Hybrid Configuration Wizard and Hybrid Domain Proof Records

During one of my Exchange Hybrid engagements earlier this year for a client with Exchange 2013, I found that I was not asked to publish Hybrid Domain Proof DNS Records in public DNS. Which I though was strange, as this used to be a requirement for the Exchange Hybrid Wizard (HCW) to complete.

So ensued a little digging…

In Exchange 2013+ Hybrid, the HCW defaults to using Oauth rather than Dauth providing there are no legacy Exchange Servers in the organisation. See here for more information.

As the client had mailboxes hosted on Exchange 2013 and no legacy Exchange servers and the fact that Exchange 2016 Hybrids were introduced, the HCW defaulted to using Oauth and ran through without asking for the Hybrid Domain Proof records. This was further proven when adding another forest to their Hybrid Configuration containing mailboxes hosted on Exchange 2010 SP3 and having Exchange 2016 Hybrid servers introduced, it asked for the Hybrid Domain Proof records to be added to public DNS, confirming it does not default to Oauth and instead defaults to Dauth, which requires the Hybrid Domain Proof records to be published.

As Exchange 2010 drops off the radar for potential Hybrid customers, the requirement to have the Hybrid Domain Proof records published in public DNS diminishes and will default to using Oauth.

For a more in-depth look into Oauth vs Dauth in Exchange Hybrid. See the Microsoft Exchange Blog article here for more information.

About the author