Here’s an extract of an article I made within my repositories (You can find the complete article Here) - it shows which changes is being made by the HCW.

I made this from the log file generated by the HCW running on my Lab.

My lab is comprised of 2 Exchange 2016 servers, E2016-01 and E2016-02, both configured as hybrid servers.

The SMTP smarthost is mail.contoso.ca.

[Table View] - Set-, New- and Add- cmdlets (except Get-*)

Sequence Command Location Cmd Line
5 OnPremises Set-HybridConfiguration -ClientAccessServers $null -ExternalIPAddresses $null -Domains 'contoso.ca' -OnPremisesSmartHost 'mail.contoso.ca' -TLSCertificateName '<I>CN=GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1, O=DigiCert Inc, C=US<S>CN=mail.contoso.ca' -SendingTransportServers 'E2016-01' -ReceivingTransportServers 'E2016-01' -EdgeTransportServers $null -Features FreeBusy,MoveMailbox,Mailtips,MessageTracking,OwaRedirection,OnlineArchive,SecureMail,Photos
7 OnPremises New-RemoteDomain -Name 'Hybrid Domain - contoso.mail.onmicrosoft.com' -DomainName 'contoso.mail.onmicrosoft.com'
8 OnPremises Set-RemoteDomain -TargetDeliveryDomain: $true -Identity 'Hybrid Domain - contoso.mail.onmicrosoft.com'
9 OnPremises New-RemoteDomain -Name 'Hybrid Domain - contoso.onmicrosoft.com' -DomainName 'contoso.onmicrosoft.com'
10 OnPremises Set-RemoteDomain -TrustedMailInboundEnabled: $true -Identity 'Hybrid Domain - contoso.onmicrosoft.com'
11 OnPremises New-AcceptedDomain -DomainName 'contoso.mail.onmicrosoft.com' -Name 'contoso.mail.onmicrosoft.com'
12 OnPremises Set-EmailAddressPolicy -Identity 'Default Policy' -ForceUpgrade: $true -EnabledEmailAddressTemplates 'SMTP:@contoso.ca','smtp:%m@contoso.mail.onmicrosoft.com'
13 OnPremises Update-EmailAddressPolicy -Identity 'Default Policy' -UpdateSecondaryAddressesOnly: $true
14 OnPremises New-OrganizationRelationship -Name 'On-premises to O365 - 177cd94d-be11-44e9-b09f-db69389f3a35' -TargetApplicationUri $null -TargetAutodiscoverEpr $null -Enabled: $true -DomainNames 'contoso.mail.onmicrosoft.com'
15 Tenant New-OrganizationRelationship -Name 'O365 to On-premises - a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5' -TargetApplicationUri $null -TargetAutodiscoverEpr $null -Enabled: $true -DomainNames 'contoso.ca'
17 OnPremises Set-OrganizationRelationship -MailboxMoveEnabled: $true -FreeBusyAccessEnabled: $true -FreeBusyAccessLevel LimitedDetails -ArchiveAccessEnabled: $true -MailTipsAccessEnabled: $true -MailTipsAccessLevel All -DeliveryReportEnabled: $true -PhotosEnabled: $true -TargetOwaURL 'http://outlook.com/owa/contoso.ca' -Identity 'On-premises to O365 - 177cd94d-be11-44e9-b09f-db69389f3a35'
18 Tenant Set-OrganizationRelationship -FreeBusyAccessEnabled: $true -FreeBusyAccessLevel LimitedDetails -TargetSharingEpr $null -MailTipsAccessEnabled: $true -MailTipsAccessLevel All -DeliveryReportEnabled: $true -PhotosEnabled: $true -TargetOwaURL 'https://mail.contoso.ca/owa' -Identity 'O365 to On-premises - a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5'
19 OnPremises Add-AvailabilityAddressSpace -ForestName 'contoso.mail.onmicrosoft.com' -AccessMethod InternalProxy -UseServiceAccount: $true -ProxyUrl 'https://mail.contoso.ca/ews/Exchange.asmx'
22 OnPremises Set-HybridConfiguration -ClientAccessServers $null -ExternalIPAddresses $null
23 OnPremises New-SendConnector -Name 'Outbound to Office 365 - 177cd94d-be11-44e9-b09f-db69389f3a35' -AddressSpaces 'smtp:contoso.mail.onmicrosoft.com;1' -DNSRoutingEnabled: $true -ErrorPolicies Default -Fqdn 'mail.contoso.ca' -RequireTLS: $true -IgnoreSTARTTLS: $false -SourceTransportServers 'E2016-01' -SmartHosts $null -TLSAuthLevel DomainValidation -DomainSecureEnabled: $false -TLSDomain 'mail.protection.outlook.com' -CloudServicesMailEnabled: $true -TLSCertificateName '<I>CN=GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1, O=DigiCert Inc, C=US<S>CN=mail.contoso.ca'
