Recently I was trying to locate guidance for the minimum requirements that an Exchange Hybrid Server would need if the only purpose for the server was to manage on-premise remote mailboxes. An on-premise Hybrid Exchange Server is still beneficial to manage the proxy alias attribute since Directory Synchronization is mostly one direction and therefore you cannot update the proxy aliases for a mailbox in Office 365’s administrative portal. You can use ADSIEdit to manage proxy aliases on-premise, but that is not practical for large organizations wishing to use RBAC.

So I posted this question on the new Office 365 IT Pro Yammer group and got a quick response from an MVP named Steve Goodman:

“An Exchange 2010 Hub Transport server role or Exchange 2013 multi role – with Hybrid keys – will do the trick.
After install you can then manage users, which will show as remote mailboxes (within contacts) in 2010 and Office 365 mailboxes in 2013.
Add a remote domain and other acceptors domains in Exchange and set the remote domain as the Office 365 tenant domain. Set the accepted domains as internal relay. Alter email address policies to suit, as they will take effect as you manage or create users.
If you use a multi-role or CAS server beware the AutoDiscover SCP as it will cause cert warnings. Set it to $null using Set-ClientAccessServer <server> -AutoDiscoverServiceInternalURI:$null
More guidance in [Steve Goodman’s] article here http://searchexchange.techtarget.com/tip/Best-practices-for-managing-Office-365-from-Active-Directory

So I learned that you do not have to run the Hybrid Configuration wizard.

Steve’s blog post does not include the syntax of creating a new remote domain. I used powershell to create the remote domain:

New-RemoteDomain –Name contoso.mail.onmicrosoft.com

Set-RemoteDomain -Identity contoso.mail.onmicrosoft.com -TargetDeliveryDomain $true

Then according to this MSFT Blog, if you want the changes to take effect immediately you have to restart IIS.

Steve points out in his blog that another alternative to ADSIEdit or the Hybrid server for managing the proxy aliases is a PowerShell module written by Andreas Lindhal at 365lab.com.

The only thing I would add to Steve’s guidance is that you may need to convert some of the mailboxes to remote-mailboxes using the enable-remotemailbox command otherwise the local contact object won’t exist in the local AD to manage.