Chat now with support
Chat with Support

Binary Tree Power365 Current - Help Center

Help Center Home Power365 Platform Tenant-to-Tenant Directory Sync Migration for Active Directory Release Notes Known Limitations Support

Requirements

Basic Migration

Mailboxes  

Mailbox Licenses

  • For mailbox data migrations, only Exchange Online Licenses that allow MAPI/HTTP are supported.

IMPORTANT: During a mailbox migration, the source and target user accounts will be licensed in Office365 to provide a mailbox to migrate data into. This means your organization will be consuming two Exchange licenses; one in the source tenant, and one in the target tenant for the duration of the mailbox migration. Once the mailbox migration is complete, the source license can be recovered. Please plan appropriately.

 

Target Mailboxes

  • Target Mailboxes must be provisioned in the target Microsoft 365 multi-tenant prior to data migration.

 

Test Mailbox Accounts

  • As a best practice, we suggest at least 5 populated source Mailboxes for migration testing & validation purposes. Include some sample email messages, some contacts, and some calendar entries.

 

Source & Target Mailbox Delegation

  • The required service account must be granted the Full Access permission to their respective tenant mailboxes to allow a delegate to open the mailbox and behave as the mailbox owner. This will be automatically executed by the Power365 systems during the first synchronization.
  • The ApplicationImpersonation role is required for the Global Admin to allow hidden email messages used by the system to be sent.

 

Source & Target User Mappings  

  • You will need create and upload a spreadsheet of all source users (in scope for migration) matched to all target users using the UPN (UserPrincipalName).

This spreadsheet has four columns, the source UPN, the target UPN, and, optionally, but recommended, the migration wave and profile name columns. A migration wave is a way to group many mailboxes into smaller collections so you take administrative actions against them instead of all users. Profiles are used to select the type and date ranges of data to be migrated. During the configuration, we will provide a template that you can download.

 

On-Premises Migration

Power365 offers migration to/from on-premise Exchange environments with the following additional requirements:

Advanced Migration with Discovery

Source and Target Domain Pairing  

• During configuration, you will be asked to choose your source and target domains for each tenant. This process is called domain pairing.

 

Source & Target User Matching Attributes 

  • You will need to select a pair of attributes that will match exact values from the source user object to the target user object to discover and match the appropriate user accounts.

    • The available matching attributes are as follows, choose at least 1 with a maximum of 3:

      • userPrincipalName

      • mail

      • extensionAttribute1-15

Note: The userPrincipalName and mail attributes are matched based on the local part of the address and the paired Domains (e.g. Tom.Dean@contoso.onmicrosoft.com would use Tom.Dean@binarytree.onmicrosoft.com as a match against the target account.)

 

Source Active Directory Groups  

To manage eligibility for Mailbox Migrations and other Integration services, Power365 provides the ability to discover users and groups from Active Directory (AD) Group membership. Instead of searching the entire Forest or Domain, Power365 will only act on objects based on group membership. For Premium Integration projects, the group must be created on-premises and synchronized to your Microsoft 365 tenant. Once a user is added to the group and discovery runs again, the user will be added to the list of eligible accounts for migration or related services. All AD groups created should be Mail-Enabled, Universal (scope) Security (type) groups. The following information provides details for each AD Group requirement.

  • Discovery Group: We recommend creating a group just for this purpose. Create a local mail-enabled Universal Security AD group named, for example, “BTDiscovery”. Then populate the group with all eligible mailbox-enabled Users. Group membership should be limited to mailbox-enabled objects eligible for migration. Other members will be skipped during discovery.
  • Migration Waves Groups: Optionally, you may sort mailbox-enabled Users into separate local AD Groups so they can be easily assigned to a migration wave and scheduled for migration. If organizing your migration users in this manner, then create each local AD Global Security group with a descriptive name for the migration event.
  • Free/Busy Group: Sharing Calendar Availability (Free/Busy) relies on Active Directory Group membership to identify eligible users. We suggest that you create a group just for this purpose. For example, create a local AD group in the source AD named, “BTFreeBusy”. Then populate the AD Group with any user eligible for calendar availability sharing. If no group is provided, all users will be configured for Sharing Calendar Availability.

  • Email Rewrite Group (Premium Integration only): After implementation, Power365 with Premium Integration will automatically create two cloud-based groups called “BT-IntegrationPro-DayONE” and “BT-IntegrationPro-DayTWO” in the source tenant. Power365 will also create the same groups automatically in the Target tenant to represent all users eligible for rewrite services. Power365 will manage the groups. These groups allow you to choose which users have their email address rewritten.

