How to Deploy Exchange 2016 CU2 Hybrid with Office 365
1. install exchange 2016 CU2
1) Prepare Windows Feature:
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience,NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering,RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell,Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth,Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression,Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing,Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase,Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor,Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth,Web-WMI, Windows-Identity-Foundation,RSAT-ADDS

Download(http://www.microsoft.com/en-us/download/details.aspx?id=34992) and Install Unified Communications Managed API 4.0 Runtime (UcmaRuntimeSetup.exe):

2)
Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

3)
Setup.exe /PrepareAD /OrganizationName:"NOS" /IAcceptExchangeServerLicenseTerms

4)
.\Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

5)
.\Setup.exe /mode:Install /role:Mailbox /InstallWindowsComponents /TargetDir:"D:\ExchangeServer\V15" /MdbName:"MBDB001" /DbFilePath:"D:\ExchangeServer\V15\Mailbox\MBDBFile\MBDB001.edb" /LogFolderPath:"D:\ExchangeServer\V15\Mailbox\MBDBLog" /CustomerFeedbackEnabled:false /IAcceptExchangeServerLicenseTerms

Post-Installation Tasks:

Exchange PowerShell:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command ". ‘D:\ExchangeServer\V15\bin\RemoteExchange.ps1‘; Connect-ExchangeServer -auto -ClientApplication:ManagementShell "

1)
Standard:
Set-ExchangeServer -Identity Exch01 -ProductKey QXYKC-7H87P-YKC2Q-XRVQ7-GTJP2

Enterprise:
Set-ExchangeServer -Identity Exch01 -ProductKey 7WJV6-H9RMH-F4267-3R2KG-F6PBY

2) Creating accepted domains:
New-AcceptedDomain -Name Aplusnb -DomainName aplusnb.cn -DomainType Authoritative

3) Enable Mailbox:

get-user -OrganizationalUnit "nos.hk.cn/NOS"  | where-object {$_.RecipientType –eq “User”} | Enable-Mailbox | get-mailbox | select name,windowsemailaddress,database

4) Creating an email address policy:

New-EmailAddressPolicy -Name Aplusnb -IncludedRecipients AllRecipients -ConditionalCompany "Aplusnb" -EnabledEmailAddressTemplates "SMTP:@aplusnb.cn"

Update-EmailAddressPolicy -Identity Aplusnb

get-mailbox | select name,windowsemailaddress,EmailAddresses,database

5) New Send Connector:

New-SendConnector -Name "Send To Internet" -Internet -AddressSpaces "*" -DNSRoutingEnabled:$TRUE -SourceTransportServers "Exch01"

Configure ReceiveConnector:

Get-ReceiveConnector -Server Exch01
Get-ReceiveConnector “Default EXCH01” | select Identity,PermissionGroups

Get-ReceiveConnector

Get-ReceiveConnector “Default Exch01” | Set-ReceiveConnector -PermissionGroups AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers

6) Configuring SSL certificates

$Data = http://www.mamicode.com/New-ExchangeCertificate -FriendlyName"Exch01_Certificate" -GenerateRequest -SubjectName "c=CN, o=NOS, cn=mail.nos.hk.cn" -DomainName  mail.nos.hk.cn,autodiscover.nos.hk.cn,mail.aplusnb.cn,autodiscover.aplusnb.cn,mail.seniorit.cn,autodiscover.seniorit.cn,exch01.nos.hk.cn,exch01,localhost  -PrivateKeyExportable $true

Set-Content -path "\\Exch01\C$\Exch01CertRequest.req.txt" -Value $Data

You can use the contents of the Exch01CertRequest.req.tx file to request an SSL certificate from a certificate authority (CA),open web:
http://DC01/Certsrv To Request an SSL Certificate and save to \\Exch01\C$\Exch01certnew.cer

Import CA:

Import-ExchangeCertificate –Server Exch01 -FileData ([Byte[]]$(Get-Content -Path "\\Exch01\C$\Exch01certnew.cer" -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Server Exch01  -Services "IIS,POP,IMAP,SMTP"

