Exchange 2010 to Exchange Online migration if DirSync already exists?
Hi All,
We've recently been given the green light to fully migrate our on-premise Exchange 2010 to Exchange Online, and I'm reading through the process, which has led me to discover something I consider quite alarming.
To set the scene, we've had Lync Online deployed for the last year or so (although it receives very little use), and due to that, have already deployed ADFS 2.0 and the DirSync tool within our organisation...
Now, I read that, because Exchange 2010 for some reason doesn't support Staged Migration to Exchange Online, our only real option is a Cutover migration (Hybrid doesn't really work for us, seeing as we want to actually do away with all on-premise Exchange infrastructure). However... I then read that, if you have already deployed DirSync within your org, then Cutover migration(s) will fail from the Exchange Online portal?
My question is, can we simply cancel our Lync Online subscription, remove our Vanity Domain from our existing Off365 account, remove DirSync/ADFS 2.0 and then create a brand new Off365 account, and setup the Vanity Domain from scratch, without having DirSync interfere? And if not, what are our options, please?
Thanks in advance
Dave
We've recently been given the green light to fully migrate our on-premise Exchange 2010 to Exchange Online, and I'm reading through the process, which has led me to discover something I consider quite alarming.
To set the scene, we've had Lync Online deployed for the last year or so (although it receives very little use), and due to that, have already deployed ADFS 2.0 and the DirSync tool within our organisation...
Now, I read that, because Exchange 2010 for some reason doesn't support Staged Migration to Exchange Online, our only real option is a Cutover migration (Hybrid doesn't really work for us, seeing as we want to actually do away with all on-premise Exchange infrastructure). However... I then read that, if you have already deployed DirSync within your org, then Cutover migration(s) will fail from the Exchange Online portal?
My question is, can we simply cancel our Lync Online subscription, remove our Vanity Domain from our existing Off365 account, remove DirSync/ADFS 2.0 and then create a brand new Off365 account, and setup the Vanity Domain from scratch, without having DirSync interfere? And if not, what are our options, please?
Thanks in advance
Dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SSO/ADFS and hybrid are two different things, you dont necessarily need them both. But yes, both depend on dirsync.
You can reenable dirsync once the migration is complete and continue using ADFS. Or you can use dirsync with password sync instead:
http://blogs.office.com/b/office365tech/archive/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365.aspx
You can reenable dirsync once the migration is complete and continue using ADFS. Or you can use dirsync with password sync instead:
http://blogs.office.com/b/office365tech/archive/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365.aspx
ASKER
Ahh, I understand now, I think... :)
Looks like we are currently using an older version of DirSync, because I don't see the option to tick the box for password hashtag sync in our version. Also, we already deployed ADFS 2.0 when setting up Lync Online, as it appears it was required as part of the process back then.
Can we just remove ADFS and replace DirSync with the updated version?
Looks like we are currently using an older version of DirSync, because I don't see the option to tick the box for password hashtag sync in our version. Also, we already deployed ADFS 2.0 when setting up Lync Online, as it appears it was required as part of the process back then.
Can we just remove ADFS and replace DirSync with the updated version?
Depends on your requirements, as explained in the article above some things are only available with ADFS. It also offers seamless experience for users in the domain environment (i.e. the user is never asked for credentials), whereas dirsync only offers SAME sign-on (password is the same but you still need to enter it every time). If that works for you, go for it, Dirsync is of course lot easier to configure and support.
ASKER
So I can keep our current Off365 account, and simply add Exchange Online licenses to it? (We are getting rid of Lync anyway, as it just isn't used)
It was my understanding that DirSync didn't work after a Cutover migration anyway? I didn't think you could use SSO without a Hybrid deployment in place? If you can now, then great! If not, then I guess there's no harm in removing DirSync anyway, because we wouldn't need it any longer.