Office 365 migration Cutover Hybrid IMAP migration

Office 365 migration Cutover Hybrid IMAP migration

Hey guys, hope you are doing well, this article going to be interesting!
Long time I wanted to introduce you the Office 365 migration options, Recently, I had many Exchange and Office 365 migration projects to complete, a roughly 3-4 project that I have to manage and lead, each one is different and more challenged, I really love doing this type of project!!! it requires preparation, design, implementation and project manager skills, therefore I would like to talk little about them and show you which migration options do we can initiate using Office 365 migration built-in options.

There have four migration options:

  • Remote move migration (supported by Exchange Server 2010 and later versions)
  • Staged migration (supported by Exchange Server 2003 and Exchange Server 2007 only)
  • Cutover migration (supported by Exchange Server 2003 and later versions)
  • IMAP migration (supported by Exchange and other email systems)

I want to concentrate on 3 major migration options:

  • Remote move migration (supported by Exchange Server 2010 and later versions)
  • Cutover migration (supported by Exchange Server 2003 and later versions)
  • IMAP migration (supported by Exchange and other email systems)

Remote move migration Hybrid (supported by Exchange Server 2010 and later versions):

This mode allows us to migrate on-premises Exchange mailboxes to Office 365 and work at the same time on both sides.
You can still work in the on-premises Exchange and receives emails, you can migrate mailboxes to office 365 and receives emails over there as well ,this method is the preferred to an organization that plans to move into office 365 services, Because you can do it in your leisure time and according to selection, without pressure, try to think about it, you decide which mailbox to migrate or not.
Usually, we migrate about 10-20 mailboxes at the same time and as soon as the migrate finish the user gets a message that the “The Microsoft Exchange Administrator has made a change that requires you quit and restart Outlook” and you have to re-open the outlook and then the user should enter his credential which is must be matching to Office 365 UPN.

What are the prerequires and important points to work in the Hybrid mode?

  • Make sure you have a trusted certificate, not from your CA, you should purchase
    Make sure Autodiscover URL is included your certificate’s URL
  • Make sure your Autodiscover and you exchange records are published over Wide World DNS and points to Exchange.
  • If the exchange’s name like (pelegit.local), you have to change Exchange URL’s that users will authenticate with Exchange/EWS services externally and then the users won’t get certificate warning like this:

  • If your UPN is different than the domain you added to office 365 please open “Active Directory Trust and Domain” and add the correct UPN.
  • You should change the UPN to the intended mailboxes that supposed to be migrated to Office 365:

  • If your SMTP address contains like “[email protected]” you have to remove it and also to remove the domain from “Email Address Policy“:
    You also can check the “ProxyAddresses attribute” in the “ADSIEDIT” and check that there is no wrong SMTP address.

  • You also can uncheck the “V” option of “Automatically update e-mail address based on e-mail address policy” per a mailbox, or run this command using “Exchange PowerShell” and it unchecks the checkbox from all mailboxes.
    Get-Mailbox | Set-mailbox -EmailAddressPolicyEnabled $false
  • Make sure you are not syncing the wrong SMTP address, for example if your domain UPN is [email protected] as you can realize that this domain isn’t valid in  the “Accepted Domain” on Office 365 ,thereby you must remove irrelevant SMTP address from all mailboxes, you can’t sync unexciting SMTP that isn’t valid in your accepted domain, I on purpose emphasize it because many migrations failed due to this issue.
  • How to remove wrong (%UserName%@Pelegit.local) SMTP address from all mailboxes:
    $users = Get-Mailbox -ResultSize unlimited
    foreach ($user in $users) {
    
        $email = (Get-Mailbox $user.alias).EmailAddresses | Where-Object {$_.ProxyAddressString -like '*pelegit.local'}
    Set-Mailbox $user.alias -EmailAddresses @{remove="$($email.smtpaddress)"} }
  • Add domains to Office 365 and don’t change AutoDiscover and MX records yet – Just verification process.
  • Enable office 365 trial license from licenses – you may wait up to an hour that all Admin center appears.
  • As soon as you finish with your On-premise prerequires you can download the Download the AD Connect from the following URL: (SBS2011, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016)
    https://www.microsoft.com/en-us/download/confirmation.aspx?id=47594.
  • Use of “Global Administrator” credential in order to connect to office 365.
  • Sync the contacts, group, distributions groups.
  • Before installing the Hybrid configuration you should verify that your exchange is ready for migration process by check that “MRSH service” is up and check the following points:
  • Check the MRSHealth using the following command: “Test-MRSHealth
  • Make sure the MSRProxy is enabled using the following PowerShell on Exchange Shell:
    Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -MRSProxyEnabled $true -MRSProxyMaxConnections 50
  • Make sure the Basic Authentication is enabled:
  • Open the IIS and open the “EWS” folder and make sure the “Basic Authentication” is enabled
  • Make sure you are able to access the following URL Externally
    https://mail.xxx.co.il/ews/mrsproxy.svc
  • Go to Exchange Management under Admin Center and click on Hybrid button
  • Using the End-point you can see the on-premises environment data.

New Hybrid configuration wizard prompted
– Ensure the A/V is not blocking the wizard, otherwise, exclude some sources.
– Make sure the AD connect and Hybrid configuration is opening to MS service using 443 and 80.
Running the hybrid wizard, it is not complicated at all, just make sure you understand everything you are donning and don’t continue without understanding the small things.

Hybrid configuration creates the connectors (Send/Receive), certificates, email address policy, federation trust, hybrid configuration, organization relationship, onmicrosoft SMTP address and some settings that help to route the email and data to Send / Receive an email to office 365 in the hybrid mode.

  • Sending email to [email protected] > MX  > SMG \PINAPP\Proof Point > Exchange > verifying if exist or not > forward email to Office

Exchange checks if this mailbox is existing in the on-premises environment or not, the mail goes to cloud according to “Routing E-mail Address“:

How does migration process look like?

Here is an example of a batch file with two mailboxes that migrating to Office 365:

If you see larger size than the original mailbox size –  don’t worry it is ok, don’t work up, it is normal, migrate process adds some temporary data on the mailbox which helps them migrate mailbox.

Cutover migration (supported by Exchange Server 2003 and later versions):

This migration method is a common one as well, we migrate all mailboxes at once time, let me describe:

When we have a small organization with 50 mailboxes, we can migrate all  mailboxes from a source email system to Office 365 at one click, when you run the sync it, doesn’t mean that you have cut over the mailboxes, you can re-run the deltas whenever you want and catch up the data gaps, just whenever you decide to change the DNS at the specific time, you can re-run the batch again as last incremental action and then change the MX and DNS record to point Microsoft services.
You have to take into your consideration that after this process you have to reconnect all user’s accounts to office 365 services and mobiles as well, their accounts were connecting to the old mail server.

Important notes:

  • Microsoft allows you to use this method only if your on-premises Exchange organization has fewer than 2,000 mailboxes.
  • Make sure the Outlook Anywhere is enabled.
  • You can’t use cutover migration when DirSync is enabled, you must stop the DirSync, therefore, you can create all source mailboxes as objects in your Active Directory, with the same UPN. and SMTP address and don’t run DirSync yet!
  • Exchange Online mailboxes are synchronized every 24 hours, or you can re-run it manually.
  • At the period of delta time, any deleted item in the on-premises environment will sync to exchange online as well.
  • You must create end-point with administer account that has full permissions to all mailboxes in the source environment
  • Autodiscover and you exchange records are required.
  • You have to add the Domain to office 365 accepted domains as well.
  • You have to verify that there is no any existing UPN, member, contact, groups, a user that already exists in Office 365, if it’s one of these objects existing, the migration process will be failed about existing object with the following error messages:
    Error: UnexpectedTargetRecipientTypeException: An unexpected recipient of type ‎’Mailbox‎’ already exists in the target environment.
    Expected a recipient of type ‎’Group‎’.Error: MigrationProvisioningPermanentException: The name “PelegIT” is already being used. Please try another name. –> The name “Pelegit” is already being used. Please try another name.
  • Cutover Migration creates the mailboxes and users without licenses, at the end of the migration you should assign a license.
  • You can turn on DirSync again, afterward, you should see that your object syncs with your on-premises Active Directory.
  • Change DNS record to Office 365 and completed domain verification.
  • The annoying thing is the reconnect all mobiles and computer to office 365.

The cut-over migration runes in these steps: > Verification > Provisioning-Updating > Syncing

Cutover example:

Do not forget deleting the batch at the end of the process.
Guys please don’t forget change DNS record and points them to Office 365.

IMAP migration (supported by Exchange and other email systems):

IMAP migration is another great way to migrate mailbox from mail system and you don’t have full permission for all mailboxes.
IMAP migration allows us to migrate mailboxes using end user credential – email address and password.
– You should create users in your office 365 and assign license before starting IMAP migration, regarding the password, it mustn’t be like source, you can to set a password to each user later on.

  • Only items in a user’s inbox or other mail folders are migrated. Contacts, calendar items, or tasks aren’t migrated.
  • The term for this is to create end-point as well as source exchange details.
  • You have to add your domain to Office 365.

You have to upload CSV file with the following columns > ‘username, email address, and password’, exactly the following structure:

After you completed the wizard with next button, you will be able to trace the migration progress:

The only problem I experience post this migration is that some irrelevant folders have created on the migrated mailbox:

However, it is migrating email items perfectly and you can use this option without purchasing any third-party software, it suites to migrate from email system which is based MS, although it supports exchanges server as well.
By the way, you can do the same migration from the different location in Office 365 Admin center:

Setup > Data Migration >

And here you have to provide “Administrator credential”:

After that, just specify the user’s password in the source environment: – Clickable users are licensed users.

Also here you can resync the mailbox items whenever you want, like the cutover migration.
The major difference is that here you must enter the user’s source password.

As soon as you complete the migration you, can change the DNS records and points them to Office 365 services.

As you can see guys, we have different options to move into Office 365 service, a third-party solution can do the provide us the same solution (the common are MIGRATIONWIZ and kernel migrator).
It was important to me sharing the migration options and enrich your knowledge with regards to office 365 migration subjects.

I strongly recommend before initiating and moving to the office 365, check anything thoroughly, and don’t miss small important notes, you simply can screw up the user’s basic services due to the incorrect configuration, therefore, verify your autodiscovery is working well using this website:
https://testconnectivity.microsoft.com/

For any question and further information please don’t hesitate to leave a comment.