Chat now with support
Chat with Support

Reference Materials for Migration 8.15 - Migrating to Microsoft Office 365

Introduction BeforeYou Begin Migration to Microsoft Office 365 Post-Migration Activities Tracking the Migration Progress Hybrid Migration Scenarios Advanced Migration Topics Troubleshooting Migration to Microsoft Office 365

Assessing Microsoft Office 365 Deployment Readiness

To analyze and prepare your on-premises environment for an Office 365 deployment, use the Microsoft Office 365 Deployment Readiness Tool in accordance with the Microsoft Office 365 Deployment Guide.

To get the Microsoft Office 365 Deployment Guide for Enterprises, go to http://community.office365.com/en-us/f/183/p/1541/5095.aspx. The tool can be downloaded from http://community.office365.com/en-us/f/183/p/2285/8155.aspx.

Setting Up Company Domains in Microsoft Office 365

You need to add each email domain you want to migrate to Microsoft Office 365 as an accepted domain of your Microsoft Office 365 tenant. The migration service will then use the SMTP addresses of your on-premises mailboxes to create the corresponding email addresses for the new Office 365 mailboxes.

For information on adding company domains to Microsoft Office 365, read Adding domains and users to Office 365 article.

Creating Office 365 Administrative Accounts

You need to create at least four separate administrative accounts which will be used during migration for one of the following tasks:

 

Task Requirement More Info
Provisioning user accounts in Office 365
  • Exchange administrator user role
  • User Administrator user role
  • ApplicationImpersonation role
  • Mail Recipients role
  • Microsoft Exchange Online license
  • Default UPN
Refer to the Requirements for provisioning user accounts in Office 365
Synchronizing calendars
  • User Administrator user role
  • ApplicationImpersonation role
  • Mail Recipients role
  • Microsoft Exchange Online license
  • Default UPN
Refer to the Requirements for synchronizing mailboxes, calendars and public folders in Office 365
Migrating mailboxes
Synchronizing public folders
  • User Administrator user role
  • ApplicationImpersonation role
  • Mail Recipients role
  • Microsoft Exchange Online license
  • Default UPN
  • The account should be associated with the primary hierarchy public folder mailbox
  • The account should be granted by Owner permissions on all public folders

Refer to the Requirements for synchronizing mailboxes, calendars and public folders in Office 365

and to the Additional Configuration for the Public Folder Synchronization Account

Requirements for provisioning user accounts in Office 365

The administrative account must have the Exchange administrator, User Administrator user roles and ApplicationImpersonation and Mail Recipients roles in the Microsoft Office 365 tenant. A Microsoft Exchange Online license must be issued for this administrative account. This account must have the default UPN suffix <tenant_name>.onmicrosoft.com. To create the administrative account you should perform the following:

  • Manually grant User Administrator, Exchange administrator user roles and ApplicationImpersonation, Mail Recipients roles to the accounts that already have a Microsoft Exchange Online license

To grant existing account the User Administrator and Exchange Administrator user roles

  1. Log on to any computer running Microsoft Windows 7 (x64 edition) or Microsoft Windows Server 2008 R2 operating system.
  2. Install Microsoft Online Services Sign-In Assistant (64-bit version). To get installation instructions and download link, go to http://technet.microsoft.com/en-us/library/jj151815.aspx.
  3. Grant the account User Administrator and Exchange Administrator user roles:

    Import-Module MSOnline

    $cred = Get-Credential

    Connect-MsolService -Credential $cred

    Add-MsolRoleMember -RoleName 'User Administrator' -RoleMemberEmailAddress <User E-mail address>

    Add-MsolRoleMember -RoleName 'Exchange Administrator' -RoleMemberEmailAddress <User E-mail address>

    Note: The role object IDs can be used instead of the role name:

    Add-MsolRoleMember -RoleObjectId 'fe930be7-5e62-47db-91af-98c3a49a38b1' -RoleMemberEmailAddress <User E-mail address>

    Add-MsolRoleMember -RoleObjectId '29232cdf-9323-42fd-ade2-1d097af3e4de' -RoleMemberEmailAddress <User E-mail address>