24 OnPremises Set-ReceiveConnector -AuthMechanism 'Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer' -Bindings '[::]:25','0.0.0.0:25' -Fqdn 'E2016-01.contoso.ca' -PermissionGroups 'AnonymousUsers, ExchangeServers, ExchangeLegacyServers' -RemoteIPRanges '::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff','0.0.0.0-255.255.255.255' -RequireTLS: $false -TLSDomainCapabilities 'mail.protection.outlook.com:AcceptCloudServicesMail' -TLSCertificateName '<I>CN=GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1, O=DigiCert Inc, C=US<S>CN=mail.contoso.ca' -TransportRole FrontendTransport -Identity 'E2016-01\\Default Frontend E2016-01'
25 Tenant New-InboundConnector -Name 'Inbound from a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5' -CloudServicesMailEnabled: $true -ConnectorSource HybridWizard -ConnectorType OnPremises -RequireTLS: $true -SenderDomains '*' -SenderIPAddresses $null -RestrictDomainsToIPAddresses: $false -TLSSenderCertificateName 'mail.contoso.ca' -AssociatedAcceptedDomains $null
26 Tenant New-OutboundConnector -Name 'Outbound to a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5' -RecipientDomains 'contoso.ca' -SmartHosts 'mail.contoso.ca' -ConnectorSource HybridWizard -ConnectorType OnPremises -TLSSettings DomainValidation -TLSDomain 'mail.contoso.ca' -CloudServicesMailEnabled: $true -RouteAllMessagesViaOnPremises: $false -UseMxRecord: $false -IsTransportRuleScoped: $false
27 Tenant New-OnPremisesOrganization -HybridDomains 'contoso.ca' -InboundConnector 'Inbound from a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5' -OutboundConnector 'Outbound to a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5' -OrganizationRelationship 'O365 to On-premises - a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5' -OrganizationName contosoMSG -Name 'a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5' -OrganizationGuid 'a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5'
30 OnPremises New-IntraOrganizationConnector -Name 'HybridIOC - 177cd94d-be11-44e9-b09f-db69389f3a35' -DiscoveryEndpoint 'https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc' -TargetAddressDomains 'contoso.mail.onmicrosoft.com' -Enabled: $true
31 Tenant New-IntraOrganizationConnector -Name 'HybridIOC - a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5' -DiscoveryEndpoint 'https://mail.contoso.ca/autodiscover/autodiscover.svc' -TargetAddressDomains 'contoso.ca' -Enabled: $true
35 OnPremises Set-PartnerApplication -Identity 'Exchange Online' -Enabled: $true
36 OnPremises New-AuthServer -Name 'ACS - 177cd94d-be11-44e9-b09f-db69389f3a35' -AuthMetadataUrl 'https://accounts.accesscontrol.windows.net/e5923069-9fac-4809-b7c9-a0893265a0e0/metadata/json/1' -DomainName 'contoso.ca','contoso.mail.onmicrosoft.com'
37 OnPremises New-AuthServer -Name 'EvoSts - 177cd94d-be11-44e9-b09f-db69389f3a35' -AuthMetadataUrl 'https://login.windows.net/contoso.onmicrosoft.com/federationmetadata/2007-06/federationmetadata.xml' -Type AzureAD
39 Tenant Test-MigrationServerAvailability -ExchangeRemoteMove: $true -RemoteServer 'mail.contoso.ca' -Credentials (Get-Credential -UserName contoso\\SAMDREY)
40 Tenant New-MigrationEndpoint -Name 'Hybrid Migration Endpoint - EWS (Default Web Site)' -ExchangeRemoteMove: $true -RemoteServer 'mail.contoso.ca' -Credentials (Get-Credential -UserName contoso\\samdrey)
42 Tenant Set-OnPremisesOrganization -Identity 'a3e87a2d-b84e-43cb-bf18-59aac4c4f1e5' -Comment 'rZTLTsJQEIbnUYwPgIVyKQZZWCSaaFwUdV3bisjNtKDy8uo30+LCCAU1J6dn5szl/zsz7cd7R3xZSspKZCYL6clcphLKCO1ABrKSZywncigBcoZHgr2CtiBGvYbYumQJkUOJ2T3LtsIrQuvI0RaMLvYr9BjbPnh9Mk5Y53jdmyU2pHUuzXuN5Qk5ItbnfiYP+A1BSY1thp4gb8M9JW4OTmIROXKInnGjeLtiKB+fuFFRg1u7zdDnJZW+MP+m1A29Li3xpCEOpz6bUuX00NrIXlHtTTjKogcvzT3gbsp5gxaZFskYz925NMU1Ng7bNQbKrIFUY+UslU8ZorIKjOeLPX9fm5qtKrsNdl4Rz+5dtnLZjKMsLmGafXVyVvR1jpcvj5zKePucls3Lbgj5tHz36GNNLfpM3gw/Lfoc/XMfXeuhY5XTiWsVc/U3RvpWdxY35quYIL0yG0v7UhY7dHs9PwH2dXUd1jG7yrMO84q9RwNdWefzV4b5E68An8jeIrH/Sbxn1/X7XxY9L8/dlU8='