Set Up Syncing between D365 V9 On Premise and Exchange Online

by | Updated August 14, 2020 | Dynamics CRM

Recently, I set up D365 V9 on-premise server-side sync with Exchange Online. I ran into some tricky areas in the process. I am going to document them here. My goal is to help you have a smoother experience. Oh, and so I have it documented for the next time I need it. It will be needed every time the SSL Certificate expires and is changed. Below are the links I used as a guide to accomplish this task. I will walk through the steps and highlight additional information. I am writing in August of 2020. I note this date since Microsoft makes changes on a regular basis.

Warning: This is a techy blog. Continue at your own risk.

This first page includes the steps to connect D365 on-prem to Exchange online. This page is dated 11/19/2018.

Here’s how to get started with your sync:

1. Permission required

  • This refers to the account you will use to remote to the D365 servers and execute the tasks in the documents. Ex: Contoso\D365InstallAcct
    • D365 access with System Administrator Security Role
    • Local Admin on all D365 Servers
    • Full Control access to SSL Certificates on all D365 Servers
    • Office 365 Global Administrator Membership
      • Required to run PowerShell commands that access Office 365, Azure and Exchange online.
      • This is a temporary requirement and can be removed once the setup is complete.

2. Prerequisites

Hybrid Connector

  • An x509 digital certificate. I recommend a wild card cert. Ex: *
    • The SSL certificate must be installed on all D365 Servers. Your D365 Asysnc service account and the D365 Application service account must have read access to the certificate.
  • Install MS Online Service Sign-In Assistant.
  • Install the Azure Active Directory Module for Windows PowerShell
    • This is a PowerShell Module. I recommend you use PowerShell ISE on the D365 server. As you can see in the image, PS ISE gives you a script pane and execution pane. It also allows you to run snippets from your script. Save the whole script for later reference and when you need to run it to update the SSL Certificate.
    • You will see the command is
      • Install-Module MSOnline
        • You will get prompted for approval to install. You need to approve it or nothing will work.

PowerShell ISE

3. Set up server-based authentication

  • Again, I recommend using PowerShell ISE. This should be run on the D365 front end server. The first thing after opening PS ISE is to set the location to “C:\Program Files\Dynamics 365\Tools”. This location is based on where you installed D365.
  • Prepare the certificate.
    • You need to export the certificate to a location on the hard drive. Such as C:. This is only needed for the scripts that follow and can be removed one complete. You will need the following files export from the certificate.
      • Personalcerfile.cer
      • Personalcertfile.pfx
    • For this PowerShell command, you will also need the password for the certificate and the account to access it.
      • replace “personal_certfile_password” with the actual password
      • replace “consoto\administrator” with the account you setup as the D365 application service account. Make sure it is in the format, domain\account.
  • Prepare the Windows PowerShell session.
    • There is a typo in this MS Script.
    • Use “Install-Module MSOnlineExt -force” instead of “Install-Module MSOnlineExtended -force”
  • Connect to Office 365
    • When this portion of the script runs, it will open a windows credentials prompt. I had to use the email format of the account. Ex:


  • Set the certificate
    • Make user when copying PS commands from the web page to change the quotes in the command.
      • “ and ” to “
  • Set the Azure Active Directory Service Principal Name (SPN) in Exchange Online.
    • Again, check to change the quotes when copying.
    • In the first line, change “*” to “*”.
      • it should match the @ portion of the accounts email format.
        • Ex:
    • Leave the 2nd line as it. Not need to change the guide.
  • Configure the Microsoft Dynamics 365 Server for server-based authentication with Exchange Online.
    • The only thing here is to change the quotes when copying the script.

4. Set the Exchange Online tenant ID

  • Azure Active Directory module.
    • These PS commands retrieve and display the Tenant GUID.
    • This GUID is used in the next set of PS commands.
  • Update S2STenantId
    • Replace “Organizationname” with the name of the D365 Instance. This is the name that shows up in the D365 Deployment Manager in the D365 Server.

Deployment Manager

    • Replace “ExchangeOnlineTenantID” with the Tenant Guide.
    • See the highlighted text in the image below for text to be replaced.


    • Nothing else in this snippet needs to be changed.

The next steps refer to the following link dated 12/13/2019. This is a good page to read through completely. For this blog, we will look at the following sections.

Configure Windows Server for Dynamics 365 Customer Engagement (on-premises) applications that use OAuth.

  • Enable forms authentication
    • This is done in ADFS. You may have already done this when setting up D365 to be externally facing.
  • Configure the OAuth provider
    • These commands can be run from the same PS IDE as all the previous commands. The commands will Enable OAuth for your D365 installation.

Now you are ready to set up the Email Server profile in D365.

1. Create Hybrid Email Server Profile

2. Configure User’s mailboxes

  • Server-Side Sync or Email Router for Incoming and Outgoing Email
  • Approve Email
  • Test & Enable Mailbox

3. Settings > Dynamics 365 App for Outlook

  • Run the command from the Setup section on the ADFS server
    • Add-AdfsClient -Name “Dynamics 365 App for Outlook” -ClientId <Guid> -RedirectUri <D365 URL>/crmmailapp/code_auth.aspx
      • <Guid> is the unique id of the D365 instance.
      • <D365 URL> is the URL of D365
        • Ex:
  • Click Add App for all eligible users or Select users and click Add App to Outlook

Add App to Outlook

    • Thank can take some time. I have seen it take 15 minutes or more.
    • The User may have to close outlook or logoff

Thank you for taking the time to read this blog. I hope you find it helpful and remember, you’ll need to run through this process each time you update your SSL Certificate.


Related Posts


Submit a Comment

Your email address will not be published. Required fields are marked *

Upcoming Events


02jun2:00 pm2:30 pmBusiness Intelligence for Batch Manufacturers

16jun10:00 am10:30 amHow AP automation can speed up month-end close in D365 Finance

17jun11:00 am12:00 pmConfab Live with Stoneridge – Real Time Marketing Strategies for Success

23jun10:00 am10:30 amThe Modern Manufacturer: Cost Accounting in D365

30jun10:00 am10:30 amAP Automation Checklist for a 2022 Rebound

30jun2:00 pm2:30 pmAchieving Success: How Technology Is Helping Nonprofits Thrive


01jul11:00 am12:00 pmConfab Live with Stoneridge – Dataverse Virtual Entities

14jul12:00 pm12:30 pmBeyond Reporting - What Business Intelligence Can Do For Your Agribusiness

15jul11:00 am12:00 pmConfab Live with Stoneridge – Integration Strategies for End User Success

21jul10:00 am10:30 amThe Modern Manufacturer: Manufacturing Software in the Real World

21jul12:00 pm1:00 pmIs it Worth it to Upgrade to Dynamics 365 Finance and Supply Chain Management? - Everything AX Users Need to Consider

About Stoneridge
Stoneridge Software is a unique Microsoft Gold Partner, with emphasis on partner. With specialties in Microsoft Dynamics 365, Microsoft Dynamics AX, Microsoft Dynamics NAV, Microsoft Dynamics GP and Microsoft Dynamics CRM, we focus on attracting the most knowledgeable experts in the field to our team, and prioritize delivering stellar solutions with maximum impact for your business. At Stoneridge, we are deeply committed to your results. Each engagement is met with a dedicated team, ready to provide thorough, tailored, and expert service. Based in Minnesota, we intentionally “step into your shoes,” wherever you are. We focus on what you care about, and develop trusting, long-term relationships with our clients.

Subscribe To Our Blog

Sign up to get periodic updates on the latest posts.

Thank you for subscribing!