-- New procedure as of 12/4/2024: https://url.us.m.mimecastprotect.com/s/lwBCCkR7GKuOPMjAi8u3hG74Vq?domain=learn.microsoft.com
1) Launch PowerShell with RunAsAdmin
2) Prepare certificate
Add-PSSnapin microsoft.crm.powershell
$CertificateScriptWithCommand = ".\CertificateReconfiguration.ps1 -certificateFile c:\temp.pfx -password Jump4joy -updateCrm -certificateType S2STokenIssuer -ServiceAccount https://url.us.m.mimecastprotect.com/s/zvKwClY7JLF2jB8mFVCDhzzSYZ?domain=wixon.com -storeFindType FindBySubjectDistinguishedName"
Invoke-Expression -command $CertificateScriptWithCommand
3) Setup Application Registration in Azure
-- Note: the App Registration "D365 Hybrid Exchange" was created on 6/20/25 and can be reused each year -- client secret is good until 6/20/27, and a new client secret would need to be created and used after that
4) Run the ConfigureCrmServerSideSync command
--Note: a new version of this script was downloaded from GIT on 6/20/25 and updated on the CRM server at C:\Program Files\Dynamics 365\Tools
-- Prepare the Windows PowerShell session
Enable-PSRemoting -force
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser
-- Set the script variable and invoke the command
$ConfigureCrmServerSideSyncWithCommand = ".\ConfigureCrmServerSideSync.ps1 -privateKeyPassword (ConvertTo-SecureString 'Jump4joy' -AsPlainText -Force) -pfxFilePath c:\temp.pfx -organizationName WixonCRM -microsoftEntraIdTenantIdOrDomainName 88a4fe4b-256e-4908-840e-6d153bc72f19 -ClientID efe71d55-fed4-4157-8f02-6f86246a740b -ClientSecret 3Bg8Q~yL_84aIu2AhNGp2vqswMf3dwSsSPzsQcsn"
Invoke-Expression -command $ConfigureCrmServerSideSyncWithCommand
-- Set the Exchange Online tenant ID
$CRMContextId = (Get-MsolCompanyInformation).ObjectID
$CRMContextId
--Copy the GUID to the clipboard and paste into the next step
-- Update S2STenantID
$organizationName = "WixonCRM"
$CRMContextId = "88a4fe4b-256e-4908-840e-6d153bc72f19"
$orgInfo = Get-CrmOrganization -Name $organizationName
$ID = $https://url.us.m.mimecastprotect.com/s/EEzWCmZyK6hj9m38F3FQhRONzA?domain=orginfo.id
if($ID)
{
Set-CrmAdvancedSetting -ID $https://url.us.m.mimecastprotect.com/s/xaZHCn5OLXC7kJ2gCvHohJL-Wc?domain=orginfo.id -configurationEntityName "Organization" -setting "S2STenantId" -value $CRMContextId
}
-- Reenable oAuth on the CRM server after reconfiguring IFD
$ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
$ClaimsSettings.Enabled = $true
Set-CrmSetting -Setting $ClaimsSettings
-- Click Test button in the hybrid Exchange Email Server Profile and verify success