Office 365 staged migration with dummy forest using adfs and dirsync
Posted on 2013-06-13
we are planning a migration to office 365 from current on premises exchange 2007, then plan is as below
-to support multiple forest 365 scenario (which MS dont support at present in one tenant) for other parts of business we will create dirsync forest which should allow us to add the first company.local forest to 365 without limiting options for adding our other forests to the 365 tenant in future, so this will act as the consolidation point for all company forests.
-install adfs and adfs proxies and dirsync into this empty forest
-then create a domain trust from this forest to our existing forest of company1.local
-setup 365 tenant as the company.com (the dirsync forest) and then add the company1.local's external domain of company1.com into tenant (which are presently set as the UPN in the company1.local forest)
-obviously any users in the new sync forest can be synced easily with dirsync but does FIM2010 or something else need to be used to allow DirSync to "know" about the users in the other forests (i.e. the company1.local forest)
-if all sounds ok to here can i then confirm the adfs SSO will then allow login using the sync forest as it will have a AD trust to the .local domain
-now at this point we need to migrate mailboxes to 365 by installing exchange 2010 into company1.local to allow for coexistance as 2007 not supported in staged migration, would this cause any issue as it would be connecting direct to 365 rather than via the dirsync forest?
my question is can anyone see any major issues with this idea or give any advice on any points. i know its a pretty hefty ask maybe need 1000points for this