Chat now with support
Chat with Support

Reference Materials for Migration 8.14 - Migrating to Microsoft Office 365

Introduction BeforeYou Begin Migration to Microsoft Office 365 Post-Migration Activities Tracking the Migration Progress Hybrid Migration Scenarios Advanced Migration Topics Troubleshooting Migration to Microsoft Office 365

On-Premises Directory Migration

On-Premises Directory Migration

On-Premises directory migration consists of two major steps:

  1. Synchronizing Users
  2. Migrating Passwords

Synchronizing Users

Migrate users from the source resource domain to the target Active Directory domain (the one that is synchronized with Microsoft Office 365).

What will you achieve

  • Mail-enabled users that have the targetAddress attribute pointing to source mailboxes will be created.
  • Mail sent to newly created mail-enabled users using on-premises Global Access List (GAL) will be delivered to the corresponding source mailboxes

How do you do that

Configure directory synchronization from the source resource domain to the target Active Directory domain so that the target GAL is populated with the objects from the source domain.

For that, take the following steps:

  1. Open Migration Manager for Active Directory Console.

Note: Ensure that the current open project is not the one that is intended for migration to Microsoft Office 365.

  1. Install a new Directory Synchronization Agent instance if none installed already. For details, see the Agent Manager topic of the Migration Manager for Active Directory User Guide.
  2. Create a domain pair of the source resource domain and the target Active Directory domain. For information on how to do that, see the Domain Pairs section in the Migration Manager for Active Directory User Guide.
  3. Configure a new synchronization job for the domain pair according to the Configuring the Synchronization Job topic of the Migration Manager for Active Directory User Guide. Set the following specific options for the synchronization job:
    • Set Security Settings:
  • The Synchronize passwords option must be cleared.
  • Under User Principal Name handling, set the domain suffix of the UPNs to the appropriate domain matching federated domain used in hybrid.
  • Advanced Options:
  • Select Use custom add-in and specify add-in located at <Migration Manager installation folder>\Active Directory\CopyTargetAddress.xml.
  • Click Attributes to Skip and select to skip all attributes that should not be migrated from resource domain to avoid overwriting attributes during migration.
  • Specify Exchange Options:
  • Select the Mail-enabled users option
  • Specify the target SMTP address template (e.g. target.local)
  • Specify the source SMTP address template (e.g. source.local)

Note: Since the source.local redirection domain will be also used in Microsoft Office 365, it should be publicly available, or the corresponding connectors should be created in Microsoft Office 365 to establish mail flow.

  1. Start the configured directory synchronization job as described in Starting and Stopping Directory Synchronization topic of the Migration Manager for Active Directory User Guide, and wait until initial synchronization completes.

How do you verify that step worked

  1. Create a test mailbox in the target on-premises organization.
  2. Using GAL, send a test message to any mail-enabled user created by Directory Synchronization Agent (DSA).
  3. Open the source user's mailbox and check that the message is delivered successfully.
  4. Reply that message and ensure that it arrived to the target mailbox.
  5. Repeat the above steps using any mailbox outside your organization to check that original and reply messages are delivered successfully.

Additional information

For details, see the following topics in the Migration Manager for Active Directory User Guide:

  • Pre-Migration Activities
  • Directory Synchronization

Migrating Passwords

Migrate passwords for the users from the source account domain to the target Active Directory domain.

What will you achieve

Users will be able to log on to the target on-premises domain with their source account passwords.

How do you do that

Configure a new migration session from the account domain to target Active Directory domain so that users' passwords become in sync.

For that, take the following steps:

  1. In Migration Manager for Active Directory select service attributes different from ones used in user synchronization for the domain pair that consists of the source account domain and the target Active Directory domain. For information on how to do that, see the Domain Pairs section in the Migration Manager for Active Directory User Guide.
  2. Create a new migration session according to the Creating a Migration Session topic of the Migration Manager for Active Directory User Guide. Set the following specific options for the migration session:
    • Select Source Objects: Click Import and provide a plain-text file that contains pairs of distinguishedName attributes from the source account domain and the corresponding mail attributes from the target on-premises domain for each user, one per line.
    • Set Security Settings:
  • Under User Principal Name handling, set the domain suffix of the UPNs to the appropriate domain matching federated domain used in hybrid.
  • Set Password handling to Copy account password so that source account password will be copied to the target Active Directory domain. That is required to enable access to Microsoft Office 365 with the same password through SSO.
  • Object Processing:
  • Select the Enable target accounts option so that migrated accounts will be able to access target Active Directory domain as well as Microsoft Office 365 with the same password through SSO.
  • Click Attributes to Skip and select to skip displayName attribute as well as other attributes that should not be migrated from account domain to avoid overwriting attributes during migration.