7) Configuring Outlook Anywhere:

Get-OutlookAnywhere -Server Exch01 | Set-OutlookAnywhere -ExternalHostname mail.nos.hk.cn -ExternalClientsRequireSsl:$true -ExternalClientAuthenticationMethod:Basic -InternalHostName Exch01.nos.hk.cn -InternalClientsRequireSsl:$true -InternalClientAuthenticationMethod:Basic

8)Enabling MapiHttp:

Set-OrganizationConfig -MapiHttpEnabled $true

9) Set owa ecp and ews VirtualDirectory ExternalUrl:

Set-OwaVirtualDirectory -identity "owa (default web site)" -LogonFormat UserName -DefaultDomain "nos.hk.cn"

$DomainName = "nos.hk.cn"
$hostname = "mail." + $DomainName
$owa = "https://" + $hostname + "/owa"
$ecp = "https://" + $hostname + "/ecp"
$mapi = "https://" + $hostname + "/mapi"
$powershell = "https://" + $hostname + "/powershell"
$activesync = "https://" + $hostname + "/Microsoft-Server-ActiveSync"
$oab = "https://" + $hostname + "/OAB"
$ews = "https://" + $hostname + "/EWS/Exchange.asmx"
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –ExternalUrl $owa –InternalUrl $owa
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory –ExternalUrl $ecp –InternalUrl $ecp
Get-MapiVirtualDirectory | Set-MapiVirtualDirectory –ExternalUrl $mapi –InternalUrl $mapi
Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl $activesync –InternalUrl $activesync
Get-OABVirtualDirectory | Set-OABVirtualDirectory -ExternalUrl $oab -InternalUrl $oab -RequireSSL:$true
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl $ews -InternalUrl $ews -BasicAuthentication:$True -Force
Get-PowershellVirtualDirectory | Set-PowershellVirtualDirectory –ExternalUrl $powershell –InternalUrl $powershell -BasicAuthentication:$True

10) Enable Mailbox Replication Service (MRS)MRSProxy:
the Mailbox Replication Service (MRS) Proxy service helps facilitate cross-forest remote mailbox moves. It’s often used when performing a cross-forest migration from a legacy Exchange organization.

Get-WebServicesVirtualDirectory | fl server,mrs*

Get-WebServicesVirtualDirectory -ADPropertiesOnly | Where {$_.MRSProxyEnabled -ne $true} | Set-WebServicesVirtualDirectory -MRSProxyEnabled $true

11) Publishing Exchange:
with a solid firewall solution where only the following ports are opened:
Port 25 for SMTP
Port 80 for HTTP
Port 443 for HTTPS
Port 587 for SMTP submission
Ports 110 and 143 for POP3 and IMAP4
Ports 993 and 995 for Secure POP3 and Secure IMAP4.
Hybrid Deployment and Migrating to Office 365

1)Register Office 365 for test:
https://products.office.com/zh-cn/buy/overview?param=TryOffice365EnterpriseE3

https://login.partner.microsoftonline.cn

https://dc.aliyun.com/login/loginx

Login DC01:

Get-ADUser -Filter * -SearchBase ‘ou=nos,dc=nos,dc=hk,dc=cn’ -Properties userPrincipalName | foreach { Set-ADUser $_ -UserPrincipalName (“{0}@{1}” -f $_.name,”seniorit.cn”)}

Open the Exchange Management Shell and New-AcceptedDomain
New-AcceptedDomain -Name Seniorit -DomainName Seniorit.cn -DomainType Authoritative
New an email address policy:
New-EmailAddressPolicy -Name "Seniorit" -IncludedRecipients AllRecipients -ConditionalCompany "Seniorit" -Priority 1 -EnabledEmailAddressTemplates "SMTP:@Seniorit.cn"

Update-EmailAddressPolicy -Identity Seniorit
get-mailbox | select name,windowsemailaddress,EmailAddresses,database

New DNS Zone seniorit.cn on dnsmgmt.msc

Office 365 Hybrid Configuration Wizard:
http://aka.ms/HybridWizard

How to Deploy Exchange 2016 CU2