Share via

Query on forwarder

Glenn Maxwell 13,761 Reputation points
2026-05-28T03:11:16.3166667+00:00

Hi All, I am using an Exchange Server SE Hybrid environment.

I have:

  • One Distribution List (DL) created on-premises
  • One Distribution List (DL) created in Exchange Online

We do not have Group Writeback enabled. Because of this:

  • An on-prem DL can be added as a member of a cloud DL
  • A cloud DL cannot be added as a member of an on-prem DL

I have a requirement where any email sent to my on-prem DL (DL1) should also be delivered to another DL (DL2) hosted in Exchange Online.

Would the below approach work?

  • Create a shared mailbox in Exchange Onprem, migrate it to online.
  • Add the shared mailbox as a member of the on-prem DL (DL1)
  • Configure mailbox forwarding on the shared mailbox to forward all received emails to the cloud DL (DL2)

Will this work reliably in a hybrid setup, or is there a better recommended approach?

Exchange | Hybrid management
Exchange | Hybrid management

The administration of a hybrid deployment that connects on-premises Exchange Server with Exchange Online, enabling seamless integration and centralized control.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hani-Ng 11,740 Reputation points Microsoft External Staff Moderator
    2026-05-28T04:31:31.4766667+00:00

    Hi Glenn Maxwell

    Based on my research and understanding, this is a common scenario in Exchange Hybrid environments, and your analysis of the limitations without Group Writeback is very clear.

    Regarding your proposed solution (using a shared mailbox and forwarding rule), it is technically feasible and should function as you've described. However, it may be helpful to reflect on some of the possible drawbacks of this approach when thinking about long-term management.

    This method introduces an additional mailbox object that exists only to forward messages. This creates an extra step in the mail delivery process, which can make tasks like message tracking more complex and increases the number of objects to manage. The solution creates a dependency on a mailbox-level forwarding rule. Such rules can be prone to being accidentally disabled or impacted by other mailbox policies, which might cause the mail flow to stop working. This approach can result in an extra delivery step instead of leveraging a more direct routing path.

    For this requirement, a more direct and commonly used solution is to create a Mail Contact in your on-premises environment to represent the cloud distribution list. This is often considered the standard practice for this scenario.

    • Create a Mail Contact in your on-premises Active Directory (using the Exchange Admin Center or PowerShell): Set External Email Address to the primary SMTP address of your cloud DL (ex: ******@yourdomain.com).
    • Add the new Mail Contact as a member of your on-premises Distribution List (DL1).

    This approach leverages a core routing function of Exchange. When the on-prem server expands DL1, it simply reads the contact's external address and routes the message accordingly, without the need for intermediate mailboxes or forwarding rules.

    For a more integrated, long-term solution, the Group Writeback feature in Azure AD Connect enables this type of cross-premises group management. If licensing allows, enabling this would permit the cloud group to be synced to your on-prem Active Directory, allowing direct membership in DL1.

    In summary, while the shared mailbox method is functional, the Mail Contact approach is generally seen as more direct, stable, and easier to manage. It aligns closely with established practices for managing mail flow in hybrid environments.

    For more information, you can refer to: Recipients in Exchange Server | Microsoft Learn

    I hope this helpful. If you have any further question, please feel free to ask via comment section.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

  2. AI answer

    2026-05-28T03:11:34.7233333+00:00

    The proposed approach will work in a hybrid setup, but there are important mail-flow behaviors and configuration details to consider.

    1. Forwarding from a migrated shared mailbox
      • Mailbox-level forwarding is supported in Exchange Online and on-premises.
      • When a mailbox is migrated to Exchange Online, its forwarding configuration is not copied automatically. Forwarding must be configured on the Exchange Online mailbox after migration using the DeliverToMailboxAndForward, ForwardingAddress, or ForwardingSmtpAddress properties.
      • In this design, the shared mailbox (now in Exchange Online) will receive messages as a member of the on-prem DL (DL1) and then forward them to the cloud DL (DL2). This is a supported pattern.
    2. Centralized Mail Transport and routing behavior
      • If Centralized Mail Transport (CMT) is enabled, the expected behavior is that mail from Exchange Online to the internet or back on-premises routes via on-premises.
      • However, there are specific exceptions: when a message is forwarded from Exchange Online to an external recipient (or to a DL that includes external recipients), Exchange Online may send that forwarded copy directly to the internet instead of routing it back through on-premises, because the forwarded message is treated as originating from on-premises.
      • This behavior is by design and also applies when a message is sent to a cloud distribution group that contains external recipients.
      • If DL2 is purely internal (Exchange Online recipients only), this exception is less of a concern. If DL2 includes external recipients and strict centralized routing/compliance is required, this design may bypass on-premises routing for those external deliveries.
    3. Connectors and automatic forwarding
      • In hybrid scenarios where users automatically forward messages to addresses outside the organization, a connector from on-premises to Microsoft 365/Office 365 is required so Microsoft 365 can relay such mail correctly.
      • If DL2 or its members include external domains, ensure the connector configuration matches the documented scenario "Sending mail from your on-premises servers to Microsoft 365 or Office 365" so forwarded mail is accepted and routed as intended.
    4. Recommended approach
      • From a supported-configuration perspective, using a migrated shared mailbox as a member of DL1 and enabling mailbox forwarding to DL2 is valid and commonly used when direct nesting of cloud DLs in on-prem DLs is not possible.
      • For reliability and compliance:
        • Configure forwarding on the Exchange Online shared mailbox after migration using the documented mailbox forwarding properties.
        • Verify hybrid connectors and SPF are configured as per hybrid mail-flow guidance so forwarded messages are accepted and not marked as spoofed.
        • If strict centralized mail transport is required for all external recipients, test whether forwarded messages to any external members of DL2 still traverse on-premises; if not, consider redesigning so on-prem DL expansion or on-prem transport rules handle external delivery.

    In summary, the shared-mailbox-plus-forwarding design is supported and should work reliably, provided hybrid mail flow, connectors, and (if applicable) centralized mail transport expectations are validated and tested.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.