Apex Blog

I then prepared the x509 certificate required for the server-side authentication. In particular:

1. I logged on to the CRM Server as an administrator, run MMC and added the Certificates snap-in. When prompted I chose Computer Account and, then, Local Computer.
2. Under the Personal certificate storage I located the wild card certificate and exported it twice. The first time I set not to export the private key to obtain a DER encoded binary X.509 (.cer) certificate that I saved to a .cer file under the C:\ folder as c:\Personalcertfile.cer. Then I exported the same certificate along with the private key (to obtain a .pfx file) keeping the default options and duly noting the password for a later import. The .pfx file was saved as c:\Personalcertfile.pfx

Installing Microsoft Online Services Sign-In Assistant for IT Professionals Beta was not required as it was already there while I had to set up the Azure Active Directory Module for Windows PowerShell (64-bit version).

According to the guide I located the CertificateReconfiguration.ps1 file and started the Azure Active Directory Module for Windows PowerShell moving to the file path. I launched exactly the commands on the guide:

$CertificateScriptWithCommand = “.\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx -password THEPWDNOTEDABOVE -updateCrm -certificateType S2STokenIssuer -serviceAccount DOMAINNAME\USERNAME -storeFindType FindBySubjectDistinguishedName”

Invoke-Expression -command $CertificateScriptWithCommand

Please note that THEPWDNOTEDABOVE was the password I chose when I exported the .pfx certificate. DOMAINNAME\USERNAME is the credential of the administrative single user I used to carry out the configuration.

Certificate preparation result

Configuration

The actual configuration was pretty straightforward. I was all about locating and launching the ConfigureCrmServerSideSync.ps1 script with the right parameters.

I was prompted for the ALIAS@DOMAIN.onmicrosoft.com and the rest of the process was completed by the script.

Conclusions

Once performed the steps above, our CRM was ready for the server side (Hybrid) configuration.

In CRM,  I created an email server profile going to Settings > Email Configuration > Email Server Profiles.

I then clicked New > Exchange Online (Hybrid). The tenant ID was already there and I only had to set a meaningful name for the profile.

With the server profile in place I configured the existing mailboxes to use the newly created profile. For each mailbox I selected test and enable.

Read More