Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
First a definition: email coexistence refers to keeping some of your users on your own on-
premise Exchange servers, and migrating other users over to BPOS – but you want all users to
have the same SMTP domain. So in the example scenario in this article, all users keep the same
user@bpostutorials.com addresses.
In our example, some users would use Exchange the traditional way – with a mail client like
Outlook pointed at in-house mail servers. However, some users have been migrated over to
BPOS, and their mail client is pointed to cloud servers. But all users have email addresses in the
same domain, and all of them show up in the same Global Address List (GAL), making
corporate-wide communication easy.
Email coexistence is a great solution, but it is not perfect. There are a few things you should be
aware of:
• This is an either/or scenario – users can’t maintain a mailbox on both systems. Old
mailboxes on the on-premise Exchange should be removed as quickly as possible.
• Free/busy data does not get exchanged between the two systems, so on-premise users
can’t see free/busy data for BPOS users. For this reason, it may make the most sense to
migrate entire workgroups to BPOS rather than just a few users.
• One other feature that doesn’t work between the two environments is mailbox delegation
– another reason to migrate entire workgroups at once.
Before we start configuring email coexistence, a high-level overview of mail traffic flow is
important. With coexistence, mail is routed as follows:
• First, all incoming mail for our example domain, bpostutorials.com, continues to go to an
on-premise Exchange system.
• Second, the on-premise Exchange server receives the mail. The local Active-Directory
syncs with BPOS, and a migration tool tells Exchange if the mail recipient is local, or has
been activated in BPOS. Then, depending on the setting for each user, the Exchange
server either delivers mail locally or forwards it over to BPOS.
• Finally, BPOS receives the forwarded mail, and delivers it to users’ mailboxes.
The Trickery
Behind the scenes, this all works via some clever user trickery. The secret? The BPOS mailboxes
don't actually use your domain as its SMTP domain. BPOS actually uses a microsoftonline.com
domain – such as bpostutorial.microsoftonline.com.
So, mail is simply being forwarded back and forth between two domains: bpostutorials.com, and
bpostutorial.microsoftonline.com.
However, the system tricks users by displaying their login, mailbox, and sent mail as being part
of the bpostutorials.com domain – hiding the long microsoftonline.com domain and saving users
the agony of changing email addresses.
Let’s go through each of these steps in detail. We’ll cover steps one and two in this article, and
finish off the process in our next articles in the series.
Step 1: Add Your Own Domain to BPOS and Enable External Relay
Open up the BPOS Admin site. Click on the Users tab, then the Domain menu item. Then, click
the "New" link in the upper-right corner.
Enter your Domain name in the new window that opens up – in my example I’ve used
bpostutorials.com. And, since we’re setting up email coexistence in this article, click the option
for “External Relay.”
(For a step-by-step guide to use BPOS as your primary mail system instead of email coexistence
mode, check out our article on using your own custom domains with BPOS.)
Click "Create" and a window like the one below will be displayed. Select the box to "Start the
Verification Wizard" if you’re ready to go to the next step, and verify the domain now.
First we need Microsoft to tell us how to configure the CNAME. If you didn’t select the option
to start the Verification wizard in the previous step, then go back to the Users tab, and click on
the Domains menu item. The newly added domain will now appear in the domains list. Click
the "Verify Now" link.
Select your registrar from the drop-down if available, otherwise select "Other" and click
"Next".
On the next screen you’ll be provided with DNS settings that you’ll need to configure with your
domain registrar. Don’t use the ones in the screenshot here, they will all be unique. Make a note
of the Host name, and "Points To" information.
Keep this window open. Now, fire up a new browser window and log in to your domain
registrar’s admin site. The example below was created using Go Daddy, but most registrars will
have a similar tool. Microsoft has also compiled a detailed list of instructions for popular
registrars.
Open up your registrar’s DNS tool and add a CNAME record. For example, with Go Daddy I
would click the "Add New CNAME Record" button on the right-hand side of the screen.
Enter the Alias information that BPOS gave you. Note that you usually don’t have to fully
qualify an Alias (i.e. the full domain name isn’t required, just the host name).
Success! Keep your registrar’s admin site open, because you’ll need it again in a minute.
Flip back to your BPOS window (you left that open right?) and click the "Verify" button. If you
did it right, then you should see a message like the one below. If it was unsuccessful then go
back and confirm that you typed in the alias properly. Some registrars could take anywhere from
15 minutes to a 72 hours to activate the new records.
If it’s not working, try doing a DNS lookup from another system to confirm that the alias is
configured properly. BPOS won’t verify the domain until it can resolve the new alias you created
to the server name it provided you in the previous steps.
Verify that you’ve configured everything correctly so far by going back to the Domains window.
You should see your domain listed with a Status of “Verified”, Inbound messaging “Disabled”,
and a Type that shows “External Relay”.
Once you’ve added and verified your domain, you'll be ready for part II of this series. In part II
we'll synchronize Active-Directory with BPOS. In part III, we'll cover the final pieces of the
puzzle: activating and migrating users.
