Active Directory / Exchange Online / Exchange Server / Identity Management / Office 365 / Outlook

Add a new domain to an existing Hybrid Exchange configuration

Let`s assume you are running a Hybrid Exchange configuration with one domain configured. You use this domain as logon domain (part of the User Principal Name) and your email reply address. For some reason a new domain needs to be added to your existing Hybrid Exchange configuration so you can you this domain in new email addresses.
The steps involved to add this new domain are described in this article, but before you begin you need to make sure how this new domain will be used. If you need the new domain to be added to the user mailboxes only as a mail alias, than the figuration is pretty straight forward. But if this domain needs to be used as the reply address, you also need to to decide if you keep your existing domain as part of the logon name or you also need to change that domain.

Add the new domain to Office 365

The first thing we need to do is add the new domain to Office 365. Logon to the Office 365 Admin center, go to Setup and click on Domains. Choose Add domain, enter your new domain (in this example dpconsultancy.eu) and click Next.

You need to prove your are the owner of the domain by adding a TXT record to your external DNS. The required value to add as TXT record is found on the Verify Domain page.
After you have added the DNS record to your external DNS click Verify.

After your domain is verified, the domain is added to Office 365. Now you should also add other DNS records, like the MX-record, SPF en a CNAME for Autodiscover. Depending on your mailflow configuration your MX-record should point to your on-premises Exchange Server or to Exchange Online.

On-premises Exchange configuration

We also have to add the new domain to the on-premises Exchange, because from their we control the email addresses for local en online mailboxes in a Hybrid Configuration.
Switch to your on-premises Exchange server and open the Exchange Admin Center (in case of Exchange 2013 or 2016). Go to Mailflow and choose the Accepted domains tab. Click the plus sign.

Add your new domain as Authoritative.

After the domain is added, it`s time to run the Office 365 Hybrid Configuration wizard. After verifying your credentials for the local domain and Exchange online, click Next till you see the Hybrid Domains screen. Make sure you check the newly added domain.

Again you need to verify you own the domain by adding a TXT record to your external DNS.

Don`t make any changes to the rest of the configuration and choose Next on all the screens till you see below screen. Check Yes, upgrade the current configuration.

The wizard will upgrade your existing configuration, for example it adds the domain to the mailflow connector between your Exchange Server and Exchange Online. When the wizard is finished you can add an email address with your new domain to your users mailboxes.

Adding the new domain to your mailboxes

The new domain is added to Exchange Online and your on-premises Exchange, now it needs to be added to the mailboxes. Depending your needs you can add a new email address with the domain manually to the mailboxes using the on-premises Exchange Admin Center (or Powershell) or by changing the Email Address Policy (or add a new policy.

After you have added new email addresses via the on-premises Exchange and performing an Azure AD Connect sync the new email address is added to the Exchange Online mailbox.
Keep in mind when you set the new email address as reply address and don`t change the User Principal Name, those are not equal anymore, like the example below.
In the example below my UPN contains my old (existing) domain and my new reply address contains the new domain.

Add the new domain to the User Principal Name

When you also want to add the newly added domain to the User Principal Name, you first need to add a new UPN Suffix. On your local Domain Controller open Active Directory Domains and Trust, right click on AD Domains and Trust en choose Properties. Here you can add an alternative UPN Suffix (your new domain).

After you have added the UPN suffix, you are able to change the UPN of your users to contain the new domain. You can do this manually by changing the domain in the User account properties.

You can also do this in bulk. To change all existing UPN`s (in this example contoso.local) to contain the new domain (contoso.com):

$LocalUsers = Get-ADUser -Filter {UserPrincipalName -like ‘*contoso.local’} -Properties userPrincipalName -ResultSetSize $null
$LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace(“contoso.local”,”contoso.com”); $_ | Set-ADUser -UserPrincipalName $newUpn}

Or you can change the suffix for all users in a OU (the OU is Users under the OU DeKlapwijken in the domain deklapwijken.nl:

$LocalUsers = Get-ADUser -LDAPFilter ‘(userPrincipalName=*)’ -SearchBase “OU=Users,OU=DeKlapwijken,DC=deklapwijken,DC=nl” -Properties userPrincipalName
$LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace(“contoso.local”,”contoso.com); $_ | Set-ADUser -UserPrincipalName $newUpn}

After performing another sync both your User Principal Name and reply address are changed to contain the new domain and are now equal again.

Leave a Reply

Your email address will not be published. Required fields are marked *

Show Buttons
Hide Buttons