Hybrid SharePoint 2013/2016

Step-by-step script of my recent Hybrid SharePoint 2016 – Office 365 implementation:

 

Office 365 Prerequisites

  • set and configure custom domain name
  • synchronize users (e.g. like this)
  • provide Office 365 licenses for hybrid users
  • (for hybrid search or Sharepoint 2016 DLP) provide license for farm account

On-Premises AD prerequisites

  • AD group “HybridUsers” for hybrid users

On-premises SharePoint Prerequisites

  • managed metadata service application
  • user profiles service application
    • user profiles are synchronized (incl. User Principal Name and Work email)
    • MySites
    • Audience for HybridUsers AD group
  • app management service application
  • subscription settings service application
  • secure store service application
  • SP1 + September 2015 CU

On-Premises AD prerequisites

  • AD group “HybridUsers” for hybrid users

Certificates

  • certificate to replace the default SharePoint STS certificate
    • no special requirements for subject
    • self-signed (lab/test)
    • public authority (production)

If you plan for inbound search of hybrid BCS – there are some more requirements

 

Steps:

Create S2S trust, i.e. trust relationship between on-premises SharePoint and Office 365.

  • replace default STS certificate
  • upload certificate to Office 365
  • add SPN to Azure AD
  • register SPO application principal
  • set authentication realm (align this with high-trusted app environment)
  • configure on-prem proxy for Azure AD

(scripts: https://technet.microsoft.com/library/dn197169.aspx)

 

Hybrid Sites and Hybrid OnDrive for Business

  1. goto Office 365 admin center -> SharePoint admin
  2. copy mysites site collection name (https://ecm-my.sharepoint.com)
  3. goto on-prem SharePoint CA -> Office 365 -> Configure hybrid OneDrive…
    • enter “My Site URL” from “2” Office 365 mysites site collection name
    • (optional) enter specific audience – “hybrid users”
    • select hybrid features – “OneDrive only” or “OneDrive and Sites”

Hybrid Sites Hybrid OnDrive for Business warnings:

  • you cannot activate hybrid sites w/o activating hybrid OneDrive for Business
  • users need to re-follow migrated sites
  • custom profile properties require additional steps
  • existing mysites content will not be migrated – consider
    • 3-rd party tools or
    • PowerShell(?) or
    • manual “old sync->backup->.stop sync -> new sync -> restore from backup -> sync” for every user

 

 

Sources: