+ Post New Thread
Results 1 to 13 of 13
Cloud Services Thread, Office365 - some questions... in Technical; Hello all, I'm certain that all the information is out there somewhere, but to be completely honest I'm struggling to ...
  1. #1

    Join Date
    Oct 2005
    Posts
    870
    Thank Post
    59
    Thanked 133 Times in 111 Posts
    Rep Power
    77

    Office365 - some questions...

    Hello all,

    I'm certain that all the information is out there somewhere, but to be completely honest I'm struggling to find where it is - so I wonder if anyone else has done something similar?

    I currently have Exchange 2010 on site and am considering a Hybrid deployment with Office365.

    This is what I want to do:

    - Different domain name and GAL for staff and students - From what I've read I believe that I'll need two different tenancies to do this - is that correct? (And how would that affect DirSync?)
    - Use DirSync to sync usernames and passwords (I've looked at ADFS and at present I don't have the spare capacity to provide all the additional boxes that it requires)
    - Keep some staff mailboxes locally (but use an online archive mailbox to help to eliminate PST usage locally!)

    So... if anyone has done this, or something similar I'd be very glad to hear from you.

    Thanks!

  2. #2
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    557
    Thank Post
    27
    Thanked 240 Times in 166 Posts
    Rep Power
    88
    I can't stress enough how important it is to keep your deployment as simple as possible.

    That said, my thoughts are below.

    Quote Originally Posted by pantscat View Post
    I currently have Exchange 2010 on site and am considering a Hybrid deployment with Office365.
    Exchange Hybrid is awesome, but complex. Are you intending to keep your local Exchange server (I mean, really really - can't you move all your mailboxes into Exchange Online?)?

    Quote Originally Posted by pantscat View Post
    This is what I want to do:

    - Different domain name and GAL for staff and students - From what I've read I believe that I'll need two different tenancies to do this - is that correct? (And how would that affect DirSync?)
    You could have two tenants. Don't. Exchange Online now supports address book policies that you can use to segregate the GAL if you need to. Going down the route of two separate tenants might seem simpler logically, but has a big impact.

    Quote Originally Posted by pantscat View Post
    - Use DirSync to sync usernames and passwords (I've looked at ADFS and at present I don't have the spare capacity to provide all the additional boxes that it requires)
    Good move - AD FS is a great SSO solution, but requires a lot of time and potentially some investment to pull off properly. DirSync + Password Sync is a really simple and elegant solution for keeping your IDs in sync.

    Quote Originally Posted by pantscat View Post
    - Keep some staff mailboxes locally (but use an online archive mailbox to help to eliminate PST usage locally!)
    You can do this, but there is a cost. To loop back to my point above, do you really really need to keep mailboxes on-premises? If you do you could look at Exchange Online Archiving, but it would be far simpler to keep your mailboxes in one place as this would remove the need for you to keep an Exchange org on-premises (i.e. saves you time, money and makes management easier).

    If you do need to keep Exchange for whatever reason then you can set up hybrid coexistence and use ECP to manage your users and migrating mailboxes between the two environments is simple enough (i.e. OST files do not need rebuilding, etc.). Configuring it is easier than it's ever been with the Hybrid Config Wizard. I just think that the best advice is to keep it simple.

  3. 3 Thanks to jamesbmarshall:

    pantscat (7th June 2013), speckytecky (9th June 2013), zag (10th June 2013)

  4. #3

    Join Date
    Oct 2005
    Posts
    870
    Thank Post
    59
    Thanked 133 Times in 111 Posts
    Rep Power
    77
    Hi @jamesbmarshall - thanks for the very useful reply!

    Quote Originally Posted by jamesbmarshall View Post
    Exchange Hybrid is awesome, but complex. Are you intending to keep your local Exchange server (I mean, really really - can't you move all your mailboxes into Exchange Online?)?
    Yes, I know it's pretty complex. It's a mixture of mangement attitude to cloud solutions (they're a bit reluctant) and that at present we only have an ADSL backup to our main leased line (although I'm looking into swapping this for a 10mpbs EFM), not that we've really had any internet outages (thanks Vaioni!), but it's the peace of mind that it would offer!


    Quote Originally Posted by jamesbmarshall View Post
    You could have two tenants. Don't. Exchange Online now supports address book policies that you can use to segregate the GAL if you need to. Going down the route of two separate tenants might seem simpler logically, but has a big impact.
    That's excellent - I wasn't exactly thrilled with the concept of having two tenants, I'd much rather split the GAL.

    Quote Originally Posted by jamesbmarshall View Post
    Good move - AD FS is a great SSO solution, but requires a lot of time and potentially some investment to pull off properly. DirSync + Password Sync is a really simple and elegant solution for keeping your IDs in sync.
    Excellent!


    Quote Originally Posted by jamesbmarshall View Post
    You can do this, but there is a cost. To loop back to my point above, do you really really need to keep mailboxes on-premises? If you do you could look at Exchange Online Archiving, but it would be far simpler to keep your mailboxes in one place as this would remove the need for you to keep an Exchange org on-premises (i.e. saves you time, money and makes management easier).

    If you do need to keep Exchange for whatever reason then you can set up hybrid coexistence and use ECP to manage your users and migrating mailboxes between the two environments is simple enough (i.e. OST files do not need rebuilding, etc.). Configuring it is easier than it's ever been with the Hybrid Config Wizard. I just think that the best advice is to keep it simple.
    I agree with keeping things simple if possible. Clearly I need to think further about our plans and consider moving mail completely online.
    If we were to go completely cloud based, what would be the mechanism to move mailboxes over? Setup a hybrid co-existance and then "break" it and decomission the local exchange box? I know that with Exch2007 you'd do a cutover migration, but not sure about 2010.

  5. #4

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    78
    you can either do a staged or cutover migration this depends on your goal on if you want to have a hybrid solution or not.

  6. #5

    Join Date
    Mar 2011
    Location
    Canberra
    Posts
    108
    Thank Post
    0
    Thanked 10 Times in 10 Posts
    Rep Power
    12
    I have a hybrid model in my environment. Staff use on premise exchange and students use Office365.
    I did migrate from Live@EDU though....having moved here previously).

    Things to note;
    1. You have to Federate the whole domain (in my case domain.school.com and stu.domain.school.com ...as an example).
    2. All users have a onmicrosoft account (cloud based).
    3. ADFS and ADFS proxy in DMZ (note: it did not work for 2012 last time I looked).
    4. Using DIRSYNC, but am moving to FIM 2010
    5. Need a cert for FS portal

    I can provide my build doco if that helps...

    Things to consider;
    1. Reasons to keep staff email on premise (compliance and archiving was my driver...and cost of Office365 service).
    2. Really wanted to separate staff from students.
    3. Be flexible as staff may move to cloud eventually if things change....

    Richard

  7. Thanks to rbance from:

    pantscat (10th June 2013)

  8. #6

    Join Date
    Mar 2011
    Location
    Canberra
    Posts
    108
    Thank Post
    0
    Thanked 10 Times in 10 Posts
    Rep Power
    12
    Mind you..in saying this...the move to Google is looking really compelling, especially if the driver is BYOD and considering a WEB App only model for app delivery...

  9. #7

    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,584
    Thank Post
    59
    Thanked 371 Times in 287 Posts
    Blog Entries
    7
    Rep Power
    134
    Quote Originally Posted by rbance View Post
    3. ADFS and ADFS proxy in DMZ (note: it did not work for 2012 last time I looked).

    Richard
    We have our ADFS servers running on 2012, works absolutely fine. Reason I did it was because ADFS is a builtin role in 2012 rather than a downloadable plugin so that just simplified things

  10. #8

    Join Date
    Mar 2011
    Location
    Canberra
    Posts
    108
    Thank Post
    0
    Thanked 10 Times in 10 Posts
    Rep Power
    12
    Quote Originally Posted by Norphy View Post
    We have our ADFS servers running on 2012, works absolutely fine. Reason I did it was because ADFS is a builtin role in 2012 rather than a downloadable plugin so that just simplified things
    Pretty sure Office365 only works with ADFS 2.0 in 2008R2....not Server 2012...That was the case in January at least anyway according to Microsoft...

    Would be interested if you have it all working properly with 2012 ADFS and Office365...

  11. #9

    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,584
    Thank Post
    59
    Thanked 371 Times in 287 Posts
    Blog Entries
    7
    Rep Power
    134
    Yes, we do. We initially had some trouble when authenticating clients from the internal network but it's all working fine now.

  12. #10

    Join Date
    Mar 2011
    Location
    Canberra
    Posts
    108
    Thank Post
    0
    Thanked 10 Times in 10 Posts
    Rep Power
    12
    When did you actually transition? My guess is that MS do not support that config at the time (I was looking online to see if they do yet and could not see it).

    Is your domain on 2012 or 2008 R2 function? (I am hoping to go to 2012 in December...and this was the only issue. (the rest is really a simple upgrade process)).

    Or did you just use a 2012 server with ADFS 2.0 (but still a 2008 R2 domain).

  13. #11

    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,584
    Thank Post
    59
    Thanked 371 Times in 287 Posts
    Blog Entries
    7
    Rep Power
    134
    We put it in in late April I think. All of our DCs are running 2012 but we're still at 2008 R2 level functionality. I don't think you can install ADFS 2.0 on a 2012 server, you have to install ADFS as a role.

    In any case, we have two servers set aside solely for ADFS functionality, one runs the actual ADFS server and the other is a proxy in the DMZ. Both are running Windows 2012.

  14. #12


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,706
    Thank Post
    354
    Thanked 807 Times in 722 Posts
    Rep Power
    348
    Quote Originally Posted by rbance View Post
    When did you actually transition? My guess is that MS do not support that config at the time (I was looking online to see if they do yet and could not see it).

    Is your domain on 2012 or 2008 R2 function? (I am hoping to go to 2012 in December...and this was the only issue. (the rest is really a simple upgrade process)).

    Or did you just use a 2012 server with ADFS 2.0 (but still a 2008 R2 domain).
    I couldn't find it online either so I asked them on twitter and got a DM back yesterday that it was supported .

  15. #13

    Join Date
    Oct 2005
    Posts
    870
    Thank Post
    59
    Thanked 133 Times in 111 Posts
    Rep Power
    77
    Quote Originally Posted by rbance View Post
    lots of useful stuff
    A copy of your build doc would be helpful if you don't mind?

    That's very useful info, thanks.

    Ant



SHARE:
+ Post New Thread

Similar Threads

  1. Some Questions
    By pritchardavid in forum Windows Server 2008 R2
    Replies: 4
    Last Post: 17th May 2010, 10:45 AM
  2. [MDT] MDT 2010 - Some questions
    By Gatt in forum O/S Deployment
    Replies: 0
    Last Post: 4th November 2009, 11:10 PM
  3. Some Questions
    By pritchardavid in forum Wireless Networks
    Replies: 16
    Last Post: 7th October 2009, 09:24 AM
  4. Exchange 2003 - Some questions from a total newb
    By RabbieBurns in forum Windows Server 2000/2003
    Replies: 7
    Last Post: 11th August 2009, 09:16 AM
  5. Setup Exchange Server 2007 for Friend - Some Questions
    By Zoom7000 in forum How do you do....it?
    Replies: 3
    Last Post: 22nd July 2008, 11:23 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •