Exchange Online: Migrating Mailboxes to Office 365

Just another WordPress site

Exchange Online: Migrating Mailboxes to Office 365

ladies and gentlemen welcome on the migrating mailboxes to Microsoft Office 365 training my name is gobbler at Murray I work as a partner consultant in the Central and Eastern Europe region and I’m an office 365 specialist in this presentation I will walk through the technical details of the migration I will pay special attention to the processes including timing concerns I want to cover three types of migration the cutover the IMF and the stage migration please note that for example hybrid migration is not covered in this presentation and at the end I will demonstrate a cuddler migration for you just for the reference here is a summary of the migration tools and options we have the exchange online if you are interested in this big picture I will suggest you the presentation mail migration strategies there is a tool which is called exchange 2013 deployment assistant what can be used as an official guide this assistant will ask some questions regarding to the customers environment and suggest a migration path for you also it can create a step-by-step documentation what to do it was demonstrated also in the previous presentation called mailbox migration strategies so let’s start with the cutover migration cutover migration is the least complex from these three kinds of migration you can see here a typical process flow for a cutover migration we start from the left side in the very first three steps we are doing the preparation tasks the actual migration then we are synchronizing the data it happens in the purple cord fourth step and the rest is also are not too time-consuming in sequence of some other tasks and of course I will explain more detailed all of these tasks in the next slides you will start the migration with the preparation phase this is the step number one so first in the office 365 you must add and verify your email domain for example contoso comm also out there is a requirement for a cutover migration process you should not install directory synchronization to cuddler process is only for the customers with less than 1,000 users we have experienced some important practices in the field and let me highlight some of them so the first one is out right before the migration you need to reconfigure the TTL value for your MX record at some DNS provider we have seen TTLs up to 1 week which will surely delay your actual migration so please reconfigure this value to 15 minutes or half an hour the second one is you need to check the company credit card if it’s valid if it’s really a company credit card and again this can cause some delays in the migration if something is bad with that credit card the third one is the firewall administration if you need and to do any kind of changes on the firewall if there is any firewall at all a company you need to clarify who will administer the firewall and what processes should you maintain the fourth one is again about DNS provider you need to figure out who can do the modifications on your DNS records and of course you need to make sure that this guy is available even on the weekend and also you need to check what is the service level agreement for your DNS provider and what I have seen also in the configuration when you add your actual domain record you are requested to add the Alto discovery record however you can do that later then you are ready to I’ll switch your L to disco record as the cutover migration process is using RPC over HTTP or cold outlook anywhere you need to install and use our public SSL certificate which it came from a public provider a trusted public provider if you don’t have any yet you may use a free trial certificate from a public provider because this should be enough for this migration and actually

after the migration you don’t need your on-premise exchange server anymore so you don’t need your on-premise SSL certificate so you can simply drop it I suggest to create a dedicated administrator user which will be used only for the migration we must give him permissions either full access permission to all of the mailboxes or receive as permissions or we just need to give him domain administrator permissions by putting him into the domain admins group next you need to create the migration endpoint on the office 365 portal this will include your servers name the migration administrator account as well as the number of the simultaneous mailbox moves which can limit the performance stress on your own premise Exchange Server and let me also highlight some best practices the very first one is the user communication so please in advance to the migration inform the users what we are going to happen and also a very good idea to tell them about the Outlook Web Access address so that means if they have any kind of trouble regarding to the outlook then they try to logon to the office 365 they can still fall back to use OVA so all these kind of troubles will be not so urgent then without this kind of communication the actual migration is started from the exchange online console so first we will do an initial synchronization which will synchronize up your on-premise mailbox data to the cloud and actually after that initial synchronization we do incremental synchronizations in each day and this will synchronize all the changes in your own premise mailbox so if a user received a new email that will be synchronized if a user sent an email that will be synchronized or if this user deserted an email this deletion will be also synchronize up to the cloud mailbox what are the best practices from the field most of the users starting this migration phase in mid week so for example on Tuesday Wednesday they can do that because the end users are not affected at all there’s still have their working normal operational on-premise mailboxes and they can still connect to these mailboxes and use them to receive and send emails however in the background this migration process is running and you can expect a maximum throughput of 5 to 10 gigabyte per hour of course this depends on your internet connection on your network throughput or also it depends from the actual pair performance of your own premise server and during this synchronization feel free to review all the error logs presented on exchange online so you can have a clear view what’s going on in the system and you can see if there are any items which cannot be migrated to the cloud you can leave this incremental synchronization running for a couple of days the actual switch is initiated by changing your MX record and out of this cover record as soon as you change your MX record it will point to the office 365 so all the incoming emails land in a cloud mailbox and this is the right time to instruct the users or will change their outlook profiles centrally our by an administrator to point tends to connect to the cloud veil box and this will also mean that outlook will rebuild the OST file by downloading all the emails from the cloud mailbox the best practice from the field is to do this MX record change on Saturday for example so that would give enough time for the outlook clients to download and Rebels be OST files so we don’t leave it for Monday because that would stretch our network very very hard so the system administrators can walk through the outlook clients and they can reconfigure the meta profiles and let outlooks run and synchronize the data to the OST cache in office 2013 there is a new

