?
Solved

Exchange 2010 to Exchange Online migration if DirSync already exists?

Posted on 2014-01-16
5
Medium Priority
?
1,136 Views
Last Modified: 2014-01-20
Hi All,

We've recently been given the green light to fully migrate our on-premise Exchange 2010 to Exchange Online, and I'm reading through the process, which has led me to discover something I consider quite alarming.

To set the scene, we've had Lync Online deployed for the last year or so (although it receives very little use), and due to that, have already deployed ADFS 2.0 and the DirSync tool within our organisation...

Now, I read that, because Exchange 2010 for some reason doesn't support Staged Migration to Exchange Online, our only real option is a Cutover migration (Hybrid doesn't really work for us, seeing as we want to actually do away with all on-premise Exchange infrastructure). However... I then read that, if you have already deployed DirSync within your org, then Cutover migration(s) will fail from the Exchange Online portal?

My question is, can we simply cancel our Lync Online subscription, remove our Vanity Domain from our existing Off365 account, remove DirSync/ADFS 2.0 and then create a brand new Off365 account, and setup the Vanity Domain from scratch, without having DirSync interfere? And if not, what are our options, please?

Thanks in advance

Dave
0
Comment
Question by:Ramsden-International
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 42

Accepted Solution

by:
Vasil Michev (MVP) earned 2000 total points
ID: 39785495
I guess you really have a preference for over-complicating things? :)

Simply DISABLE dirsync for the time being and reenable it after the migration is over. All the details about cutover, including how to disable dirsync if needed can be found here:

http://help.outlook.com/en-us/140/Ff628719.aspx

http://technet.microsoft.com/en-us/library/dn144760.aspx

Of course you might run into some issues with objects not being updated in the cloud, etc, but you can happily live for weeks with dirsync disabled.
0
 

Author Comment

by:Ramsden-International
ID: 39785517
I am relieved to hear that, vasilcho, thankyou!

So I can keep our current Off365 account, and simply add Exchange Online licenses to it? (We are getting rid of Lync anyway, as it just isn't used)

It was my understanding that DirSync didn't work after a Cutover migration anyway? I didn't think you could use SSO without a Hybrid deployment in place? If you can now, then great! If not, then I guess there's no harm in removing DirSync anyway, because we wouldn't need it any longer.
0
 
LVL 42

Expert Comment

by:Vasil Michev (MVP)
ID: 39785542
SSO/ADFS and hybrid are two different things, you dont necessarily need them both. But yes, both depend on dirsync.

You can reenable dirsync once the migration is complete and continue using ADFS. Or you can use dirsync with password sync instead:

http://blogs.office.com/b/office365tech/archive/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365.aspx
0
 

Author Comment

by:Ramsden-International
ID: 39785564
Ahh, I understand now, I think... :)

Looks like we are currently using an older version of DirSync, because I don't see the option to tick the box for password hashtag sync in our version. Also, we already deployed ADFS 2.0 when setting up Lync Online, as it appears it was required as part of the process back then.

Can we just remove ADFS and replace DirSync with the updated version?
0
 
LVL 42

Expert Comment

by:Vasil Michev (MVP)
ID: 39785681
Depends on your requirements, as explained in the article above some things are only available with ADFS. It also offers seamless experience for users in the domain environment (i.e. the user is never asked for credentials), whereas dirsync only offers SAME sign-on (password is the same but you still need to enter it every time). If that works for you, go for it, Dirsync is of course lot easier to configure and support.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month13 days, 19 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question