If you have exchange in what’s called a hybrid environment, then you may know this, or you may not know this.
Exchange Hybrid - EHLO
Hybrid environment comes from the term where you have exchange locally as well as exchange online (EXO) If you have to set up, it referred to as hybrid configuration and the way it works is pretty simple.
Authoritative v Internal Relay
The domain in office 365 under accepted domains is set to internal relay, this means as a message comes into EXO If it’s not in the address book, it will automatically be sent down your hybrid connector, This means it will end up on local exchange.
If you’re local exchange, it is authoritative for that domain and the mailbox does not exist, Exchange will send a rejection back saying the mailbox does not exist, however, if at this point that domain is internal relay, it will look up the connectors and move onto the next hop.
Distribution groups : Cloud ☁️ Created
If you have a distribution group that is created exclusively in the cloud, and I’ve covered this in another article about users and computers.
This means as the account is synchronized with Entra you will be able to add that account to the distribution group, unfortunately, the user who is not in EXO will failed to receive that message completely from the point in the future, they will probably receive an NDR, that is unless you have a transport rule that deletes them 🙁
Distribution groups ; Local Exchange
This is the more interesting one, and I’m aware it’s caught quite a few people out in the past, if you create a local distribution group on exchange, then exchange is aware of the accounts in EXO - So it has no problem letting you add EXO accounts to that distribution group.
The current state of affairs is you’ve created a local Distribution group that at some point will be synchronized with Entra and it will contain all the members you are expecting to see, this may all be EXO users or a mixture of both.
Distribution group dilemma
You now have a new distribution group and you want to use it to send out some emails, so from your Outlook you find this distribution group that in this example is distributed like this:
15 EXO Mailboxes
6 Exchange Mailboxes
You click send and the message has gone, well, outlook has reported it’s been sent, and technically the message has been sent.
The six mailboxes on local exchange receive this message instantaneously, however, the mailboxes in EXO have not got the message yet…..
You probably think to yourself “it’s going through the system” and it should arrive in a couple of seconds, until a couple of minutes go by and the people in EXO have not received the message?
Checking logs and message trace
Your first port of call will be the exchange logs or possibly message tracing, if your first port to call is to give it more time or possibly reboot the exchange servers - eekkkk - this particular instance, the problem will not be fixed with time or reboots.
Exchange has quite a few logs, so to check the logs, you will need to check all of those logs for every receiving send connector for every server in your exchange organization, unlike a mailbox, it will not have a single point in a database.
If you check the message, tracing logs, you will notice that it’s only been sent to the people locally on exchange, which might lead you down the incorrect assumption that the message is not been delivered to EXO.
Delivery management Incompatibilities
The cause of this particular problem is the innocent looking option called “Delivery management” Tab which can be seen when you open the distribution group from ECP:
Can you spot the problem yet? It’s not a magic eye 👁️
Finding the cause of the issue
If you look at the wording here it clearly says “Only people inside my organization” - Weird these people are inside my organization??
Unfortunately, that is where you are mistaken with exchange inside your organization means people that do not have a remote account, whether this is a remote mailbox or a remote shared mailbox - the term “Remote“ Is not included in the term inside.
If you have a mailbox that’s in EXO Then you have what is known as a remote routing address on your mailbox, you can see this in the email address options from the mailbox for the user as below:
email : lee@croucher.cloud
Remote routed email : lee@croucher.onmicrosoft.com
This means the domain croucher.onmicrosoft.com - is 100% outside my internal users from exchanges point of view.
If you have the delivery management set to inside your organization, only people actually inside your organization will get the email, which does not include people in EXO
Fix the issue
Sure, now we understand why we need to change it, and we are not just clicking buttons aimlessly, hoping that it will fix the problem, as the understanding is more important as I keep saying that the solution to fixing it.
We can change the option to allow people from inside and outside the organization.