feature you can set the cache interval for an OST file so you don’t need to download all the emails you can decide and you can instruct Outlook to download and cache only the emails from the last month or from last year the rest of the emails are also available also visible and outlook however they are not in the USD file and also let me mention one more issue that you know of the incremental synchronization happens once in each 24 hours so to make sure the the calls the least outage for the actual users the best practice is to change this MX record not too far up before the incremental synchronization so that would mean right than after all the MX record was changed to be at performing an incremental synchronization so the latest emails will be synchronized up to the cloud mailboxes so after the MX record was changed the users are using actually their office 365 mailboxes to receive and send emails you can still keep the incremental synchronization running it’s not a problem at all even you have the option to I’ll remove and restart the migration because this is a fairly intelligent process if it finds any email what was already migrated to the cloud it will not mean diplucate this email so you can restart the migration and do it again if this is really necessary but most of the users most of the customers are removing this synchronization process on Tuesday Wednesday when they made sure all the users are using their new mailboxes so this our final task the ideality batch task this it doesn’t affect the actual users at all just you need to make sure there are no more users who are using their on premise mailboxes because if they send an email from this on-premise mailbox then this will not be replicated after you finished the migration process the catawba replication and also you have a couple of tasks which can be paired from on Sunday for example after the successful migration so here again you need to communicate with your users at least you need to distribute the new passwords for their cloud mailboxes if you have any sender’s permissions used by the customers then you need to configure these permissions because all the cutover migration won’t up reconfigure the send s permission on the new mailboxes and of course feel free to backup and then uninstall and retire your own premise email infrastructure because it doesn’t used in the future and please don’t forget about the support personnel and support processes even you can tell them about the top issues about the behavior of the new system and of course it’s always a good idea to train the users itself because we must give them productivity boost how to use the office 365 infrastructure don’t forget they might have exchange 2003 they might have Outlook 2003 and migrating well to the US version of Outlook is really giant jump out ten years ahead in the time into the modern era so train the users because we really want to make them productive after the cutover migration let me go through the differences i’ll versus the cutover migration let me describe the imap migration if you had a look on the general I’m of migration process this is pretty much the same as it was with the cutover process let me highlight however the two steps in dark blue so for an IMAP migration we will create a migration batch or multiple migration batches and this is actually about does the synchronization so this is the the long-running story and since you are able to run multiple batches they can schedule the migration of four to