  4. Grant the account ApplicationImpersonation and Mail Recipients role as follows:

$proxy = New-PSSessionOption –ProxyAccessType IEConfig

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic –AllowRedirection -SessionOption $proxy

Import-PSSession $session

New-RoleGroup -Name 'QMMAD Accounts' -Roles 'ApplicationImpersonation', 'Mail Recipients' -Members <User>

Remove-PSSession $session

Requirements for synchronizing mailboxes, calendars and public folders in Office 365

A Microsoft Exchange Online license must be issued to these administrative accounts. These accounts must have the default UPN suffix <tenant_name>.onmicrosoft.com. Also they must have the User Administrator, Mail Recipients and ApplicationImpersonation roles in the Microsoft Office 365 tenant. There are two options how to grant the required roles:

  1. Manually grant ApplicationImpersonation and Mail Recipients roles to the accounts that already have a Microsoft Exchange Online license and the User Administrator role in Microsoft Office 365 as specified above.
  2. Use the PowerShell script that creates accounts in Microsoft Office 365, issues Microsoft Exchange Online licenses to these accounts and grants the accounts required roles. That script is attached to the following Migration Manager for Exchange Knowledge Base article: https://support.quest.com/migration-manager-for-exchange/kb/255600/how-to-create-o365-service-accounts-with-required-permissions.

Note: For speeding up migration performance, you will need to use multiple administrative accounts for calendar synchronization and mailbox migration. Using the script allows automating account creation and role assignment.

To create administrative accounts with User Administrator user role using the CreateQSGranularPermissionAdminAccountsInMSOLModule.ps1 script

You can create the accounts via PowerShell with the minimum required permissions acceptable.

To download CreateQSGranularPermissionAdminAccountsInMSOLModule.ps1 script and see step-by step usage instructions refer to Migration Manager for Exchange Knowledge Base article: https://support.quest.com/migration-manager-for-exchange/kb/255600/how-to-create-o365-service-accounts-with-required-permissions.

Caution: The user account that you specify for the Create-QSGranularPermissionAdminAccountsInMSOL cmdlet must have the Global Administrator role in Microsoft Office 365.

The administrative accounts specified in .CSV file will be created in Microsoft Office 365 and granted the User Administrator, Mail Recipients, and ApplicationImpersonation user roles.

Additional Configuration for the Public Folder Synchronization Account (Legacy Exchange Agents only)

For the account you are going to use for public folder synchronization by legacy Exchange agents, the following steps are also required:

  1. Associate the account with the primary hierarchy public folder mailbox. For that, in the Office 365 Exchange admin center, do the following:
    1. Create a new PowerShell session with Office 365:
      $cred = Get-Credential
      $proxy = New-PSSessionOption –ProxyAccessType IEConfig
      $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic –AllowRedirection -SessionOption $proxy
      Import-PsSession $session

    2. Associate Office 365 Administrative Account with the primary hierarchy mailbox:
      Set-Mailbox –Identity<Office_365_Administrative_Account>-DefaultPublicFolderMailbox<Primary_Hierarchy_Mailbox>
    3. Finally, close the PowerShell session:
      Exit-pssession
      Remove-pssession $session
  2. Grant this account Owner permissions on all public folders you want to synchronize.
    1. Click public folders.
    2. Select the root folder.
    3. In the toolbar on the right, click the ellipsis icon and select Root permissions.
    4. Add the necessary account and assign it the Owner role. Select the Apply changes to this public folder and all its subfolders option and save your changes.

Caution: At this time, the account you specify in the properties of your Office 365 target organization is used for public folder synchronization. By default, this account registers Microsoft Office 365 as the migration destination.

Additional Configuration for the Public Folder Synchronization Account (MAgE only)

For the account you are going to use for public folder synchronization by MAgE refer to Public Folder Synchronization (MAgE) document.

Performing Public Folder Synchronization

Refer to the Public Folder Synchronization (MAgE) Reference Guide for instructions on how to perform public folder synchronization with the enhanced Migration Agent for Exchange (MAgE).

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating