Solved

Office 365 Cutover Migration Question

Posted on 2015-01-05
10
982 Views
Last Modified: 2015-01-08
Greetings.  We've been using Directory Sync. with our on-premises Exchange 2010 (SP3) server and Exchange Online Protection.

I understand with a cutover migration that DirSync is not used.

In our "Office 365" portal, there are "user" accounts already created for all mail-enabled users.

In the "Exchange" section of the portal, Recipients, there are no mailboxes created yet.

When we create the first cutover migration batch, will there be a problem creating Exchange user accounts in the cloud because those "user" accounts already exist under "Office 365" ?   We're using a temporary non-Microsoft SPAM filtering solution, so in theory I can delete all those "users" already created.

Thanks much.
-Stephen

OFFICE-365-ADMIN.jpg
Exchange Admin Center tab
0
Comment
Question by:lapavoni
  • 4
  • 4
  • 2
10 Comments
 
LVL 38

Accepted Solution

by:
Vasil Michev (MVP) earned 250 total points
ID: 40532933
The cutover migration process provisions new accounts based on the value of the "WindowsEmailAddress" attribute. If a user with the same address already exists, it will throw an error. So at the end, you might end up deleting those accounts anyway. See for example this thread on the community forums: http://community.office365.com/en-us/f/685/t/188571.aspx
0
 
LVL 3

Assisted Solution

by:Sudhir Bidye
Sudhir Bidye earned 250 total points
ID: 40533110
As Vasil Michev said earlier, No need to create user's manually in office 365 as the cutover process itself will provision the mailboxes and groups in office 365 once the sync begins. you just need to ensure that none of the mailboxes or groups are hidden from GAL. If you do not want to migrate any mailbox or group to office 365 then simply hide it in GAL at on premises server.

With regards to performing dirsync with Cutover, I have performed it for few clients and it's successful. Although Microsoft does not have any official guide for it I followed below article and performed Cutover migration with dirsync

You DO NOT NEED to perform step 3 i.e implementing ADFS. Dirsync will work just fine without ADFS.

Article : http://community.office365.com/en-us/w/exchange/835.cutover-exchange-migration-and-single-sign-on.aspx

In short you will have to perform the cutover migration with dirsync in below sequence.

1) Perform Cutover migration. For public folders migrate it using export import method.
2) Convert on-premises mailboxes to mail-enabled users.
3) Activate and install the Directory Synchronization tool.

If your source server is SBS Server then do not install Dirsync tool on SBS server, instead build a new member server for dirsync and install dirsync tool on it.
0
 

Author Comment

by:lapavoni
ID: 40534511
Good link and explanation, Vasil.  Thank you.

Sudhir, I cannot find any reference to hidden mailboxes not migrating properly.  I did find a reference to hidden Contacts not being seen by Office 365 users.  Do you have any documentation about that ?

http://blogs.technet.com/b/hot/archive/2012/07/31/how-to-unhide-all-hidden-contacts-from-gal-by-using-powershell-script.aspx

Also, as I understand DirSync in this case, it is only used to keep passwords in sync between local AD accounts and their corresponding cloud Office 365 accounts, yes ?  I don't wish to maintain an on-premises Exchange server after migration. I'm OK managing e-mail users from the Office 365 management portal.  There are a few utilities that seem to synchronize passwords fairly well.  This one in particular looks good.  Any experience with these ?

http://www.messageops.com/software/office-365-tools-and-utilities/office-365-password-synchronization/


Thanks much.
-Stephen
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 40534991
Any object that is hidden from the GAL will not be migrated, so you should indeed double-check on that. It's simply the way the cutover wizard works - it connect to your on-prem server and looks at the GAL, then goes over each object listed there.

As for dirsync, it's generally used to reduce the management overhead. If you are fine with managing the users directly from the portal and you are not planning on using password sync or AD FS, you can ignore dirsync. If you want password sync however, you can just stick with the built-in one available in the new version of Dirsync/ADSync, no need for 3rd party tools.
0
 
LVL 3

Expert Comment

by:Sudhir Bidye
ID: 40535160
Stephen : Vasil has nicely explained the answers to the questions you asked to me :)
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:lapavoni
ID: 40536229
Please let me know if I understand this correctly:  In order to use DirSync, I need to maintain an on-premise Exchange server.  The on-premise "users" are the AD accounts of each user in our organization.  The reference to "mail-enabled users" adds an Office 365 attribute to the local AD accounts.  And DirSync requires a two-way synchronization to do so ?  It seems the only reason to do this is if I had two different types of mail users (local and Office 365) and wanted to maintain an on-premises Exchange server, which I don't wish to do.  There's no need to have proxy addresses copied *down* to my local AD from Office 365. I can see if I wanted to manage users with the existing Exchange 2010 management tools with DirSync and assure that proxy addresses got copied *up* to Office 365, then that would make sense.  It seems like a lot of processes and stuff to keep in place just to have passwords synced from local to the cloud, yes ?
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 40536436
No local exchange server is needed to run dirsync. The information you have read probably related to the fact that removing Exchange can 'strip' any mail related attributes, or the general recommendation to keep at least one Exchange box for ease of management.

Two-way sync is used for Hybrid deployments, no need otherwise (you can refer to this article http://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx)
0
 

Author Comment

by:lapavoni
ID: 40538593
OK, two final quick questions that are somewhat related.  We have about 80 user mailboxes with a total of about 500GB of data.  We have a 40Mb/s connection (both up and down).

1. Can a create the migration batch and run it during normal business hours without impacting users too much ?
2. I have the mail server backup running every night using MS Server Backup to an external drive.  Are there any issues with migrating data while the backup is running ?

Thanks much.
-Stephen
0
 
LVL 38

Expert Comment

by:Vasil Michev (MVP)
ID: 40538818
During normal business hours you will most likely see slow migration performance, as Exchange Online throttles the connections depending on the load. Here's an article with more details: http://technet.microsoft.com/library/dn592150(v=exchg.150).aspx

As for impacting the users, it really depends on other factors as well. The 'best case' scenario from the article above is 15GB/hour, but it's very unlikely you will be hitting anywhere near that during business hours. Still, to be on the safe side, you can opt for a smaller than the maximum of 100 concurrent migrations (http://technet.microsoft.com/en-us/library/jj874458(v=exchg.150).aspx explains how you can configure that). Or just schedule it over the weekend.

Backup will not be a problem, probably a small drop in performance when it's running, nothing else.
0
 

Author Closing Comment

by:lapavoni
ID: 40539180
Thank you both for some very helpful information and good links.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This Experts Exchange lesson shows how to use VBA to loop through rows in Excel.  In order to sort, filter, and use database features, there needs to be a value in each column for every row. When data arrives with values missing, code to copy values…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now