migrate some groups of users and again here are in the one before the last step which is in purple color you need to change the AMEX record to point to office 365 and this does the actual switch to the cloud infrastructure so let’s have a look on details of what are the differences the first difference is in the preparation because we are using this time the IMAP protocol so your server must be able to accept the connection on port 1 4 3 or 9 93 9 9 3 is for the secular IMAP I highly suggest to use this port of course here again you need to add and verify your email domain like contoso comm and this time you need to manually create the actual users and the mailboxes in office 365 you have different options you can either create the users by using the portal or you can bulk import the users by using CSV files or even you can configure the using to create these user accounts as best practice I always suggest to lower the TTL value of the MX record as previously and also we can create a dedicated migration administrator user and giving permissions at being able to log on to the actual mailboxes if this is not possible because for example this IMAP server is hosted and you don’t have the access to set up permissions on the server no problem at all still you have another option you can collect all the user passwords and use them for the actual migration as I mentioned you can migrate your users in an IMAP migration in groups in so-called batches these batches are defined in CSV files so CSV files contain the user name the user logo name and the user password for example since you store passwords in these CSV files you need to keep them really in sexual location so keep BitLocker switched on on your laptop for example and actually you had a couple of limitations for this CSV files but personally I don’t think there are really very very strict you should not enter more than 50000 rows in one CSV files or one CSV file cannot be bigger than 10 megabytes however feel free to create multiple CSV files so even you can migrate a couple of hundred thousands of users no problem at all just you need to use multiple CSV files and here what you need to keep in mind that still we are directing the emails to death server where the AMEX record is pointing to so we don’t have any redirection on or any rules or whatever still we are sending the emails to your own premise server if you haven’t changed the AMEX record to point to the cloud the rest of the migration happens really the very same way as with the cutover migration again we have incremental synchronizations once in each day so basically you can keep this IMAP migration process running it will synchronize all the emails up to the cloud the emails are landing first in the on-premise server and these will be synchronized to the cloud then they saw our incremental synchronization cycle is being activated and last but not least let’s talk about the stage migration which is actually a mix of the I’m up and the cutover migration in the overall migration process for a stage migration you can see that again we are starting with the preparation in the purple colored box you can see that we are creating a migration endpoint and after that we have these dark blue boxes and a dark blue box is marking at the migration batch and actually here again you had the possibility to create multiple batches so you can move your users in groups to the cloud so not everyone in one step but in groups the preparation step started with adding and verifying your email domain this is the very same but we have seen in the IMAP

and also in the cutover migration this time however you must implement the directory synchronization to this directory synchronization tool will be responsible for creating and setting up the accounts in office 365 this also causes that you must have an M or e plan for office 365 or of course the standard on Exchange Online plan will be also suitable for the stage migration process again we are using Outlook anywhere or RPC over HTTP so you must configure this protocol on your on-premise exchange server please note that here only Exchange Server 2003 and 2007 is supported for Exchange Server 2010 and 2013 in you must implement the hybrid scan REO if you want to move your users in groups there are also a couple of interesting points of the most important question what I was asked by a couple of partners if you can deactivate the dietary synchronization after the migration was done and the answer is yes so if you don’t the plan to use dietary synchronization in the future you can do that just activated on it and so you can go on by managing your users totally in the cloud without any on-premise infrastructure and similar to the IMAP migration we define here the groups of the users by creating CSV files the CSV files contain the name of the actual user accounts also highly recommended to create a dedicated migration administrator account and again you need to give permission to that administrator account and when you are ready you can create the migration endpoint by entering the connection details to your server including the migration administrator account name and the server name the best practices before performing a stage migration is to move those groups those users together who are normally working together this is mainly because this so called cross Prime is sharing than one mailbox who is already using the cloud Mabel’s is trying to share his mailbox or his calendar with one user who is on the on-premise server yet so this is not available this dispute not work of course this free busy information will work it’s not a problem but really I would highly recommend to keep these ver groups together also keeping in your mind of delegates or shared calendars are used then you need to move these users together in one group and here we do have also our limitation for a CSV file it can contain maximum 1000 users however feel free to create multiple CSV files and multiple batches so this is the opportunity when you need to migrate more than 1,000 users it’s not a problem at all when you create a migration batch you are specifying the affected users by a CSV file and here there is one interesting point after you have started the batch then immediately these users will be switched to the cloud so it can be that the user is logging on to the mailbox however the data is not replicated up to the cloud yet so the actual user can see only an empty mailbox so you must previously communicate to the users that are this is a known problem a known issue and don’t think that we lost or we’d removed all your older emails we will replicate this content just please be patient give us some time again you can calculate with 5 to 10 gig of after our and all your mailbox data will be there the best practice for one example scan REO this is what I always suggest now you can group the or you can move the groups of the people each night one group so you can start this migration batch let’s say after the work