To recap, configuring email coexistence with BPOS requires the following steps:
1. Add your own domain to BPOS and enable external relay (Covered in Part I)
2. Verify the domain (Covered in Part I)
3. Verify email traffic flow
4. Enable Active Directory Synchronization
5. Activate migrated users
6. Migrate mailboxes to BPOS
7. Optional steps: Configure SPF and secure the mail flow
As explained in part I of this article series, BPOS makes it look as if all users are using the same
SMTP domain, whether using BPOS or your on-premise Exchange. However, behind the scenes
it uses two different domains, and some tricky forwarding techniques. So, it’s important to verify
that the two domains can talk to each other.
For this example we’ll continue to use the sample domain bpostutorials.com, and the BPOS
domain bpostutorial.microsoftonline.com.
1. In your BPOS environment, create a test user with a mailbox in the microsoftonline.com
domain. For example, UserOne@bpostutorial.microsoftonline.com
2. Create a test user in your on-premise Exchange environment. For example,
UserTwo@bpostutorials.com
3. Log on to the BPOS Outlook Web Access as UserOne@bpostutorial.microsoftonline.com
4. Send an email message to UserTwo@bpostutorials.com
5. Verify that UserTwo received the message, and reply back to the email.
6. From OWA, confirm that UserOne received the reply.
Troubleshooting:
If messaging doesn’t work, check to confirm that the microsoftonline.com domain has been
added to your safe-senders list in Exchange. It may also be worth confirming that any 3rd party
Spam filters aren’t rejecting the messages, and that your MX records are configured correctly to
point at your on-premise Exchange.
Don’t move on until you’ve confirmed that basic mail-flow works as expected. Email
coexistence won’t work if you can’t email between the two domains.
Dirsync will copy AD user information over to BPOS, with the exception of passwords. It will
perform an initial sync, then re-sync every 3 hours. After running Dirsync, it’s important to make
all user changes in your local AD, not on the Microsoft Online environment.
To install Dirsync:
From the machine that you plan to install Dirsync on, open up the BPOS admin console, and go
to the Migration tab.
Read the planning document under Step 1 and check the box.
Now, under Step 3, click the download button which will take you to the download page for
Dirsync.
Download and run the Dirsync setup file. Go ahead and install it using all default options.
Ensure that the option to "Start Configuration Wizard now" is selected, then click Finish.
Verify Synchronization
First, open up the Event Log on the server running Dirsync. Check the Application Log for
events with a source of “Directory Synchronization” and Event ID 4. Events logged with ID 4
indicate that synchronization completed successfully.
Next, we can verify that users and groups were copied to BPOS. Dirsync copies all accounts over
and automatically disables them in BPOS by default, so you’ll need to view “Disabled User
Accounts” in BPOS to find the synchronized accounts.
To do this, log in to the BPOS admin center. Go to the Users tab, and click on the User List sub-
tab. Select “Disabled User Accounts” from the left-hand navigation pane. You should see a list
of user accounts that were synchronized from your own Active-Directory.
If you can see user accounts from your domain, then congratulations! Directory synchronization
is working correctly. For now, leave the accounts disabled. You should only activate accounts
when you’re ready to complete the user migration process.
We’ll cover the final steps required to configure email coexistence in Part 3 of this series. In
Part 3 we’ll use the BPOS migration tool to copy mailbox data to BPOS, and configure the
forwarding information that makes co-existence possible.
To recap, configuring email coexistence with BPOS requires the following steps:
1. Add your own domain to BPOS and enable external relay (Covered in Part I)
2. Verify the domain (Covered in Part I)
3. Verify email traffic flow (Covered in Part II)
4. Enable Active Directory Synchronization (Covered in Part II)
5. Activate migrated users
6. Migrate mailboxes to BPOS
7. Optional steps: Configure SPF and secure the mail flow
At this point you should be able to send email between your on-premise Exchange, and a test
user on BPOS. You also should have installed the Dirsync tool, and have successfully
synchronized your own Active-Directory to BPOS.
In this final article of the series, we’ll activate users and then set up the key tool that makes this
all work – the Mailbox Migration tool.
Open up the BPOS admin center. Click on the Users tab, then the User List sub-tab. Click on
“Disabled User Accounts” from the left-hand task pane.
A list of all users synchronized from your domain should appear if synchronization is working
correctly.
Click on one of the users to open up their properties window, then click the “Activate User
Wizard” link.
To activate a large number of users at once, simply select them using the checkboxes beside their
accounts on the Disabled Users screen. Then, click the “Activate Users” link to do a bulk
activation.
Go ahead and enter an email address if you want BPOS to email a login link and password to
your users. Then click next.
Next you should see a successful confirmation and list of activated users, as well as temporary
passwords. Make a note of the passwords if you did not select the option to have them emailed to
your users.
One last important note – In the previous steps, BPOS Dirsync may have imported users with a
default domain set to [whatever].microsoftonline.com. If you want your users to log in to BPOS
using your own domain (e.g. bpostutorials.com vs bpostutorial.microsoftonline.com), and send
mail from your own domain name, then you should change this after activating users.
