Solved

Office 365 staged migration with dummy forest using adfs and dirsync

Posted on 2013-06-13
2
994 Views
Last Modified: 2013-07-11
we are planning a migration to office 365 from current on premises exchange 2007, then plan is as below

-to support multiple forest 365 scenario (which MS dont support at present in one tenant) for other parts of business we will create dirsync forest which should allow us to add the first company.local forest to 365 without limiting options for adding our other forests to the 365 tenant in future, so this will act as the consolidation point for all company forests.
-install adfs and adfs proxies and dirsync into this empty forest
-then create a domain trust from this forest to our existing forest of company1.local
-setup 365 tenant as the company.com (the dirsync forest) and then add the company1.local's external domain of company1.com into tenant (which are presently set as the UPN in the company1.local forest)
-obviously any users in the new sync forest can be synced easily with dirsync but does FIM2010 or something else need to be used to allow DirSync to "know" about the users in the other forests (i.e. the company1.local forest)
-if all sounds ok to here can i then confirm the adfs SSO will then allow login using the sync forest as it will have a AD trust to the .local domain
-now at this point we need to migrate mailboxes to 365 by installing exchange 2010 into company1.local to allow for coexistance as 2007 not supported in staged migration, would this cause any issue as it would be connecting direct to 365 rather than via the dirsync forest?

my question is can anyone see any major issues with this idea or give any advice on any points. i know its a pretty hefty ask maybe need 1000points for this
0
Comment
Question by:active8it
2 Comments
 
LVL 38

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
Comment Utility
You have two options, sync your forests into new one and dirsync from the new one to Office 365. Or, use FIM, which is the better option as it can take care of overlapping objects. I strongly advise contacting Microsoft or at least some major partner for help with this.

There are also 3rd party solutions which offer this, but I'd go with Microsoft support :)
0
 
LVL 2

Author Comment

by:active8it
Comment Utility
can you provide any documentation or a case study that shows the consolidation forest / usage of FIM. i presume using this method the users will all be created on the new forest automatically by FIM.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now