Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 418
  • Last Modified:

Exchange 2010 to Office 365 Cutover Migration - Questions

Hi Experts,

I am preparing to cutover.

I have some questions...but first here is my set up:

2 exchange servers in DAG  and  Casarray...  no load balancing.
both servers hold all roles. CAS, HUB, Mailbox
Exchange 2010 sp3 and Windows Server 2008 R2 on all machines involved.
One database - approx. 19GB
135 Users
no public folders
Single Forest and Domain
I have a barracuda spam filter.

I will not be using AD FS or DirSync.
I am going to require them to sign in separately to Office 365 from the local network.

First questions.... (more to come)

Is keeping it totally separate the best idea? .. or should I consider DirSync for other reasons (besides Same Sign On) ?

My users are in both mail enabled security groups and distribution groups.
How will the cutover affect this?
Will it convert the mail enabled security groups to dist. groups?

thanks in advance...
0
SeaSenor
Asked:
SeaSenor
2 Solutions
 
mijaredCommented:
Hello,

I found in some cases there is no need to use dirsync or ADFS. Mainly I used this when the users were remote or mobile users.

If the majority of your users are office based, you might as well use Dirsync. In the most recent version it will now sync the passwords also to the cloud. Meaning that the same username and password onsite will work for office 365. There is a small amount of work to be done on the AD first to setup the UPN in the same domain name as in office 365.

The main problem with using Dirsync and a pre existing exchange environment is, when you sync the users to the cloud, the user object has entries for an exchange mailbox and one in office 365 is not created. You would need to "move mailboxes to the cloud" from the onsite exchange server.

Same for the security group, you would need to make sure they have an email address and then it will create a distribution group in office 365.

Best regards,
Michael
0
 
SeaSenorAuthor Commented:
ok.. I think I understand what you are saying.

although, I am not concerned with Dirsync. They can sync their passwords manually every few months.
Also, if I understand, I would have to disable dirsync for the cutover anyway, so I'll have the option on setting it up later after the cutover.

My main focus is a smooth transition, and knowing exactly what steps to take with my set up.
0
 
Gareth GudgerCommented:
Also, if I understand, I would have to disable dirsync for the cutover anyway, so I'll have the option on setting it up later after the cutover.

What are you currently using DirSync for?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
Vasil Michev (MVP)Commented:
Everything you need to know is in this article:

http://help.outlook.com/ms.exch.ecp.emailmigrationwizardexchangelearnmore.aspx

The process goes over the GAL and migrates everything that is visible there. Here is also another article that explicitly lists what is migrated:

http://help.outlook.com/en-us/140/hh553234.aspx

Dirsync will certainly help you manage the users after the migration, and password sync will help you reduce the workload after the migration.

Here are also the requirements for synchronizing groups:

http://support.microsoft.com/kb/2256198#How
0
 
SeaSenorAuthor Commented:
@diggisaur... I'm not currently using it. Just my understanding that if I set it up, I would have to disable it anyway to do the cutover. So after the cutover, I will have the option of whether or not to use it.

This article made me wonder if I should use it, hence part of the reason I questioned it:

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2013/07/12/five-things-you-need-to-know-about-using-dirsync-with-password-sync.aspx

@vasilcho... your comment:
"Dirsync will certainly help you manage the users after the migration, and password sync will help you reduce the workload after the migration"

I understand somewhat, but can you expand on that please? In what ways will it help manage users?
And according to the article, the password thing may be "6 one, half a dozen the other" in regards to password convenience and the administrators workload.

thanks to all so far.

Another question:  should I break the DAG and CAS array prior to the cutover?  What would be the pros/cons ?
0
 
Vasil Michev (MVP)Commented:
Because you will have a central point to manage objects. If you dont have dirsync, any change in the user attributes will have to be applied by the admin both on-prem and in the cloud. And even for small businesses, changes in name/position/manager/etc are common.  Also new accounts, you will have to provision them both on-prem and in the cloud.

Same for the passwords, most users will have trouble working with different sets of credentials. Even if you match the passwords, the different policies you have on-prem vs in the cloud will most certainly lead to different passwords at the end. You can always set the passwords to never expire, but this is a security risk.

It's up to you at the end, dirsync is not a requirement to use O365, it's just additional tool.
0
 
SeaSenorAuthor Commented:
again.. thanks.

Aside from Dirsync, should I leave the DAG and CAS array or should I remove them prior to the cutover?

Once the cutover migration has initially replicated, I should have enough redundancy (at least in respect to DAG).... to keep only one mailbox server. CAS would be a benefit until the cutover is completed and the batch removed.

thoughts on that?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now