at eighteen hours or six o’clock p.m. so during the night I’ll the mailbox data can be synchronized up to the cloud and of course at the evening you can reconfigure the affected users Outlook profiles so again you can rebuild the USDF I can download again the mailbox data and in the morning the users can start with the prefilled outlook profile and they can start working and on the next day you can start the next batch so you can move your users throughout the week as you wish and as you have time and capacity and what is interesting here is that we don’t have this incremental synchronization process however we don’t need it because then the simple coexistence is set up then all the emails are I still on the on-premise server because the MX record is still pointing to the on premise server but for those users who are migrated to the cloud for those users we are setting the target address property in the active directory and this will send a von copy from their inbound emails to their mailboxes so actually right when they are starting to use their cloud mailboxes this is not an issue because the inbound emails land also in the cloud mailbox so this is also the reason why we need to implement the directory synchronization tool and also our here we have our best practice because after the actual user is and he’s ready to use his cloud mailbox the best practice is to convert the on-premise mailboxes to mail enabled user objects so you can remove these mailboxes and I’ll make sure the mail enabled contact objects are forwarding the emails to the cloud so this is the best practice if we have finished with one specific migration batch actually our we just need to remove this migration batch as I told you before we don’t have this incremental synchronization because before are all the emails to the cloud mailbox and here again we need to keep in mind that the outlook will rebuild the OSD cache also we need to keep in mind that the users will have new user accounts in the cloud so if they are getting new passwords you need to distribute them just for making sure they will lock on to the cloud mailbox and again let me highlight that cross premise sharing doesn’t work so please move all the ver group members who are you and working together who are sharing calendar items or whatever together in one batch but of course you can create multiple batches so you can move these work groups one by one throughout base throughout some things this stage migration process is really pretty much scalable by the actual user number then we have moved all the users to the cloud then we are ready to end this simple quads distance between the on-premise and the cloud exchange so again we need to reconfigure our MX record to point to a cloud so from this point all the incoming emails will land in the cloud and then also we are ready to uninstall the on-premise exchange server if we haven’t done this previously then we also need to assign census for the office 365 users which are created by the directory synchronization during the migration process if you don’t need the directory synchronization to for the future you can deactivate it so you can administer your office 365 users in the office 365 portal please keep in mind that this stage migration is not a real coexistence – if you really want to use coexistence in the future so if you want to keep some of the mailboxes on-premise and Sun in the cloud then the hybrid configuration is the one which is correct for you however the staged migration process can last even for a couple of months so if your company is not able to migrate during one weekend it’s not a problem at all most probably than the staged migration

