On the source side you need to ensure that the OUs have different names and attempt to prevent UPN collisions.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cookman Sent: Wednesday, August 3, 2016 2:34 PM To: exchange@lists.myitforum.com Subject: Re: [Exchange] 365 migration. Do I need to worry about any gotchas with the AD Connect or can i safely install into multiple domains without worry of deleting/syncing over anything? From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: 26 July 2016 20:55 To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] 365 migration. Yes. And it can't be done (changing the company name in O365). With Exchange and SfB, there are ways to hide it - but with Yammer, SharePoint, and Office 365 Groups - it can't be hidden. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cookman Sent: Tuesday, July 26, 2016 2:56 AM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] 365 migration. Thanks Jonathan, In regards to point .3 (option to bring back down, I have a situation where I may need to do this for a customer due to a company name change, the SharePoint site apparently cannot be renamed. This went through Microsoft Support, Account manager, and sales partners and they all came back with pay twice for two 365 subscriptions and migrate to the new company name or bring everything back down. It seems crazy that the sharepoint site cannot be masked somehow or renamed but if we can't address this then the suggestion of keeping the hybrid could turn out to be a real life saver. Has anyone faced the dreaded company name change issue? Regards, Paul. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper Sent: 25 July 2016 20:21 To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] 365 migration. Michael - thanks for the validation. I've learned quite a bit in my migration over the past year....but not being an expert in this, I really appreciate the feedback of guys like you who eat, sleep, and breathe this stuff. To Paul and anyone else who has an interest in this thread, and to echo Michael's response below... We planned to not have any on-premises mailboxes, however we have maintained Exchange on-premises for these reasons: 1. Management/administration of Exchange attributes would be a ginormous headache without it 2. SMTP relay does not require any kind of authentication from on-premises IP ranges (though you can force that if desired/required based on your business policies). Yes, you could build an IIS server and use that as an SMTP relay, but if you've already got an Exchange Hybrid server, why would you do that? 3. It gives us an "easy out" - if we decided (for some completely insane reason) to move back to on-premises, all we have to do is build out the mailbox servers, configure the migration endpoints, and we simply migrate the mailboxes back on-premises. (though for the life of me at this point, I cannot think of any reason why any sane admin/company would choose to do so). Without the Hybrid server, there is no easy way to get back on-premises. 4. We have two Exchange servers front-ended by an active/passive Netscaler VPX pair for HA, so our SMTP (and management, for that matter) is essentially never down - all running on top of VMware. So, when you have to run a Cumulative Update that takes Exchange down for two hours, you can do it in the middle of the day if you like, and no one has a clue. :-D PS: with Azure AD Connect (Dirsync), one thing I did not mention, but I believe I implied - your on-premises AD is the record of authority on everything. You don't make changes to AD objects in O365. Even though it looks like you can, it will bark at you when you click save if you try to edit an object in O365 that was synced from on-premises. Also, (as a general rule) you don't create new objects in O365 - if you do, they will NOT replicate down to on-premises AD (at least not at this point - and from a security standpoint, why would you want that?). Now, it is certainly possible to create cloud-only objects, and for a very select few things this might be desirable. However, for the vast majority of objects, you will want to create them in your on-premises AD, not in O365. Jonathan From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: Friday, July 22, 2016 6:19 PM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] 365 migration. Jonathan's explanation is great. The one thing I would add is that it's possible to add the unique UPN to ALL the forests and then maintain the UPN when you transfer the user from "old" forest to "new" forest. Six of one, half-dozen of the other. I ALWAYS recommend (as long as you are in hybrid mode) to keep an Exchange server on-premises for administration and for SMTP-relay and for VIP mailboxes. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cookman Sent: Friday, July 22, 2016 2:38 AM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] 365 migration. Thank you so much, that is a great explanation Jonathan. Thank you also Michael. This is what makes this forum so awesome! Kindest regards, Paul. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Jonathan Raper Sent: 21 July 2016 18:36 To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] 365 migration. I'll address each separately (I thought I already did on Tuesday? - maybe it didn't come through) "When I create a new ad sync in the new domain after migrating the ad accounts across. Should they merge ok with the existing ad objects already in 365" You would want to have Azure AD Connect (sync) running in all domains before migrating the first mailbox is migrated. If you don't, then you'll end up with orphaned mailboxes. All Azure AD Connect does is COPY details from AD up to O365 and then synchronize changes from that point forward. If the object is deleted from AD, then at the next sync interval (by default, 3 hours), Azure AD Connect will DELETE the object from O365 (not the mailbox, just the AD Object). Before you can migrate a mailbox, you have to have the address space for your O365 exchange Online tenant defined in your on-premises Exchange infrastructure. Let's say you have two domains on-premises: Tailspintoys.com contoso.com And you want to migrate users from both domains into acmecorp.com, with the mailboxes for everyone being migrated to O365 Your O365 tenant might be: acmecorp.microsoftonline.com You would need to ensure that everyone in all domains has a secondary SMTP address of u...@acmecorp.microsoftonline.com<mailto:u...@acmecorp.microsoftonline.com> Once this syncs with O365 Exchange Online, the mailbox for a user from tailspintoys.com can be migrated to O365. At that point, Azure AD Connect will replicate changes from tailspintoys.com domain up to O365. Now, let's say you migrate the AD user from tailspintoys.com to acmecorp.com.... As soon as you do that, Azure AD Connect in the tailspintoys.com domain will remove the object from O365 (not the mailbox, just the user object). However, the Azure AD Connect in Acmecorp.com will replicate the migrated user data up to O365.... So for a brief period of time, the user won't exist in O365 (which means they might not be able to access their mailbox), however once sync happens, everything should be peachy.... Note that the User Principal Name (UPN) will be new, so the user will need to login to O365 with the new UPN of u...@acmecorp.com<mailto:u...@acmecorp.com> "365 and would I be stuck with the old exchange servers in the old domains or should I be able to lose them once the mail is up, I was reading that in hybrid I could be stuck with exchange for the management tools." No....and yes... Build Azure AD Connect (formerly Dirsync) for each domain (contoso.com and tailspintoys.com) Build hybrid server(s) in each domain Define/configure migration endpoints for each site/domain where exchange is on-premises Migrate mailboxes from on-premises to cloud (acmecorp.microsoftonline.com) Once all mailboxes are migrated from on-premises contoso.com, remove migration endpoint configuration for contoso.com Decommission Exchange on-premises from contoso.com Once done with everything, you end up with one hybrid server (or two if you want high availability, say, for SMTP relay) in the acmecorp.com domain My opinion is that it is desirable to maintain at least one on-premises hybrid Exchange server. Jonathan From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cookman Sent: Thursday, July 21, 2016 10:30 AM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] 365 migration. Great, thank you for the responses. When I create a new ad sync in the new domain after migrating the ad accounts across. Should they merge ok with the existing ad objects already in 365 and would I be stuck with the old exchange servers in the old domains or should I be able to lose them once the mail is up, I was reading that in hybrid I could be stuck with exchange for the management tools. Sorry for all the questions. Sent from my iPhone On 19 Jul 2016, at 19:35, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: Yes sir. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cookman Sent: Tuesday, July 19, 2016 1:33 PM To: <exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>> Subject: Re: [Exchange] 365 migration. So run adsync in each domain and hybrid each to 365 and then once mailboxes are up migrate the ad objects into the new domain, is that what you are describing? Sent from my iPhone On 19 Jul 2016, at 16:42, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: I would probably create a single new tenant, and run 3 migrations into that tenant. Go ahead and migrate the existing domains to using the UPN of the new tenant/new forest. Then when you move the user accounts into the new forest, the hybrid environment will continue to work. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cookman Sent: Sunday, July 17, 2016 4:57 AM To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] 365 migration. The new Domain is required for on premise to. Can I ask how you would deal with it? Any advice would be greatly appreciated. Regards, Paul. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael B. Smith Sent: 17 July 2016 01:14 To: exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com> Subject: RE: [Exchange] 365 migration. Well, this isn't what _I_ would do. But it's just as valid as any other solution. Can I ask whether the new domain is only required in O365 or also on-premises? From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Paul Cookman Sent: Friday, July 15, 2016 2:55 PM To: <exchange@lists.myitforum.com<mailto:exchange@lists.myitforum.com>> Subject: Re: [Exchange] 365 migration. Does anyone have any advice on this one? Kind regards, Paul. Sent from my iPhone On 14 Jul 2016, at 11:43, Paul Cookman <paul.cook...@coretx.com<mailto:paul.cook...