    For any source user added to the “BT-IntegrationPro-DayONE” group, their email addresses will automatically be rewritten to match their target SMTP Domain, as if they have already been migrated to the target.

    For any migrated target user added to the “BT-IntegrationPro-DayTWO” group, their email addresses will automatically be rewritten to match their source SMTP Domain, so it will appear as if they have NOT yet been migrated.

    These groups will not be prepopulated with membership during creation. This is a manual process, so when someone requires rewrite services, you must add them to the desired group. Or, remove them to stop the service for the user – all in real time.

 

Premium Migration and Integration

What is required to set up a Premium Integration Project?  

The following information provides details on the additional component requirements related to the deployment of a Premium Integration project. All previous requirements outlined for the platform and migrations are still applicable. To review those requirements, see the Additional Information section below.

 

Multiple AD Forest Support  

If your organization has multiple Active Directory Forests are connected to your Microsoft 365 tenants, this is supported scenario for migration and integration. There are no additional requirements to support this deployment type.

 

Calendar Sharing (Free/Busy)  

Power365 has the option to automatically configure your Microsoft 365 tenant organization relationships between tenants configured in your project.

 

What is required to setup Free/Busy?  

During project set up you will be asked if you want to share calendars, if you do, we recommend the following:

Free/Busy Group: Sharing calendar availability (Free/Busy) relies on AD Group membership to identify eligible users. We suggest that you create a group just for this purpose. For example, create a local AD group in the source AD named, “BTFreeBusy”. Then populate the AD Group with any user eligible for calendar availability sharing.

Please Note: If no group is provided, all users will be configured for calendar availability sharing between tenants.

Important Tip: If an existing Exchange Online organizational relationship is configured between the tenants, we recommend skipping this option.

 

Provisioning User Licenses  

Power365 has the option to automatically assign Microsoft 365 subscriptions and plans to the target user(s) during the provisioning step taken during the first content sync.

 

What is required to automatically provision user licenses?  

To automatically provision user licenses the following must be in-place prior to running the provisioning step or first content sync.

  1. The target tenant must have the available licenses to be assigned to the users.
  2. The target customer application account used to set up the project must be assigned at a minimum the License Administrator Role for automated license assignment. The Global Administrator role is recommended.

For more information about minimum roles, click here.

 

What license SKUs are supported?  

Power365 supports all Microsoft 365 SKUs that contain Exchange Online plans within them. Without an Exchange Online plan, mailboxes cannot be provisioned to begin content sync.

  • E3, E4 or E5 licenses are supported for automatic assignment. This means if your source and target use E3, 4 or 5 then Power365 can mimic the source when assigning licenses to the target user.
  • If you utilize other SKUs, you may simply choose which SKU to apply.
  • Different SKUs may be assigned to different users or grouping of users using Migration Profiles.

 

Directory Synchronization  

Power365 Premium Integration projects provide automatic orchestration of directory objects to provide capabilities to create and update directory objects during critical points within the migration or coexistence life cycle. To facilitate these activities the following is required for set up.

 

What is required to set up Directory Synchronization for Integration projects?  

For hybrid or mixed environments, where your local Active Directory (AD) is being synchronized to Azure AD the following is required.

  1. At least one (1) Windows server to host the local Agent.
  2. During set up, install at least one (1) local Agent in each AD Forest. Up to 5 agents are supported. One (1) agent per server.
  3. Account credentials for one (1) AD account with permissions to create and update objects within the designated Organizational Units (OU).
  4. Account credentials for one (1) Global Administrator within your Microsoft 365 tenant.
  5. Designated OUs in each environment to create new objects.

For additional details about local Agents, visit Directory Sync Requirements.

For cloud only environments, where there is no local Active Directory the following is required.

  1. Account credentials for one (1) Global Administrator within your Microsoft 365 tenant.

For more information about account permissions, click here.

 

Local Agents for hybrid AD deployments  

For complete details about local Agents, visit Directory Sync Requirements.

 

Source & Target Organization Units for hybrid AD deployments  

When deploying a Premium Integration project that involves at least one (1) hybrid environment you must choose or create designated Organizational Units within your local AD Forest to allow new User or Contact objects be created.

 

Workflows for Office 365 Groups & Teams Membership (optional)  

When deploying a Premium Integration project that includes Office 365 and Teams migrations, the following Directory Sync workflow must be manually configured to facilitate the synchronization of group membership to ensure all migrated users are properly assigned the correct roles to the target Group or Team.

 

Additional Information  

Basic Migration

Advanced Migration with Discovery

Directory Sync Requirements

Directory Sync Agent Permissions

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating