Solved

Exchange 2010 to Exchange Online migration if DirSync already exists?

Posted on 2014-01-16
5
1,100 Views
Last Modified: 2014-01-20
Hi All,

We've recently been given the green light to fully migrate our on-premise Exchange 2010 to Exchange Online, and I'm reading through the process, which has led me to discover something I consider quite alarming.

To set the scene, we've had Lync Online deployed for the last year or so (although it receives very little use), and due to that, have already deployed ADFS 2.0 and the DirSync tool within our organisation...

Now, I read that, because Exchange 2010 for some reason doesn't support Staged Migration to Exchange Online, our only real option is a Cutover migration (Hybrid doesn't really work for us, seeing as we want to actually do away with all on-premise Exchange infrastructure). However... I then read that, if you have already deployed DirSync within your org, then Cutover migration(s) will fail from the Exchange Online portal?

My question is, can we simply cancel our Lync Online subscription, remove our Vanity Domain from our existing Off365 account, remove DirSync/ADFS 2.0 and then create a brand new Off365 account, and setup the Vanity Domain from scratch, without having DirSync interfere? And if not, what are our options, please?

Thanks in advance

Dave
0
Comment
Question by:Ramsden-International
  • 3
  • 2
5 Comments
 
LVL 39

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39785495
I guess you really have a preference for over-complicating things? :)

Simply DISABLE dirsync for the time being and reenable it after the migration is over. All the details about cutover, including how to disable dirsync if needed can be found here:

http://help.outlook.com/en-us/140/Ff628719.aspx

http://technet.microsoft.com/en-us/library/dn144760.aspx

Of course you might run into some issues with objects not being updated in the cloud, etc, but you can happily live for weeks with dirsync disabled.
0
 

Author Comment

by:Ramsden-International
ID: 39785517
I am relieved to hear that, vasilcho, thankyou!

So I can keep our current Off365 account, and simply add Exchange Online licenses to it? (We are getting rid of Lync anyway, as it just isn't used)

It was my understanding that DirSync didn't work after a Cutover migration anyway? I didn't think you could use SSO without a Hybrid deployment in place? If you can now, then great! If not, then I guess there's no harm in removing DirSync anyway, because we wouldn't need it any longer.
0
 
LVL 39

Expert Comment

by:Vasil Michev (MVP)
ID: 39785542
SSO/ADFS and hybrid are two different things, you dont necessarily need them both. But yes, both depend on dirsync.

You can reenable dirsync once the migration is complete and continue using ADFS. Or you can use dirsync with password sync instead:

http://blogs.office.com/b/office365tech/archive/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365.aspx
0
 

Author Comment

by:Ramsden-International
ID: 39785564
Ahh, I understand now, I think... :)

Looks like we are currently using an older version of DirSync, because I don't see the option to tick the box for password hashtag sync in our version. Also, we already deployed ADFS 2.0 when setting up Lync Online, as it appears it was required as part of the process back then.

Can we just remove ADFS and replace DirSync with the updated version?
0
 
LVL 39

Expert Comment

by:Vasil Michev (MVP)
ID: 39785681
Depends on your requirements, as explained in the article above some things are only available with ADFS. It also offers seamless experience for users in the domain environment (i.e. the user is never asked for credentials), whereas dirsync only offers SAME sign-on (password is the same but you still need to enter it every time). If that works for you, go for it, Dirsync is of course lot easier to configure and support.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now