Exchange 2010 to Office 365 Migration

We are wanting to migrate a customer to Office 365.  We have on-premises Exchange 2010 SP2.

We want to set it up hybrid so that we can slowly move users over.

We are in the planning stages with this.  Does anyone have any good clean walkthroughs that we might use?

I have seen a few walk throughs on google that just arent very clean.  I already have two ADFS servers set up and load balanced.

If anyone can provide insight of what we should look out for or anyone have any good walk throughs, that would be great.

This is our first migration and I am experienced with Exchange on-premises, just never used Office 365.
Who is Participating?
Adam BrownSr Solutions ArchitectCommented:
Open Internet Options from control panel or from Internet Explorer. From there, go to the Security tab and select Local Intranet. Click Sites, then Advanced, then add *, *, and the external FQDN of your ADFS server to that list. This will cause Outlook to use the Local Intranet security settings which is configured to send credentials automatically by default.
In your case if its first time I would make a demo first but here are my walk through.

You must be expert level of domain and have expeerionce with dns , as you will make records to point to the MS online server.

Choose minimum Office 365 Small Business Premium - to work with exchange.

2. When you create your demo account you have 31 days but be aware that when you move records your process have started for moving to the cloud solution .

In there you start the wizard its a complete walkthrough online in 5 steps.

1. Choose the mail domain name for your off365 and confirm ownership
2. On webhost. Create mx or tx record that points to the MS server online - and you have the adress in the wizard.
3. Connect the off365 to the mail domain - it will answer when dns is resolving.
4. Create users
5. Migrate maildata - can be done from the pc and you find many guides about it .. good luck

I have at total complete guide but in Danish - and I keep it safe , but theese are the steps.
considerscsAuthor Commented:
I have alot of experience with AD and DNS.  Im comfortable with that.

I am just having problems with understanding exactly what is needed for my instance.

Do I need to use ADFS to keep SSO up to date, or just let the Windows Azure Directory Synchronization do the password updating?

I need to use the hybrid deployment as we have large mailboxes and I will not be doing a cut over with that much data.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Vasil Michev (MVP)Commented:
This is the definitive guide for hybrid:

Make sure to review it in details. If you have any additional questions ask.
Ok so on the office 365 cloud you dont really have a copy of Ad implemented so your rights are setup online.

I dont think its possible to keep your local exchange working as you move your pointing mx record towards office online solution - unless something I dont know.

You can synchronize maildata from a local pc in outlook to the off365 online.
To migrate the pst data you simple recopy it on the pc in outlook and let the pc to renew data this way. 

When I connected my outlook to the off365 online I had all my data there from the exchange connection , also calendar og contacts so it was really not necessary to recopy the maildata.

If you want to work with file synchronization also you use the sharepoint online.
On my page you can see the screenshots of maildata - and all is synchronized from a local pc to off365 with exchange connection . Its not to make pr but the pics show what is possible.

I dont know how you would do a hybrid deployment but maybe other experts will help.
I guess to make it possible you have to point your exchange to the off365 as well - it sounds like an exiting project :)
considerscsAuthor Commented:
one problem i am having is even though I have set up the dns records as microsoft requests, i cannot change my default domain.

Its not even an option in the dropdown menu.
considerscsAuthor Commented:
I see that a federated domain cannot be set up as a default domain in office 365.

So with a hybrid deployment, your mail domain has to be a federated domain.

Anyone see a way around this?
Adam BrownSr Solutions ArchitectCommented:
The default domain is what is used when creating new users *in the cloud*. It is not necessary to change the default domain in Office 365, since all users that are created in your Hybrid environment will be created from the On-Premise environment, then the changes are synced to the cloud with DirSync.

I would most definitely attempt to create a Test Hybrid setup before doing a full production setup if you've never done it before. Hybrid coexistence with Exchange 2010 is very tricky, and you need to make sure you have accurate, up to date information when you do it.

ServiceService is incorrect. A hybrid configuration will allow you to continue using your existing MX records that point to your on-premise server without any issues.

Basically, you need things in place to do a Hybrid setup for Exchange 2010 and Office 365.

1. All Office 2010 CAS servers should be updated to Exchange 2010 SP3
3. DirSync - You can get this by configuring Office 365 to use dirsync. It will give you a Link to download the software.

There is a lot of configuration you have to have in place, but the majority of the work is done by the Hybrid Configuration Wizard in Exchange 2010 SP3, which is located in Organization Management in the EMC. You'll also need to connect to Office 365 in the EMC by adding another forest and selecting Exchange Online. Vasilcho's link to Microsoft will give you all of the configuration information you need, but if you have Exchange 2010 SP3, ADFS, and Dirsync, you have all the pieces. You just need to put them together.
considerscsAuthor Commented:
Ok thanks for that.  I did see a little earlier that I need to go from SP2 to SP3.  I am currently doing that now.

I think that may be where I was going wrong the whole time.  I will use the Hybrid Configuration Wizard afterwards to get it all pieced together.

I have dirsync working.  ADFS is being a tad tricky.  I think its a load balancing issue though.

For ADFS, do yall use Unicast or Multicast on the NLB configuration?
Adam BrownSr Solutions ArchitectCommented:
Multicast if the servers have one NIC, Unicast if they have two, generally. ADFS is tricky in general. It takes some patience.
considerscsAuthor Commented:
I am seeing that first hand.  Its very irritating to say the least.

I am having an issue with the Exchange Migration wizard.

It will not authenticate my ownership of my domain.

I have that has the corresponding txt record in the public DNS.  If I check the record it is resolved, even on the exchange server itself.

I cannot get it to go past this step.

Any ideas?
considerscsAuthor Commented:
Ok I have Office 365 working with a test domain and a test user.

Federated servers work flawlessly inside for Single Sign-On with the web portal.

Only problem now is that when I open a test users account that was migrated from the on-premises exchange to the cloud, outlook asks for a password upon opening it.  When i enter the password it works fine, I just want to get outlook to not prompt for credentials as the DirSync and ADFS work fine.

Does anyone know how to get outlook to not prompt for credentials since the credentials match what the user is logging into their desktop with?
Vasil Michev (MVP)Commented:
Use credentials manager.

Outlook will send basic authentication credentials over SSL to Exchange Online and Exchange Online will then proxy this authentication request to the AD FS 2.0 federation service on behalf of the client. Selecting the "remember" checkbox will only store the username, so you need to use the credentials manager to store the password.
considerscsAuthor Commented:
Now outlook will not accept the username or password.

I think its a problem with my ADFS from the outside.

I have one internet connection.  The ADFS server sit with the domain/exchange on-premise server.

Since this is hybrid and I am moving over slowly, 443 is used for my mobile devices to connect back to exchange.

Autodiscover will not work externally or internally when a test user is migrated.

How could I get ADFS to work externally for Office 365 to be able to use ADFS without having to take 443 away from my exchange server?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.