Dividing Migration Scope into Collections
After you have successfully added a migration pair, you need to specify objects which you plan to synchronize with or migrate to Microsoft Office 365. Migration Manager for Active Directory organizes the objects into collections. A collection is a set of objects that are migrated to Microsoft Office 365 at the same time by the same instance of Directory Migration Agent.
Considerations
When dividing migration scope into collections you should consider the way that linked attributes (such as group membership) get resolved:
- Linked attributes always get resolved in the scope of the collection. For example, if you migrate a group and its members within the same collection, the membership will get migrated.
- Linked attributes are also resolved for previously migrated objects. For example, if you first migrate users and then migrate a group, the group will be migrated with its membership.
- Backlinks (such as "member of") are not updated across collections. For example, if you first migrate a group and then in other collections migrate its members, the newly migrated accounts will not get added to the target group. If you have to migrate a group before its members, you can restore the membership by either re-migrating the group or doing full re-synchronization.
Choosing between Collection Types
Migration Manager for Active Directory has two types of collections described in the table below:
Static |
- Migrate a group of objects with non-default mapping or matching rules
- Re-migrate groups after their members were migrated to Microsoft Office 365 to resolve group membership
- Synchronize a group of objects to keep their attributes actual in Microsoft Office 365
- Re-migrate users after their mailboxes have been created in Microsoft Office 365 for migration of the following mailbox attributes to Microsoft Office 365:
- The mailbox and the Send As permissions;
- The linked attributes such as group membership, the Send On Behalf permission, the publicDelegates attribute, and the others.
NOTE: See the Mailbox Permissions Processing Considerations for more details on mailbox permission migration. |
Directly with objects, by executing queries or by importing objects from .CSV files |
Dynamic |
Synchronize all objects from Active Directory domain with Microsoft Office 365 to maintain a unified global address list (GAL) |
By specifying a particular container in Active Directory domain and a filter to apply to it Note that dynamic collections are updated automatically when content of the container is changed. |
The two following sections will describe how to create and populate static collections and dynamic collections.
|
Note: Dynamic collections can be involved only in directory synchronization tasks and cannot be used for migration tasks. For more information on migration and synchronization differences, see this section. |
|
Caution: Prior to creating any collections, review and configure if necessary matching and mapping rules on migration pair level. Those rules will affect all your collections created afterwards. |
Adding a Static Collection
To add a static collection, select your migration pair in the management tree, open the Collections tab and click the New Collection item in the Actions pane and then specify the following:
- A name for the static collection
- The instance of Directory Migration Agent that should process this collection
- Whether coexistence should be enabled for the collection immediately after collection is created.
|
Caution: Select to enable collection for coexistence only if you are sure that default matching and mapping rules for this collection satisfy your needs. |
To populate the collection with objects use Add Objects, Query Objects and Import Objects action items from the Home tab according to the table below.
Add Objects |
Adds objects and containers directly from Active Directory |
You want to add objects that can be easily located in the Active Directory. |
Query Objects |
Filters objects from Active Directory by specific attribute values or add objects that match specified LDAP query |
You want to select mailboxes based on some custom criteria: for example, mailboxes of all users that have a specific Active Directory attribute. |
Import Object |
Imports objects from CSV file. File should contain one column with attribute name in the first row and appropriate attribute values in the subsequent rows.
For example:
Name User1 User2 User3 |
You already have a list of objects with specific attributes which you want to add to a collection. |
To verify that the static collection is populated correctly or to make any adjustments to the collection membership, go to the Objects tab and check the resulting list of objects.
To review and configure if necessary matching and mapping rules for the collection, go to the Matching or Mapping tabs, respectively.
Adding a Dynamic Collection
To add a dynamic collection, select your migration pair in the management tree, click the New Dynamic Collection item in the Actions pane and then specify the following:
- A name for the dynamic collection
- The instance of Directory Migration Agent that should process this collection
- Whethercoexistence should be enabled for the collection immediately after collection is created
- Container to search objects in and a filter to refine results.
|
TIP: Click Preview to display a resulting list of found objects that will be added to the dynamic collection. |
To verify that the dynamic collection is populated correctly, go to the Objects tab and check the resulting list of objects.
If you need to change container which objects should be synchronized or edit applied filter, click the Change Scope action item on the Object tab and perform necessary adjustments.
To review and configure if necessary matching and mapping rules for the collection, go to the Matching or Mapping tabs, respectively.
Configuring Object Matching
During migration of an object Directory Migration Agent automatically tries to match it with objects from Microsoft Office 365 according to the matching rules specified for the object.
All defined matching rules are located on the Matching tab. Matching is performed in top-down priority; therefore the topmost rule in the list of rules has the highest priority. From the Actions pane you can add, remove, or edit rules, and also change rules priority.
Migration Manager for Active Directory has a set of default matching rules that provide appropriate matching in most cases. Also, you can define your own matching rules as well as edit or delete existing ones.
Adding a Matching Rule
To add a new matching rule, select the collection in the management tree, open Matching tab, click Add Matching Rule in the Actions pane and specify the following:
- Target class and its matching attribute
- Source class and its matching attribute
|
Note: You can also add matching rules for a migration pair. Such matching rules will be applied to every collection created afterwards. However, already existing collections will not be affected. |
Viewing Matched Objects
To view currently matched objects, select the collection in the management tree and open the Objects tab. All source objects that are matched successfully with the objects in Microsoft Office 365 have Matched status.
Performing Object Matching Explicitly
You can match objects explicitly to ensure that objects are matched according to your needs. For instance, it may be useful if you already have objects in Microsoft Office 365 before migration and want to check that they are matched correctly.
To match objects in the collection, perform the following:
- Select the desired collection in the management tree.
- Open the Objects tab.
- Click the Match Objects item in the Actions pane.
- Specify whether current matching should be broken and start object matching.
|
Note: If you made any changes to the list of matching rules and want those changes to apply for already matched objects, you need to select to break matching for the objects.. |
Breaking Object Matching
In some cases you may need to break matching for a pair of a source and target objects. This means that the object from the Active Directory and the corresponding object from Microsoft Office 365 are not considered as matched objects any longer in the Migration Manager for Active Directory (Microsoft Office 365) console. For instance, it is required when you change mapping or matching rules for the collection and want them to apply onto already matched or migrated objects.
To break matching for an object, select the object on the Objects tab and click Break Matching in the Actions pane.
Configuring Attribute Mapping
Each attribute of the source object is migrated to the corresponding attribute of the Microsoft Office 365 object according to so-called mapping rules. Migration Manager for Active Directory has a default set of mapping rules which provide appropriate attribute mapping in most cases. However, if necessary you can define your own mapping rules as well as edit or delete existing ones.
You can also select from one of the predefined sets of rules by clicking Change near the Schema template field on the migration node level.
|
Caution: Changing scheme template does not affect collections that already exist under the migration pair. |
To define a new mapping rule for a specific collection, select the collection in the management tree, open Mapping tab, click New Mapping Rule in the Actions pane and specify the following:
- Target class and its attribute that will contain source attribute after migration.
- One of the following mapping rules that should be applied:
Overwrites value of target attribute with value of source attribute
Merges value of source multivalued attribute with value of target multivalued attribute
Resolves source linked attribute and writes the resulting value into the target attribute
Sets constant value for the target attribute
Makes target attribute value blank
- Source class and its attribute to map.
|
TIP: You can also add mapping rules for a migration pair. Such mapping rules will be applied to every collection created afterwards. However, already existing collections will not be affected. |
Migrating Objects to Microsoft Office 365
You have two ways to migrate objects including their attributes from Active Directory domain to Microsoft Office 365:
An on-going process of keeping the Microsoft Office 365 objects and their attributes (including group membership) in sync with their matching objects in the source domain during the coexistence period.
A one-time operation of copying a collection of objects including their attributes from source domain to Microsoft Office 365. Only static collections are capable for migration. You can undo object migration at any time.