will be the best for you or a hybrid migration so after the fair itical preparation let me show you a demonstration for a cutover migration actually this contain pretty much they are necessary steps I can demonstrate them and of course if you understand these steps and the user experience then you will surely be able to perform a staged migration or an IMAP migration I start the demonstration from the office 365 portal so I click on domains and you can see that I have here my actual default domain and I have already added and verified my so-called vanity domain which will use for email in a live environment you might run into a different situation and let me demonstrate this one also very shortly so you can see here I have added one more domain which is not completely set up yet let me show you where is the interesting point so here in the actual our wizard but flows through this domain registration process I haven’t completed step three yet in step number three they are checking if your DNS records are correctly configured for this domain and for the purpose you are using this domain so you can see that if change online and link online are already selected so I click on next and then I can see here the list of the DNS records to be created for these domains and please note that here we are checking if the out of this cupboard record exists for your domain and it should point to a lucam however if you have a live environment then you also have an alto discovery record which points currently onto your running exchange environment so if you press done check then this will surely not finish without any errors because your out to discover record points to the wrong server so you have here the opportunity to close this visit and return later after you implemented the DNS changes when you are ready to change your out to discover record so even if your domain is not fully configured and might show setup in progress you will be able to create users who are using this particular domain name the only interesting point that the verification of your domain should be done already next I continue with the setup in the on-premise environment in the very first strap I will create a dedicated migration user who will get permissions to read out the emails from the users mailboxes so I click on new users in the Active Directory users and computers and let’s type in the name then I click on next I will give a password and I don’t want to change a dis password again click on next then click on finish after we have created the migration administrator user we need to give permission to him so I started here the exchange shell so I grab the old mailboxes and pipe it into a command which will add permission to the migration administrator user the permission will be full access and also I use all the inheritance types so right now I press enter and I have full access on all the mailboxes in my organization and please keep in mind that the permissions are cached on the exchange server so just for the demonstration I will restart the Microsoft exchange information store service which are actually causes all the outlook clients dropped by the exchange but this is a test environment only and I will restore this service so the cache will be empty and the current mailbox permissions will surely apply and I can being actual in the cache

Sonne net start and this will rebuild the cash on my exchange server the next step is creating the migration endpoint on the office 365 portal so I have logged on with the administrator users and I go to the exchange management console on the exchange management console I need to choose the migration option here I have the option to define the migration endpoint by choosing the migrate to exchange online option so right now I have an exchange server 2010 however I want to perform the cutover migration so you can see this is fully supported by exchange 2003 and later versions so I can click on next I will enter now one of the email addresses I want to migrate so for example Holly I will enter also the name of that migration administrator we have created and I enter also the password of this migration administrator and then after this click on next normally this wizard should find your exchange server using the alto discovery record if this is not successful then you can manually add the actual name of your exchange server here I want to use the internal name of the exchange server then I will use the external name of the server which is a published on your file roll and then I will click on next in the next step I can name this migration batch for example let’s I’ll give here the name of migration 1 and then I can click on next and I don’t want to start this migration right now so I can select here manually start the Bachelet er and then I click on new so my migration and batch was created and right now it’s waiting for start please have a look on the right hand side so you can see here a couple of detailed information and while the migration is running also the up-to-date information will be shown here so right now I start this migration and this will initiate the fight in the initial synchronization so after I started this synchronization I can click here on the details and you can see that actually this synchronization is started to provision the user accounts and if I want to have a much more details I can click here on download the report and this will show me a text file which will contain the diagnostic information what’s going on in the system so the actual migration didn’t started yet so that’s why it’s empty after a couple of minutes you can see that the status of the first user was changed to sinking so that means that the cloud is actually uploading the mailbox data to the cloud mailbox of Bob so after a couple of hours my initial synchronization was finished so you can see here that all of my mailboxes are synchronized let’s have a quick check what happened with the mailboxes I’m looking for the available details and you can see that a lot of items are already synchronized although some items are skipped so I can click here on skipped item details to have a look at what happened unfortunately I see here corrupt further ACL which doesn’t seem really good but then I can also download the report for the actual user I open it in this notepad and so I can go through the actual story what happened during the migration however Alban I did that I realized that actually all of the our mailbox items were migrated and the four corrupt items they actually doesn’t contain air any data so actually I will I’ll really I’ll skip through this error message and you can see that all the mailboxes are