The migration tool is the key piece to configure coexistence. The tool configures your on-
premise Exchange SMTP settings to forward mail over to BPOS for migrated users. And, it will
also migrate mailbox data over to BPOS. With the migration tool, users won’t lose content like
mail and calendar items.
First, download and install the migration tool. To do this, go to the “Migration” tab in BPOS,
then launch the “Migrate Mailboxes” link.
Before you can download the tool you’ll have to check the box to confirm that you’ve read the
planning document. Then, download the tool.
The migration tool can be installed on any machine that meets the prerequisites below. It does
not have to be installed on your Exchange server.
In addition, you’ll need to run the migration tool from an account with Exchange server
administrator privileges. And of course, you’ll also need admin permissions in BPOS.
A sign-in box will prompt you for your BPOS user name and password. Enter the credentials for
an account with administrator permissions, then click Sign In.
Click on “Mailboxes Ready to Migrate” to see a list of mailboxes that correspond to Activated
BPOS user accounts. Any of these mailboxes can be migrated when you're ready to proceed.
Select the mailboxes that you wish to migrate, then right-click on one of the mailboxes. From
the context-sensitive pop-up menu, choose “Migrate mailboxes”.
This will launch a migration wizard. Click Next on the introductory screen.
You now have two options. You can either configure forwarding records and migrate mailbox
content, or configure forwarding records without migrating any content. You should migrate
content if you want users to have access to their old data once they move over to BPOS.
If you chose to migrate content, then you can also decide whether to allow data to pass over an
unsecured connection. Be aware that if you chose to allow this, then mailbox data could pass
from your exchange server to the internet in an unsecured manner. Microsoft recommends
securing the connection, though it’s not necessary. (For more information on securing traffic,
please see Step 6 in this article.)
Assuming you’re going to migrate content to BPOS, choose the option to “Copy the local
mailbox content”, then click Next.
Next, review the mailboxes you plan to migrate. Ensure that the source mailbox isn’t larger than
the quota you’ve assigned to the BPOS users. Mailboxes could take considerable time to migrate
depending on size and network bandwidth, so be cautious about how many mailboxes you move
at once.
Now, select mailbox content types to migrate, like mail and calendar items. If desired, select the
date ranges of data to migrate. Click Next when you’re ready to proceed.
Note that some items will not be migrated by the tool – more details on that here:
http://www.microsoft.com/online/help/en-us/helphowto/fa139bc5-76d7-4e1a-9029-
abc431b3c39a.htm
The tool provides one last opportunity to do a final review. If everything looks correct, then click
Migrate to start the process.
The Migration tool will show a progress window like this one:
Once migration is complete, then review the status window for any errors or warnings, then click
Finish.
Let’s jump back to your own Active-Directory where you can view the changes made by the
migration tool.
Open up Active Directory Users and Computers, and navigate to the Users container. You’ll see
that in addition to your user objects (e.g. User Three) the migration tool has created a new
contact object for each of the migrated users. So in this example, we now have a contact for
UserThree@bpostutorial.microsoftonline.com. The contact is only for back-end use, so it will be
hidden from the GAL.
Open up the new contact for one of your users. As you can see in the screenshot below for User
Three, the “Email:” field uses the smtp domain for your BPOS domain – in this case the mail
address is userthree@bpostutorial.microsoftonline.com. This contact is created simply so that
Exchange has somewhere to forward mail that arrives in the userthree@bpostutorials.com
mailbox.
Next, open up the User object for your migrated user, and open up Delivery Options from the
Exchange General tab. In our User Three example below, you can see that the migration tool
has configured Exchange to forward all mail to the User Three (MSOL) contact object that we
just looked at in the previous step.
Finally, back in the BPOS admin console, you can see that User Three has been activated with a
user name of UserThree@bpostutorials.com.
At this point, User Three can log on to BPOS using the password provided earlier. They will be
able to send and receive email from the bpostutorials.com domain. Once migration is complete,
migrated users should only use BPOS to avoid problems with mailboxes becoming out of sync.
They can access BPOS using Outlook Web Access, or reconfure their mail client to point to
BPOS.
Step 6: Optional steps: Configure SPF and secure the mail flow
First, consider enable Autodiscover and adding Sender Policy Framework records. SPF records
are still not very common, but are probably worth adding anyway. More information on both of
those settings can be found here: http://www.microsoft.com/online/help/en-
us/helphowto/6a984970-1606-480f-92e2-585ff1ddae84.htm
Second, since intra-organization mail is now going to be passed over the internet, they
recommend that you secure the flow of traffic between your on-premise Exchange and
BPOS. This involves obtaining a certificate and configuring TLS – for more information see this
detailed guide from Microsoft: http://www.microsoft.com/online/help/en-
us/helphowto/ad854daa-75aa-4fc7-bb1d-86e7bc8cfcf1.htm
But, these steps are optional and may not be necessary depending on your organization’s security
requirements.
Once you’ve completed these steps, send a few test messages to confirm that things are
working. If so, congratulations! You’ve successfully configured email coexistence with BPOS.