Chat now with support
サポートとのチャット

Client Profile Updating Utility 5.8 - Administrator Guide

Tenant to tenant migration scenario with domain name transfer

  1. Use On Demand Migration for Email to migrate the content of mailboxes to the target tenant.
    For detailed information on CPUU configuration, usage, and limitations, see Updating Outlook Client Profiles in the On Demand Migration for Email User Guide.
  2. Create a temporary service mailbox in each source and target tenants and provide credentials for them. These accounts will be used to process profiles, for example fetching Autodiscover information from source and target tenants. The less rights these accounts have, the safer. For more details on limiting account rights, see How to Limit Account Rights.
  3. Use CPUU configuration wizard to create CPUU.ini file as described below.
  4. Set the group policy for source domain users to start CPUU when user logs on to the computer.
  5. Transfer the domain name to the target tenant. After this moment, the users cannot use their existing Outlook profiles without processing them by CPUU.

NOTE: After profile processing it might take some time for Outlook to resume the normal and expected behavior.

  1. After all user profiles are switched to the target, remove the group policy set in Step 4.

Creating new CPUU.ini file for tenant to tenant migration scenario with domain name transfer

  1. Start CPUU configuration wizard. Select Create a new configuration file.
  2. Select O365 to O365 with domain name transfer (ODME only - not applicable for MMEX) option. Click Next.

  1. Provide credentials for service mailboxes.

IMPORTANT:User names should follow this syntax: <user_name>@TenantId.onmicrosoft.com.

  1. Add domain names that will be kept after migration. Only profiles with email addresses from these domains will be processed by CPUU. Click Next to proceed as described in

5. Configure Self Monitoring, location of configuration file, batch file set, batch processed profile set, and logging as described in Typical Scenario

How to Limit Account Rights

Accounts for temporary service mailboxes does not require many access rights for CPUU to function properly. We recommend limiting the account rights using the following PowerShell commands.

NOTE: Redefine $user variable with the account’s user name or email address.

$credential = Get-Credential
$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking
$user = "UserName"

Table 1: Limiting account rights

Limitation Command
Disable access to remote PowerShell Set-User $user -RemotePowerShellEnabled $false
Disable Exchange ActiveSync for the mailbox Set-CASMailbox $user -ActiveSyncEnabled $false
Disable access to the mailbox by using Outlook on the web Set-CASMailbox $user -OWAEnabled $false
Disable access to the mailbox by using Outlook on the web for devices

Set-CASMailbox $user -OWAforDevicesEnabled $false

Disable access to the mailbox by using POP3 clients Set-CASMailbox $user -PopEnabled $false
Disable access to the mailbox by using IMAP4 clients Set-CASMailbox $user -ImapEnabled $false
Disable access to the mailbox by using MAPI clients Set-CASMailbox $user -MAPIEnabled $false

For more information see Client access cmdlets in Exchange Online article in Microsoft TechNet.

Using CPUU for Outlook 2016/2019

Also consider that by default Outlook in the first place uses Autodiscover service not from the domain specified in an email address but from the domain where a computer with Outlook is located. This behavior may prevent finding a corresponding mailbox at target in case you migrated the mailbox using Migration Manager for Exchange. To resolve this problem CPUU automatically disables Autodiscover SCP lookup for Outlook 2016/2019 by adding the ExcludeSCPLookup value to the Autodiscover registry subkey on the computer where Outlook is installed. That ensures Outlook will use Autodiscover service from the target domain instead of domain where the computer is located.

 

TIP: For details on the Autodiscover registry subkey, see https://support.microsoft.com/en-us/help/3211279/outlook-2016-implementation-of-autodiscover.

 

Important: The Autodiscover SCP lookup disablement affects all Outlook profiles for the logged on user account.

If you migrated mailbox using On Demand Migration for Email then it is recommended to turn off that CPUU behavior. For that specify the ExcludeSCPLookupNever parameter in Update.bat. For more information on this parameter, see Management Parameters.

 

Updating Microsoft Outlook Offline Profiles

Important: The information in this section is relevant only for migrations performed using legacy agents in Migration Manager for Exchange. For mailboxes, migrated in ODME or using MAgE in Migration Manager for Exchange, OST files cannot be preserved.

A widely-used Microsoft Outlook feature is offline access to a user’s mailbox folders. The offline folders (OST) file is stored on a user’s computer and keeps a local replica of the corresponding folders in the user’s Exchange mailbox. In this document, users with offline folder (OST) files are referred to as remote users.

Because each OST file is associated with only one Exchange mailbox and cannot be used with any other mailbox, a remote user cannot continue to use the same OST file with the new mailbox after the migration. Therefore, the Migration Manager for Exchange Mail Agent recreates the target Exchange mailboxes so that the CPUU can keep the source mailbox OST file and assign it to the target mailbox profile.

The typical and recommended procedure for updating Microsoft Outlook offline profiles is as follows

  1. Decide for which remote users the Microsoft Outlook offline profiles should be updated.
  2. Group the mailboxes of those remote users into one or more Remote Users Collections.

Note: For more information about Remote Users Collections, refer to Migration Manager for Exchange User Guide.

  1. Schedule the Remote Users Collection to be processed during the night or some other time when the users do not use their mailboxes.
  2. Wait until the Mail Agent switches the Remote Users Collections. While processing a Remote Users Collection, the Mail Agent recreates the target Exchange mailboxes corresponding to the source mailboxes included in the collection and puts a hidden recreate message into each of the source mailboxes. This message will be then used by CPUU.
  3. Run the Client Profile Updating Utility Configuration wizard.
  4. Select the Create a new configuration file option on the Welcome page of the wizard to create a configuration batch file.
  5. Specify the account under which CPUU will run.
  6. Instruct CPUU to update offline profiles when possible to keep the OST files.
  7. Supply other settings required for running CPUU. For more information, refer to the Typical Scenario topic.
  8. Click Finish.
  9. The wizard will create the BAT and INI files with the parameters you specified. These files will be used to start CPUU in order to update profiles. Include these files in the remote users’ logon scripts.
  10. CPUU will start updating offline profiles as soon as the mailboxes of the Remote Users Collection are switched to the target Exchange. To determine that the mailboxes are switched, CPUU uses the switch message. To determine that the mailboxes were successfully recreated and the OST file can be kept, CPUU uses the recreate message. Both messages are put to the mailbox by the Mail Agent.

Note: The switch message is a hidden message that contains the Legacy Exchange DN of the target Exchange server and of the user’s new mailbox. If there is no switch message in the mailbox, CPUU will log off from the mailbox and will stop processing the profile.

When configuring CPUU, you can also select the following options for updating offline profiles:

  1. Never update offline profiles – The offline profiles will be skipped and the users will have to recreate their profiles manually.
  2. Always update offline profiles – If you select this option, you should be aware of the risk of data loss for those remote users whose target mailboxes were not prepared for migration by the Mail Agent when it processed them within the Remote Users Collections.
関連ドキュメント