Solved

Exchange 2010 to office 365 cutover migration

Posted on 2013-12-09
11
2,571 Views
Last Modified: 2014-11-09
Hi all,

We have an outsourced IT company helping us with something outside the scope of the Office 365 migration and they are pushing us (or really my boss) to give them that business as well. I think its something that is relatively easy (having experience doing a migration from 2003 to 2010) and want to keep them out of it, but they are claiming that people have all kinds of issues with this and its really difficult, you need people with expertise, ect ect.

Long story, but can anyone tell me some of things you might run into with a cutover migration. Just to give me some ammo with these guys.

Thanks in advance.
0
Comment
Question by:liminal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 40

Assisted Solution

by:Adam Brown
Adam Brown earned 166 total points
ID: 39707822
Office 365 migration really is a bit of a pain, to be honest. They aren't just blowing smoke. The system changes very often and keeping up with it is difficult at best. Realistically, it all depends on what you want to *do* with office 365. Are you planning to be cloud only or are you going to be using Dirsync and ADFS?

Part of the stuff you'll run into is errors in migration. There are a lot of things that can fail during the actual migration of email to the cloud (it isn't as simple as a 2003 to 2010 migration) and knowing what the error messages mean is a lot of work, since they aren't particularly detailed or easy to understand. If you're going to be using Dirsync and ADFS, you're going to be dealing a lot with Active Directory attributes, which a lot of people don't have much experience with. There is also a lot of powershell work that needs to be done, so if you don't know powershell pretty well, you're more likely to run into major issues.

You should also consider whether you want to use the built in migration tools or third party tools to move mail over. You're not going to have an actual AD trust set up like you do with a 2003 to 2010 migration, so moving email securely is much different than what you may be used to.

As for what you can run into, it's very difficult to say, to be honest. The biggest pain I've run into is timing the actual cutover. MS disabled a lot of the capabilities in the migration tool that allows you to run syncs after your DNS records are moved, so you have to perform each DNS change over a period of up to 24 hours while taking a lot of care which order you perform the steps in. And each organization is different. I've never really run into the same problem twice (in about 10 or so migrations from various systems). Having an in-depth understanding of both Exchange and Office 365 is extremely useful if not necessary for succeeding without difficulty.
0
 
LVL 40

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 167 total points
ID: 39707870
Depends on your background. For anyone with a bit of Exchange experience, cutover migration should be a walk in the park. It requires almost no preparation and the whole process is very well documented:

http://help.outlook.com/en-us/140/Ff628719.aspx

The most common issue I've run into (on this site as well) is the post-migration Outlook config. Many people do not understand how Autodiscover works, especially in a domain environment, and have not prepared properly for the switch to Office 365. But even that one is relatively easy to fix, the only trouble is leaving the users with no mail access (or OWA only).

Plus, you can always call Office 365 support if you run into issues, after all support is part of the service you are paying for.
0
 

Author Comment

by:liminal
ID: 39710200
Thanks guys, I appreciate the advise. I think its going to be pretty easy.

http://help.outlook.com/en-us/140/Ff628719.aspx

This is what I have been looking @ and it looks quite simple as long as you don't run into problems ;) and then you have Office 365 Support.

This is quite a small environment with only about 120 mailboxes. 350GB of data...
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:liminal
ID: 39710212
It actually looks simpler then the 2003 to 2010 migration to me.
0
 

Author Comment

by:liminal
ID: 39710249
Once thing that I haven't seen any info on is migrating mail enabled contacts.

Anyone have any info on that?
0
 

Author Comment

by:liminal
ID: 39710273
OK so the migration is simple, its the SSO thats the hard part right?

What's the difference between Dirsync and ADFS?

Which is better?
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39710600
Cutover migration will migrate everything that is visible in the GAL, including contacts.

As for dirsync (I am assuming you are interested in password sync) and/or AD FS, review this article:

http://blogs.office.com/b/office365tech/archive/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365.aspx

You cannot have dirsync running when performing cutover migration, you will have to enable it after the migration is over. For 120 users AD FS is probably an overkill, but if you need any of the functionality it offers, go for it.
0
 
LVL 4

Accepted Solution

by:
ontech earned 167 total points
ID: 39716794
CutOver Migration best article to follow.
http://help.outlook.com/en-us/140/Ff628719.aspx

dirsync is Directory Synchronization Server.
It syncs your AD objects to Cloud.
Every AD objects has a unique GUID, So this GUID is synced to Office 365 with User object and called as Immunitable ID.

ADFS is Active Directory Federated Services.
It is used for Single Sign On.
When you install ADFS successfully, The users in Office 365 will be authenticated using your Active Directory, So when you enter your user name there is a dot dot running when you go to Password tab. It checks if the domain is federated, If your domain is federated it will be routed to ADFS server in your organization which will send the credentials to AD server and Authenticate you.
ADFS is used for SSO and security reasons.

You can also use DirSync Password Sync feature to sync the password of the users to Office 365. But over here the password will be stored in the cloud.

Hope this answers your question.

Rest In Next.

Regards,
Jazz.
0
 

Author Closing Comment

by:liminal
ID: 39745454
Thanks so much guys,
0
 
LVL 1

Expert Comment

by:TBIRD2340
ID: 39928238
So not being able to have DirSync run / installed until after your migration is complete, what is the best way to deal with users logging in?

I think it sucks to give out temporary password to 100 users with a link to 365, have them login, then change their password (to match their AD).. That's just a lot of room for error on the user end..
0
 

Expert Comment

by:ComptechExpress
ID: 40431611
Would anybody have a fresh link for this http://help.outlook.com/en-us/140/Ff628719.aspx

it seems to have been moved!

Many Thanks
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my first article on Expert Exchange on the Manual Method of Exporting Office 365 Mailboxes to PST format by using the eDiscovery mechanism of Office. Hope you will enjoy the article.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
how to add IIS SMTP to handle application/Scanner relays into office 365.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question