@coretx.com>> wrote: Hi, I have three Forests with their own exchange Orgs and need to get them all into one new 365 subscriptions. None have 365 currently. I also have a requirement to create a new domain with a new name for all forests. Currently free/busy and a shared SMTP name space is in place. My current plan is to create a new domain with on premise exchange and the new 365 subscriptions, then cross forest migrate all the three domains and mailboxes into the new domain before moving up to 365. This will give me the new domain name and the new 365 subscriptions. This will be a long coexistence project and I know there will be disruption with shared mailboxes which will be a real problem. Does anyone have any recommendations on this project, I was wondering if I could do something with linked mailboxes, moving the ad account and leaving the mailboxes where they are and then move the mailbox directly to 365 rather than into the new domain/exchange first. At this point I am not sure if this is possible or supported. Any advice would be very much appreciated. Kind regards, Paul. Paul Cookman Internal Systems Manager Email: paul.cook...@coretx.com<mailto:paul.cook...@coretx.com> Mob: +447957168744 Web: www.CORETX.com<http://www.CORETX.com> [CORETX]<http://www.coretx.com/> Follow CORETX Visit our Media Centre<http://www.CORETX.com/media-centre> This email has been sent by and on behalf of CORETX Holdings plc, a public company registered in Scotland (company number SC368538) with registered office at 24 Dublin Street, Edinburgh, EH1 3PP ("CORETX"), and its subsidiaries. Information in this email including any attachment is confidential, may be privileged and is intended solely for the addressee. Unauthorised recipients are requested to preserve the confidentiality of this email, advise the sender immediately of any error in transmission, and then delete the email without making copies. Any disclosure, copying, distribution or action taken, or omitted to be taken, in reliance upon the contents of this email by unauthorised recipients is prohibited and may be unlawful. Any communications with CORETX may be monitored and a record may be kept. DISCLAIMER: Whilst this message has been scanned for viruses, CORETX disclaims any responsibility or liability for viruses contained therein. It is therefore recommended that all emails should be scanned for viruses upon receipt. No contracts or commitments may be concluded on behalf of CORETX or its group companies by means of email, and no statement or representation made in this email is binding on behalf of CORETX. ________________________________ Paul Cookman Internal Systems Manager Email: paul.cook...@coretx.com<mailto:paul.cook...@coretx.com> Tel: +447957168744 Web: www.CORETX.com<http://www.CORETX.com> [CORETX]<http://www.coretx.com/> Follow CORETX Visit our Media Centre<http://www.CORETX.com/media-centre> This email has been sent by and on behalf of CORETX Holdings plc, a public company registered in Scotland (company number SC368538) with registered office at 24 Dublin Street, Edinburgh, EH1 3PP ("CORETX"), and its subsidiaries. Information in this email including any attachment is confidential, may be privileged and is intended solely for the addressee. Unauthorised recipients are requested to preserve the confidentiality of this email, advise the sender immediately of any error in transmission, and then delete the email without making copies. Any disclosure, copying, distribution or action taken, or omitted to be taken, in reliance upon the contents of this email by unauthorised recipients is prohibited and may be unlawful. Any communications with CORETX may be monitored and a record may be kept. DISCLAIMER: Whilst this message has been scanned for viruses, CORETX disclaims any responsibility or liability for viruses contained therein. It is therefore recommended that all emails should be scanned for viruses upon receipt. No contracts or commitments may be concluded on behalf of CORETX or its group companies by means of email, and no statement or representation made in this email is binding on behalf of CORETX. ________________________________ ______________________________________________________________________ This email has been scanned by CORETX Ltd using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX Ltd using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX Ltd using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX Ltd using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX Ltd using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX Ltd using the Symantec Email Security.cloud service. ______________________________________________________________________ NOTE: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately. ______________________________________________________________________ This email has been scanned by CORETX using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX Ltd using the Symantec Email Security.cloud service. ______________________________________________________________________ NOTE: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately. ______________________________________________________________________ This email has been scanned by CORETX using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX Ltd using the Symantec Email Security.cloud service. ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by CORETX using the Symantec Email Security.cloud service. ______________________________________________________________________