synchronized already so right now I’m just waiting for the incremental synchronization and still users are not affected it’s all they are still using their old mailboxes hosted on the on premise exchange server however in the cloud their mailboxes are already present they are filled up with emails so it’s my decision then to switch to the online environment okay so we have jumped in the time advanced by out to three days so right now the incremental synchronization is going on and let me show you how it looks like so I can click on the details and you can see that are the actual mailboxes are synchronized and let me show you the details of the synchronous our process for Holly’s mailbox and if I scroll down I can see in the very last line that right now we are suspending the job and we are in the incremental synchronization status and today is the 5th of May and if you scroll up you can see the very same our status the suspense status from the 4th of May in the night and we are continuing the actual increment of synchronization process at the next day in the very same time point so this is where you can see how the incremental synchronization is going on the cutover migration create the users in office 365 however they haven’t assigned licenses for these users yet so let’s do this one right now I will select out the users who are replicated from the on-premise environment and click on edit here I will skip here the first page then on the second page I set the user location to Hungary and in the further out page I can assign the licenses so let’s say replace and I will give a free plan licenses for all of my users so you can see that all the licenses are assigned to the users I click here on finish did you notice that passwords are not shown so to grab the password for the newly created users you need to go into your mailbox and search for the message which is telling the migration is finished and there you can download the success report this will contain a CSV file with the password so these can be distributed among the users the next task is to do the switchover by changing the AMEX record for our domain the best practice is to do this on Saturday so the overall work is not affected if you have a DNS company which allows you to change the AMEX record then you will meet some kind of web interface where you can edit the records like this one on the screenshot if not then you need to request a change in email or on phone if you have split dns implemented then please don’t forget to update the records on your internal DNS servers to let me find the instructions for the DNS record so I select here my email domain click on view DNS settings then click here on view DNS records and here are the records that need to be set for exchange online after you change the DNS records you need to wait until the changes are propagated in my example I set the TTL value to half an hour so I need to wait at least half an hour until all the emails are redirected to the cloud then we are back from our coffee break and the DNS records are up to date then they have also vomit tasks you can see that my migration process while it’s running running the incremental synchronization it was automatically suspended and I must do one more synchronization by

pressing this play button and this will enforce a synchronization so all the emails will be up-to-date in the cloud mailboxes so you can see that right now the status has changed to syncing and this is the right time to reconfigure the outlook clients so I go to the control panel and search for mail and start the mail application this application can manage the mapping profiles if I click here on show profiles you can see that holy has already map a profile but right now we will add a new profile folder so I will click here on the Add button the profile name will be new and fill out the data of Foley and let me add here a remark regarding to the password temporary password should be changed at the first level so the password you enter here should not be a temporary password so I would create a password which will be used throughout the weakened by the desktop administrator staff and do a password reset on Sunday evening and then distribute these new passwords to the end users so let’s press Next here so we are trying to log on to the exchange you and we need to type the password again and after a couple of seconds the lagoon was successful so we can click on finish so you can see that the new profile was created and you can set it to default press ok and the next time when you start out look this new profile will be populated of one more time and I type in the password and click on remember and you can see that outlook is setting up this profile and no you just skip this one and downloading the emails from the cloud this download will surely take a while so the system administrator can leave I would look running move on to the next desktop workstation configure it one by one basically uh and then uh during the weekend the outlooks can download the mailbox content so there will be no stress on Monday morning than the user starts to work and let’s do a quick check here so this is a high fidelity migration so all my mailbox objects were migrated including the emails and for example the calendar entries you can see all my calendar entries are migrated to after this demonstration the key takeaway is that we have some kind of preparation phase we have the migration phase and also we have the finalized phase in each of these migration types during the preparation keep in mind you need to do some activities on the office

365 portal and also you need to configure your own premise system and prepare it for the migration in the migration phase we have multiple choices and we have the cutover migration which will migrate all the users in one step during one weekend for example or we can use IMAP or stage migration to use the the actual users in groups and in the final phase we need to change the MX record and the alto discovery record and optionally we can uninstall and Dec Commission the on-premise messaging or the on-premise infrastructure I hope you enjoyed the show and feel free to contact us on the below addresses like on spgs at Microsoft com if you are interested in details then go to the website outlook.com and search for these articles like I’m up migrations or category change migration because you can find their step-by-step instructions and best practices and very very detailed technical information so thank you for attending on this presentation and see you on other presentations created by partner services good bye