Exchange 2010 to Office 365 Cutover Migration - Questions

Hi Experts,

I am preparing to cutover.

I have some questions...but first here is my set up:

2 exchange servers in DAG  and  Casarray...  no load balancing.
both servers hold all roles. CAS, HUB, Mailbox
Exchange 2010 sp3 and Windows Server 2008 R2 on all machines involved.
One database - approx. 19GB
135 Users
no public folders
Single Forest and Domain
I have a barracuda spam filter.

I will not be using AD FS or DirSync.
I am going to require them to sign in separately to Office 365 from the local network.

First questions.... (more to come)

Is keeping it totally separate the best idea? .. or should I consider DirSync for other reasons (besides Same Sign On) ?

My users are in both mail enabled security groups and distribution groups.
How will the cutover affect this?
Will it convert the mail enabled security groups to dist. groups?

thanks in advance...
LVL 8
SeaSenorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mijaredCommented:
Hello,

I found in some cases there is no need to use dirsync or ADFS. Mainly I used this when the users were remote or mobile users.

If the majority of your users are office based, you might as well use Dirsync. In the most recent version it will now sync the passwords also to the cloud. Meaning that the same username and password onsite will work for office 365. There is a small amount of work to be done on the AD first to setup the UPN in the same domain name as in office 365.

The main problem with using Dirsync and a pre existing exchange environment is, when you sync the users to the cloud, the user object has entries for an exchange mailbox and one in office 365 is not created. You would need to "move mailboxes to the cloud" from the onsite exchange server.

Same for the security group, you would need to make sure they have an email address and then it will create a distribution group in office 365.

Best regards,
Michael

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SeaSenorAuthor Commented:
ok.. I think I understand what you are saying.

although, I am not concerned with Dirsync. They can sync their passwords manually every few months.
Also, if I understand, I would have to disable dirsync for the cutover anyway, so I'll have the option on setting it up later after the cutover.

My main focus is a smooth transition, and knowing exactly what steps to take with my set up.
Gareth GudgerSolution ArchitectCommented:
Also, if I understand, I would have to disable dirsync for the cutover anyway, so I'll have the option on setting it up later after the cutover.

What are you currently using DirSync for?
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Vasil Michev (MVP)Commented:
Everything you need to know is in this article:

http://help.outlook.com/ms.exch.ecp.emailmigrationwizardexchangelearnmore.aspx

The process goes over the GAL and migrates everything that is visible there. Here is also another article that explicitly lists what is migrated:

http://help.outlook.com/en-us/140/hh553234.aspx

Dirsync will certainly help you manage the users after the migration, and password sync will help you reduce the workload after the migration.

Here are also the requirements for synchronizing groups:

http://support.microsoft.com/kb/2256198#How
SeaSenorAuthor Commented:
@diggisaur... I'm not currently using it. Just my understanding that if I set it up, I would have to disable it anyway to do the cutover. So after the cutover, I will have the option of whether or not to use it.

This article made me wonder if I should use it, hence part of the reason I questioned it:

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2013/07/12/five-things-you-need-to-know-about-using-dirsync-with-password-sync.aspx

@vasilcho... your comment:
"Dirsync will certainly help you manage the users after the migration, and password sync will help you reduce the workload after the migration"

I understand somewhat, but can you expand on that please? In what ways will it help manage users?
And according to the article, the password thing may be "6 one, half a dozen the other" in regards to password convenience and the administrators workload.

thanks to all so far.

Another question:  should I break the DAG and CAS array prior to the cutover?  What would be the pros/cons ?
Vasil Michev (MVP)Commented:
Because you will have a central point to manage objects. If you dont have dirsync, any change in the user attributes will have to be applied by the admin both on-prem and in the cloud. And even for small businesses, changes in name/position/manager/etc are common.  Also new accounts, you will have to provision them both on-prem and in the cloud.

Same for the passwords, most users will have trouble working with different sets of credentials. Even if you match the passwords, the different policies you have on-prem vs in the cloud will most certainly lead to different passwords at the end. You can always set the passwords to never expire, but this is a security risk.

It's up to you at the end, dirsync is not a requirement to use O365, it's just additional tool.
SeaSenorAuthor Commented:
again.. thanks.

Aside from Dirsync, should I leave the DAG and CAS array or should I remove them prior to the cutover?

Once the cutover migration has initially replicated, I should have enough redundancy (at least in respect to DAG).... to keep only one mailbox server. CAS would be a benefit until the cutover is completed and the batch removed.

thoughts on that?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.