Solved

Exchange 2010 to Office 365 Cutover Migration - Questions

Posted on 2014-01-02
9
398 Views
Last Modified: 2015-03-30
Hi Experts,

I am preparing to cutover.

I have some questions...but first here is my set up:

2 exchange servers in DAG  and  Casarray...  no load balancing.
both servers hold all roles. CAS, HUB, Mailbox
Exchange 2010 sp3 and Windows Server 2008 R2 on all machines involved.
One database - approx. 19GB
135 Users
no public folders
Single Forest and Domain
I have a barracuda spam filter.

I will not be using AD FS or DirSync.
I am going to require them to sign in separately to Office 365 from the local network.

First questions.... (more to come)

Is keeping it totally separate the best idea? .. or should I consider DirSync for other reasons (besides Same Sign On) ?

My users are in both mail enabled security groups and distribution groups.
How will the cutover affect this?
Will it convert the mail enabled security groups to dist. groups?

thanks in advance...
0
Comment
Question by:SeaSenor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 3

Accepted Solution

by:
mijared earned 250 total points
ID: 39753357
Hello,

I found in some cases there is no need to use dirsync or ADFS. Mainly I used this when the users were remote or mobile users.

If the majority of your users are office based, you might as well use Dirsync. In the most recent version it will now sync the passwords also to the cloud. Meaning that the same username and password onsite will work for office 365. There is a small amount of work to be done on the AD first to setup the UPN in the same domain name as in office 365.

The main problem with using Dirsync and a pre existing exchange environment is, when you sync the users to the cloud, the user object has entries for an exchange mailbox and one in office 365 is not created. You would need to "move mailboxes to the cloud" from the onsite exchange server.

Same for the security group, you would need to make sure they have an email address and then it will create a distribution group in office 365.

Best regards,
Michael
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 39766130
ok.. I think I understand what you are saying.

although, I am not concerned with Dirsync. They can sync their passwords manually every few months.
Also, if I understand, I would have to disable dirsync for the cutover anyway, so I'll have the option on setting it up later after the cutover.

My main focus is a smooth transition, and knowing exactly what steps to take with my set up.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39792872
Also, if I understand, I would have to disable dirsync for the cutover anyway, so I'll have the option on setting it up later after the cutover.

What are you currently using DirSync for?
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 42

Expert Comment

by:Vasil Michev (MVP)
ID: 39792894
Everything you need to know is in this article:

http://help.outlook.com/ms.exch.ecp.emailmigrationwizardexchangelearnmore.aspx

The process goes over the GAL and migrates everything that is visible there. Here is also another article that explicitly lists what is migrated:

http://help.outlook.com/en-us/140/hh553234.aspx

Dirsync will certainly help you manage the users after the migration, and password sync will help you reduce the workload after the migration.

Here are also the requirements for synchronizing groups:

http://support.microsoft.com/kb/2256198#How
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 39797126
@diggisaur... I'm not currently using it. Just my understanding that if I set it up, I would have to disable it anyway to do the cutover. So after the cutover, I will have the option of whether or not to use it.

This article made me wonder if I should use it, hence part of the reason I questioned it:

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2013/07/12/five-things-you-need-to-know-about-using-dirsync-with-password-sync.aspx

@vasilcho... your comment:
"Dirsync will certainly help you manage the users after the migration, and password sync will help you reduce the workload after the migration"

I understand somewhat, but can you expand on that please? In what ways will it help manage users?
And according to the article, the password thing may be "6 one, half a dozen the other" in regards to password convenience and the administrators workload.

thanks to all so far.

Another question:  should I break the DAG and CAS array prior to the cutover?  What would be the pros/cons ?
0
 
LVL 42

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 250 total points
ID: 39797169
Because you will have a central point to manage objects. If you dont have dirsync, any change in the user attributes will have to be applied by the admin both on-prem and in the cloud. And even for small businesses, changes in name/position/manager/etc are common.  Also new accounts, you will have to provision them both on-prem and in the cloud.

Same for the passwords, most users will have trouble working with different sets of credentials. Even if you match the passwords, the different policies you have on-prem vs in the cloud will most certainly lead to different passwords at the end. You can always set the passwords to never expire, but this is a security risk.

It's up to you at the end, dirsync is not a requirement to use O365, it's just additional tool.
0
 
LVL 8

Author Comment

by:SeaSenor
ID: 39797193
again.. thanks.

Aside from Dirsync, should I leave the DAG and CAS array or should I remove them prior to the cutover?

Once the cutover migration has initially replicated, I should have enough redundancy (at least in respect to DAG).... to keep only one mailbox server. CAS would be a benefit until the cutover is completed and the batch removed.

thoughts on that?
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question