article is about the test environment, the other articles will deal with the configuration of Office 365 and Exchange 2016.
At this point, we are therefore only providing an overview of the test environment. Everything else will follow in the next articles.
The surroundings
I have installed a small test environment for this article. There is a domain controller and an Exchange 2016 CU9 server. Both servers run on Windows Server 2016. The name of the Active Directory is frankysweb.org, which fits quite well as I have also registered this domain publicly but am not currently using it.
The domain controller is named DC1.frankysweb.org and the Exchange server is named EX1.frankysweb.org:
A Sophos UTM takes care of the Internet connection, but this only plays a secondary role here. The Internet connection has a static IP address.
The public DNS settings for the frankysweb.org domain are configured as follows:
The MX entry points to outlook.frankysweb.org and therefore to the fixed IP address of the Internet connection. The Sophos UTM works as a SPAM filter for incoming mails and is used by the Exchange server as a smarthost for outgoing mails. In addition, there is an SPF entry (see TXT entry in the screenshot), which only contains the static IP of the Internet connection and allows this for sending mail from frankysweb.org.
Details of the test environment
Here are a few details about the test environment. Not everything is directly relevant and therefore serves to provide a better overview and understanding.
As previously mentioned, the MX entry points to the public IP of the Sophos UTM. The Sophos UTM acts as a router and SPAM filter in my environment. The mail flow is therefore as follows:
Ultimately, this scenario can also be implemented with any other SPAM filter. The SPAM filter is also used by Exchange as a smarthost to send mails to external recipients. There is an SMTP profile on the Sophos UTM that sends all mails to frankysweb.org to the Exchange server of the test environment:
Access to Exchange from the Internet is via the host name outlook.frankysweb.org, the host name is the same for all protocols, only Autodiscover is published under the name autodiscover.frankysweb.org. In this case, the router only forwards port 443 to the Exchange server via DNAT:
I deliberately wanted to leave out the web server protection of the UTM here to keep the articles a little more general.
Outlook Anywhere and all other virtual directories have been configured to the name "outlook.frankysweb.org":
Here is a screenshot of the /OWA directory. With the exception of /PowerShell, the other directories have also been configured to the host name "outlook.frankysweb.org":
The Autodiscover URL has been configured to autodiscover.frankysweb.org:
A wildcard certificate from Let's Encrypt is used as the certificate:
I have created 3 test users and a distribution group in the Active Directory:
All test users are members of the "all" group.
I have also installed a client with Outlook 2016 in the test environment. This means that the Outlook connection can also be checked.
So much for the test environment. The next part will start with the configuration of Office 365 and Exchange 2016.
Hey Frank,
deine Seite ist genial und hat mir schon sehr oft geholfen. Bezüglich deines Zertifikates von Let’s encrypt würde mich interessieren wie du ein wildcard Zertifikat über die powershell erstellt hast. Mit deinem Skript geht es ja nicht soweit ich weiß, oder,
Gruß
Hannes
Hallo Frank,
das heißt, du hast n Dedicated Server in einem RZ, den du eigentlich nicht nutzt (außer für Tests)? Meinen „Spielekram“/Home-Server betreibe ich an nem simplen DSL-Anschluss (was andere Seiteneffekte hat, wie z. B. dass einige Provider Mails nicht mehr an CNAME-Records als MX zustellen (wie etwa Telekom oder 1&1)).
Grüße, Martin
Hi Martin,
nein, meine Testumgebungen laufen auf meiner Workstation, aber mein Internetanschluss hat eine feste IP. Wenn Interesse besteht, kann ich bei Gelegenheit mal wieder einen „Hinter den Kulissen“-Beitrag schreiben.
Gruß,
Frank
Was hast du fürn Anschluss, dass du „mal eben“ eine statische IP-Adresse übrig hast?
Hi Martin,
Ich hab eine Domain über, die IP verwende ich auch für andere Dinge.
Gruß, Frank
Moin Frank,
habe mich schon lange auf ein Office 365 Hybrid Tutorial von dir gefreut. Cool das du das machst und deine Erfahrungen mit uns teilst :) Wirst du auch auf AD FS und die Anbindungen der AD für SSO eingehen?
Gruß
Sebastian
Hallo Frank, auf diese Artikelserie habe ich sehnlichst gewartet. Exchange im hybriden Modus mit Office 365, bin gespannt auf die nächsten Artikel zu diesem Thema.
Allenfalls würde mich noch ein Artikel zum Thema Cutover Migration interessieren.
Gruss Dave
Interessante und sehr schöne (weil aktuelle) Themenwahl. Vielen Dank für all Deine Mühen und Zeit die Du investierst, für die Ergebnisse Deiner Recherchen und Deine Erfahrung die Du uns allen zur Verfügung stellst!