Solved

Exchange 2010 to Office 365 Cutover Migration - Questions

Posted on 2014-01-02
9
361 Views
Last Modified: 2015-03-30
Hi Experts,

I am preparing to cutover.

I have some questions...but first here is my set up:

2 exchange servers in DAG  and  Casarray...  no load balancing.
both servers hold all roles. CAS, HUB, Mailbox
Exchange 2010 sp3 and Windows Server 2008 R2 on all machines involved.
One database - approx. 19GB
135 Users
no public folders
Single Forest and Domain
I have a barracuda spam filter.

I will not be using AD FS or DirSync.
I am going to require them to sign in separately to Office 365 from the local network.

First questions.... (more to come)

Is keeping it totally separate the best idea? .. or should I consider DirSync for other reasons (besides Same Sign On) ?

My users are in both mail enabled security groups and distribution groups.
How will the cutover affect this?
Will it convert the mail enabled security groups to dist. groups?

thanks in advance...
0
Comment
Question by:SeaSenor
9 Comments
 
LVL 3

Accepted Solution

by:
mijared earned 250 total points
ID: 39753357
Hello,

I found in some cases there is no need to use dirsync or ADFS. Mainly I used this when the users were remote or mobile users.

If the majority of your users are office based, you might as well use Dirsync. In the most recent version it will now sync the passwords also to the cloud. Meaning that the same username and password onsite will work for office 365. There is a small amount of work to be done on the AD first to setup the UPN in the same domain name as in office 365.

The main problem with using Dirsync and a pre existing exchange environment is, when you sync the users to the cloud, the user object has entries for an exchange mailbox and one in office 365 is not created. You would need to "move mailboxes to the cloud" from the onsite exchange server.

Same for the security group, you would need to make sure they have an email address and then it will create a distribution group in office 365.

Best regards,
Michael
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 39766130
ok.. I think I understand what you are saying.

although, I am not concerned with Dirsync. They can sync their passwords manually every few months.
Also, if I understand, I would have to disable dirsync for the cutover anyway, so I'll have the option on setting it up later after the cutover.

My main focus is a smooth transition, and knowing exactly what steps to take with my set up.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39792872
Also, if I understand, I would have to disable dirsync for the cutover anyway, so I'll have the option on setting it up later after the cutover.

What are you currently using DirSync for?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 39

Expert Comment

by:Vasil Michev (MVP)
ID: 39792894
Everything you need to know is in this article:

http://help.outlook.com/ms.exch.ecp.emailmigrationwizardexchangelearnmore.aspx

The process goes over the GAL and migrates everything that is visible there. Here is also another article that explicitly lists what is migrated:

http://help.outlook.com/en-us/140/hh553234.aspx

Dirsync will certainly help you manage the users after the migration, and password sync will help you reduce the workload after the migration.

Here are also the requirements for synchronizing groups:

http://support.microsoft.com/kb/2256198#How
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 39797126
@diggisaur... I'm not currently using it. Just my understanding that if I set it up, I would have to disable it anyway to do the cutover. So after the cutover, I will have the option of whether or not to use it.

This article made me wonder if I should use it, hence part of the reason I questioned it:

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2013/07/12/five-things-you-need-to-know-about-using-dirsync-with-password-sync.aspx

@vasilcho... your comment:
"Dirsync will certainly help you manage the users after the migration, and password sync will help you reduce the workload after the migration"

I understand somewhat, but can you expand on that please? In what ways will it help manage users?
And according to the article, the password thing may be "6 one, half a dozen the other" in regards to password convenience and the administrators workload.

thanks to all so far.

Another question:  should I break the DAG and CAS array prior to the cutover?  What would be the pros/cons ?
0
 
LVL 39

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 250 total points
ID: 39797169
Because you will have a central point to manage objects. If you dont have dirsync, any change in the user attributes will have to be applied by the admin both on-prem and in the cloud. And even for small businesses, changes in name/position/manager/etc are common.  Also new accounts, you will have to provision them both on-prem and in the cloud.

Same for the passwords, most users will have trouble working with different sets of credentials. Even if you match the passwords, the different policies you have on-prem vs in the cloud will most certainly lead to different passwords at the end. You can always set the passwords to never expire, but this is a security risk.

It's up to you at the end, dirsync is not a requirement to use O365, it's just additional tool.
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 39797193
again.. thanks.

Aside from Dirsync, should I leave the DAG and CAS array or should I remove them prior to the cutover?

Once the cutover migration has initially replicated, I should have enough redundancy (at least in respect to DAG).... to keep only one mailbox server. CAS would be a benefit until the cutover is completed and the batch removed.

thoughts on that?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now