Performing Pre-Migration Activities
|
Caution: Read information from this section very carefully. |
Prior to performing any synchronization or migration tasks it is strongly recommended to review matching and mapping rules to be applied and to match objects explicitly. This is very important because if any object from Active Directory domain is matched with wrong object from Microsoft Office 365 and you migrate such object or enable co-existence for it, the attributes of the object in Microsoft Office 365 will be overwritten. Also settings and data related to the object in Microsoft Office 365 may be lost. If that happens during migration task, you can roll back changes made to the object. However, if you synchronize those objects, the changes cannot be rolled back automatically, so you will need to fix the object in Microsoft Office 365 manually.
|
Caution: If the object is mail- or mailbox-enabled then due to mail redirection specifics, all mail that comes to the mailbox in Microsoft Office 365 will be automatically redirected to on-premises mailbox before mailbox switch and in opposite direction after it. This may cause that user receive mail not intended for him or her. |
Customizing automatic messages sent during migration
Migration Manager lets you customize the text of the automatic messages sent to users on actions performed on their accounts in Microsoft Office 365 (account creation, UPN change, password change, and their combinations).
You can do this in two ways:
- In the Notifications subfolder of the folder where the Migration Manager for Active Directory (Office 365) console is installed, create any of the following text files:
- NewUser_NewPassword.custom.txt
- NewUser_EnableSSO.custom.txt
- ChangeUPN.custom.txt
- ChangeUPN_EnableSSO.custom.txt
- ChangeUPN_NewPassword.custom.txt
These files are templates that override the default message templates (NewUser_NewPassword.default.txt and so on) for particular scenarios.
Every Directory Migration Agent you install after that inherits these updated files and sends customized notifications to end users.
- To customize the messages only for a collection of users, do the same in the Notifications subfolder of the folder where the corresponding Directory Migration Agent is installed. Only the users processed by that particular agent will get customized notifications.
If you need to disable email notifications for a scenario (for example, for Single Sign-On activation), create an empty file for it (for example, an empty EnableSSO.custom.txt).
Synchronizing Directories
To synchronize objects from Active Directory with objects from Microsoft Office 365, you need to enable coexistence for the collection containing the objects. For that, select the desired collection in the management tree, click Enable Coexistence in the Actions pane and specify the following settings:
- Whether to create objects for which there are no matching objects in Microsoft Office 365
- Whether to merge not matched yet objects with their matching objects in Microsoft Office 365
- User principal names (UPN) suffix to use
- Country code to set for the users
After you complete the wizard, DMA will start synchronizing objects from the collection. If you need to stop synchronizing objects, click Disable Synchronization in the Actions pane.
You can get track the migration project on the Statistics tab.
Restarting Coexistence
In some case you may need to re-synchronize a collection with Microsoft Office 365. This may be necessary in the following cases:
- The collection is dynamic and its synchronization scope has been changed.
- Matching rules for the collection have been added, deleted or changed. In this case you need to explicitly break matching for the matched objects prior to re-synchronizing the collection.
- Mapping rules for the collection have been added, deleted or changed.
To re-synchronize a collection, select that collection in the management tree and click Restart Coexistence in the Actions pane.
|
Note: Re-synchronizing may take a long time to complete. |
Migrating Objects
To migrate objects to Microsoft Office 365 select the collection containing the objects in the management tree, click Migrate Objects in the Actions pane and specify the following settings:
- Whether to create objects for which there are no matching objects in Microsoft Office 365
- Whether to merge not matched yet objects with their matching objects in Microsoft Office 365
- User principal names (UPN) suffix to use
- Country code to set for the users
After you complete the wizard, DMA will create a migration task and start migrating objects from the collection. To view the migration task status and other details, go to the Tasks tab.
|
Note: You can also migrate a part of objects from the collection. For that, select objects you plan to migrate on the Objects tab and click the Migrate Objects item in the Actions pane. |
You can get track the migration project on the Statistics tab.
Undoing Object Migration
You can roll back the changes made to the Microsoft Office 365 tenant by each migration task independently. All the changes made to the Microsoft Office 365 tenant by the migration task will be rolled back exactly to the state before the migration task started.
To undo the results of a migration task, select the collection that was migrated in the management tree and click Roll Back Objects in the Actions pane. Complete the wizard to roll back all the changes made by that migration task to Microsoft Office 365.
|
Caution: Take the following into consideration:
- Objects are rolled back exactly to the same state as they have been before migration. All changes made to the source objects after migration will be overwritten.
- Rollback tasks that move accounts from a federated domain to a non-federated domain (or the other way around) complete with errors. To avoid this issue, perform an explicit migration to a non-federated (or federated, respectively) domain first, and then perform the rollback task.
|
|
Note: You can also undo migration for a single object. For that, select previously migrated object on the Objects tab and click the Roll Back Object item in the Actions pane. |