3 Complete the wizard to start the migration session.

How do you verify that step worked

Once migration session completes, log on to any migrated user account using the same password as the user has in the source organization.

Additional information

For details, see the following topics in the Migration Manager for Active Directory User Guide:

  • Pre-Migration Activities
  • Account Migration

On-Premises Mailbox Migration

On-Premises Mailbox Migration

If you need to migrate some of mailboxes to the on-premises part of the target hybrid, you can do that now. For detailed information on how to do that, refer to Migration Manager for Exchange User Guide.

Note: Before performing on-premises mailbox migration in Migration Manager for Exchange console, ensure that the current open project is not the one that is intended for migration to Microsoft Office 365.

Cloud Directory Migration

Cloud Directory Migration

Provision users from the source resource domain that were previously created in the target Active Directory domain to Microsoft Office 365.

What will you achieve

  • Accounts from source domain will be listed in the Microsoft Office 365 Global Access List (GAL)
  • Mail sent by cloud users to mailboxes from the source resource domain will be delivered successfully.
  • Mail users will be created in Microsoft Office 365 and their ExternalEmailAddress property will point to corresponding mailboxes in the source resource domain.

How do you do that

This step is performed automatically by Microsoft Azure AD Connect as soon as mail-enabled users have been created in the target Active Directory domain by Directory Synchronization Agent.

Note: Note that the new users created in target Active Directory domain are not immediately processed by Microsoft Azure AD Connect. Therefore, wait until Microsoft Azure AD Connect completes synchronizing directories before proceeding.

How do you verify that step worked

  1. Sign in to Microsoft Office 365 under any licensed user, open address book, select any user from source organization and send a test message to that user.
  2. Open the source user's mailbox, check that the message arrived successfully, and reply to it.
  3. Make sure that reply message is delivered to cloud recipient.
  4. Repeat the above steps using any mailbox outside your organization to check original and reply messages are delivered successfully.

User Matching

User Matching

Match users in the source Active Directory domain with users in the target Microsoft Office 365 tenant.

What will you achieve

  • • Mailboxes from the source Active Directory domain will be matched with the corresponding Microsoft Office 365 mail users.
  • The Location property will be populated for the Microsoft Office 365 users.

How do you do that

Configure new migration from source resource domain to Microsoft Office 365 in Migration Manager for Active Directory (Microsoft Office 365) console to match accounts.

Set up a new migration as follows:

  1. Install a Directory Migration Agent instance if none installed already.
  2. Configure migration pair of source Active Directory domain and target Microsoft Office 365 tenant.
  3. Specify the mail redirection domain for the migration pair. When choosing mail redirection domain, take the following into account:
    • This domain must be accepted in on-premises domain only
    • The domain must not be accepted in Microsoft Office 365.

Note: The source.local domain used for Directory Synchronization can be used as redirection domain if it is publicly available or corresponding connectors exist in Office 365 tenant. If centralized mail transport is enabled in your hybrid deployment, you can use the existing on-premises connector for this purpose.

  1. Select the Empty Active Directory to Microsoft Office 365 mapping template for the migration pair.
  2. Create a static collection including all objects from the source Active Directory domain.
  3. Start a new migration task with the following options:
    • The Create new objects on target option cleared
    • The Merge into existing objects on target option selected
    • The UPN suffix set to the corresponding federated domain in Microsoft Office 365

How do you verify that step worked

To ensure that the above procedure succeeded, check that the Location property is populated for the Microsoft Office 365 users.

Additional information

For details, see the Provisioning User Accounts in Office 365 section.

Related Documents