For a long time, I have been advocating for hybrid style migrations from Exchange On-premises to Exchange Online with Office 365, regardless of whether you are a small, medium or larger-sized enterprise. The reason being, it is a much better end user experience, and does not require manual reconfiguration of Outlook clients.A seamless switch-over experience can also be achieved with third party tools, but if you are coming from On-premises versions of Exchange 2010 or Small Business Server 2011, for example, there is no reason not to take advantage of hybrid, saving money for other projects and initiatives. Even with Exchange 2007, it would be possible to install a 2013 server to act as a temporary hybrid “bridge” so to speak–and.New Express Migration method for Small BusinessesFor small businesses, the argument/complaint I always hear is that setting up a hybrid relationship with Exchange Online is “too complex,” and thus we have many people opting for more manual methods such as PST export/import or cut-over. Those are okay migration paths, but I personally think that it is more work in most cases than just setting up the hybrid scenario.It seems that Microsoft now agrees with me–hybrid is going to be an easier path for most small businesses with the addition of “Express migration” to the list of options.
So, the argument that “hybrid is hard” will no longer be valid.announcing and describing this new option.However, I find it is a bit lacking in some of the detail required for both preparation and execution/finalization of the mailbox moves. So, to rectify, here are some “cliff notes” to help you: Step 1: Prepare for the migrationIf you haven’t already, go ahead and sign up for an Office 365 subscription online and.Next, ensure that your external domain name is added as an Alternative UPN suffix in AD Domains & Trusts. Right-click Active Directory Domains and Trusts, and select Properties. Enter your email domain name and click Add. Click OK.The reason you do this is so that you can be sure that your on-premises users have their UPN suffix set to match the email domain name (e.g.
Company.com instead of company.local). In Active Directory Users & Computers, check the Properties / Account tab on your users:Note: For best results, the naming convention of the user accounts should also match the Email addresses (e.g. MaryJ@domain.com vs. If this type of change is required in your environment, it may affect how users log on to Windows in the existing domain.Last, as always, make sure you are up-to-date with the latest service pack & update rollups for Exchange (SP3 at the time of this writing, for Exchange 2010). Step 2: Begin migration steps from the Office 365 portalNavigate to Users Data migration and choose Exchange. This requires that you already have SBS 2011., Exchange 2010, Exchange 2013 or Exchange 2016.
You will be prompted to download and run the Hybrid Configuration Wizard. This must be run from inside the on-premises network where the Exchange server lives, on a domain-joined Windows computer or member server.For SBS, you must still install a hybrid 2013 or 2016 server between SBS and the 365 cloud to act a bridge–as previously described on my blog. Step 3: Hybrid Configuration Wizard & Azure AD Connect SetupThis process is pretty well covered by Microsoft, and I don’t need to repeat it here.
Basically you can select the defaults in most cases, selecting Minimal Hybrid Configuration, and the option to Synchronize users & passwords one time. Just be sure to run this against a member server, not on the domain controller (it is not supported to run the Azure AD Connect tool on SBS anyway–so be sure it is a 2012 R2 or 2016 member server).When you select Minimal, you are enabling the “Express” migration features, but you won’t have super rich co-existence like you get with a full-on hybrid. If you have a small number of mailboxes (like 50 or less), and plan to move all users very quickly, then this is perfect.I also like the option to synchronize users & passwords one time, which will basically install Azure AD Connect for the purposes of migration, running just one sync (instead of having the sync be perpetual–which is what happens if you choose to set it up on your own).The one-time option is ideal, because it leaves an open choice for you to pick how you want to manage identity & passwords after the migration is over–you will not be locked into a hybrid environment. Some small organization admins would rather not keep a hybrid Exchange server around forever–and that’s okay with this option, because you will be able to remove your legacy Exchange server completely, if you so choose, without replacing it. If you do decide to keep Azure AD Connect installed separately and syncing, you will also need to have an Exchange server for management purposes.Note: You can choose one of three methods to manage users when you are done with this migration:.
Cloud-only: Just remove your Exchange server after the migration is over. You can then manage new users, passwords, etc. In the cloud through the Office 365 portal (no more connection with on-premises accounts). Microsoft Essentials Dashboard Integration: to synchronize passwords and have on-premises tools for administering users & mailboxes, without an Exchange Server.
Azure AD Connect: This tool can be installed and activated again if you so choose, which also requires a long-term on-premises Hybrid Exchange server to remain in place. This will synchronize passwords or allow you to choose other options such as Single Sign-On.Step 4: Add licenses to the users in the cloudHere is one place Microsoft’s article misses a little bit, I think.
They do mention that you need to license your users before migration, but that is not laid out very explicitly. After you finish setting up the Hybrid Configuration Wizard & Azure AD Connect, but before you kick off any migrations–that is the proper time to license users.From the Office 365 Portal, go to Users. Select an active user, and choose Edit next to Product licenses.Note: If you licensed users prior to running the HCW & AAD Connect, you will have issues with migration, because mailbox objects will already exist in the cloud, however you are only allowed to have one mailbox per user at a time between on-premises and Exchange Online in a hybrid scenario.
Therefore, do not license users until the synchronization is completed, because Exchange Online will be aware of the on-premises mailbox by then (but not before), so a cloud mailbox will not be created. Step 5: Begin migrationsThis is the “exciting part”–you can return to the Users Data migration screen, select the users you would like to migrate (they recommend starting with just a couple to validate the process), and click Start Migration.When migration is completed, users will be prompted to close and re-open Outlook, at which point they will be reconnected to their cloud mailboxes, and prompted to authenticate using their email address and password.Hint: if you experience continuous password prompts in Outlook after migration is completed, close Outlook.
Go to Control Panel, open the Credential Manager and clear out any entries for Outlook/Office products. Open Outlook again and you should be prompted. Ensure you are using the full email address (same as would be used to sign into OWA for Office 365) and the correct password. Tick the box to “Remember password.”For public folder data (if it exists) I usually recommend exporting this to PST from an Outlook client, and re-importing it to the cloud in the form of a public folder database, or into a simpler shared mailbox. This works 98% of the time for most small businesses, but it is not always possible. Advanced public folder migration scenarios are not covered here. Step 6: What to do after data migration is completedUnfortunately, that’s not the end of the story, even though the article by Microsoft makes it appear that way.
Latest Version Of Microsoft Exchange
There are a few things you’ll want to do in order to finalize the migration and prepare for the removal of Exchange from your environment. Update DNS RecordsAs soon as you’ve finalized the migration, you are ready to complete the Office 365 setup process you started earlier by verifying your domain. Return to the Office 365 Admin center Settings Domains to complete your set up. You will be required to enter additional DNS records with your domain registrar / service provider.Once you have added the records, mail will no longer be delivered to your on-premises Exchange server–it should go straight to Exchange Online.On-premises, open the DNS management console on your Active Directory server. If you have existing (A) records for autodiscover, remove them first. Expand the DNS zone for your (external) email domain name, and edit or add the CNAME record for autodiscover, and make it point to: autodiscover.outlook.comYou can verify it is working by clearing the DNS cache on the server and then pinging autodiscover.yourdomain.com. It should return a value for one of the Microsoft datacenters, such as nameast, namwest, namnorth, etc.You can add the other DNS records if you choose to use Skype for Business, Intune, etc., but these records alone would be sufficient for the purposes of email migration to Office 365.
Changes to Exchange ServerIf you plan to retire Exchange on-premises, you will have a couple small adjustments to make to ensure that clients no longer attempt to connect to the local Exchange server, before removing it (I usually wait at least a week or so post-migration before removing Exchange completely–just in case you’re missing some data on the cloud side of things). SBS 2008/2011 or Exchange 2007/2010Open the Exchange Management Shell and type the following:Get-ClientAccessServer Set-ClientAccessServer -AutoDiscoverServiceInternalUriAnd press Enter.Next, to disable Outlook Anywhere, simply type the following into your Exchange Management Shell:Disable-OutlookAnywhere –Server And press Enter. Replace SMTP relay functionYou might also want to add an SMTP relay connector to Office 365, if you were previously using your Exchange server to relay mail from on-premises LOB apps, or from scan-to-email devices, etc. Office 365 can provide a to replace this functionality.1. From the Exchange Online admin portal, go to Exchange Admin Center Mail flow Connectors. Use the “plus” symbol to add a new connector, choose From: Your organization’s email server and To: Office 365. Step through the wizard, specifying the external IP address(es) of your organization under By verifying that the IP address and clicking the “plus” symbol.
You can leave default values in the rest of the wizard.2. Ensure that your spf record in DNS includes spf.protection.outlook.com as well as ip4::v=spf1 ip4:ExternalIPAddress include:spf.protection.outlook.com -all3. Check that your firewall allows SMTP (25) outbound from the device(s) that require access to the connector.4. On the device itself, you will need to change the SMTP or smarthost address from the internal Exchange server’s IP to the host of your MX record (e.g. You can ping this address to obtain an IP if the device only accepts inputs of IP rather than hostnames. Remove Exchange ServerYou can now follow uninstall procedures for Exchange. Are valid for any Exchange 2007 or 2010 install.
Final NotesRemember, this new “Express” method takes some of the legwork out of a traditional hybrid migration, making it an easy choice for small businesses. Also, you will have a choice to make in the end, about how you want to manage user accounts & passwords.If you choose to add back Azure AD Connect, then you will also need to keep a hybrid Exchange Server around for management purposes. Otherwise, you can remove Exchange completely as described here, and enable password sync with, as an alternative that does not require Exchange Server. Or, you can just leave everything as-is, and manage users & passwords in the cloud, separately from your on-premises environment.
Alexander on March 7, 2017Sounds like you have users that already have cloud accounts, and presumably also on-prem accounts. However, there is no real data in the cloud yet, just using it for licensing. And no mailbox licensing has been assigned, correct? You have two options, then:1) You can setup the Azure AD Connect utility and attempt to soft-match or hard-match the accounts, and then initiate the hybrid mailbox migrations after you’ve confirmed the users show up as “Synchronized with Active Directory” instead of “In Cloud.”2) Just to be safe, since there are only four users anyway, you could remove these accounts and start fresh, allowing the Azure AD Connect utility to provision the accounts directly from the synchronization, and then re-assign the licensing to them.
Users of course would need to sign-in to their Office 365 apps/subscription using the new ID/credentials (which should be configured to match the UPN suffix of your email domain name). Tomas on March 15, 2017Great article Alexander!I want to migrate mail from SBS2011 to Office 365 and later after de-installing Exchange 2010 from SBS2011 move to server 2016 Essentials. First step is done, but I have some issues with AAD syncing.I have used ‘Minimal Hybrid configuration’ - ‘one-time sync option’ with ‘express Migration’ for SBS2011 with Exchange 2010.‘Express Migration Tool’ is installed on 2008R2 server (member of domain servers) otherwise I could not install AAD Connect (installed with default options).After successfully moving all mailboxes to Office 365, the on-premise mailboxes are disconnected in EMC and all mailboxes work fine in Office 365. But the AAD Connect is still in sync between on-premise and Office 365.
The password sync is not just one time, as it should be, but it keeps synchronizing. The property of members in Office 365 is ‘Synchronized with AD’ and not ‘in the Cloud’.Which steps are required to finish the express migration?Do I need to remove the migration connector in O365 Exchange admin?Is it a good idea to break AD sync and then remove Exchange 2010 from SBS2011? (My final goal is dismount SBS2011).Thanks a lot. Alexander on April 3, 2017If you remove the Azure AD Connect / Directory Synchronization completely from the picture, then you can safely remove the last Exchange instance from SBS without adversely affecting anything. However, if you want to keep the password sync going, then you can either 1) add a new Exchange 2013 or 2016 server to replace 2010/sbs before uninstalling the Exchange role from the SBS server, or 2) use the Essentials Experience, as I describe in the article you have referenced to replace the functionality of password sync. Either way will allow you to completely remove Exchange from the SBS box. RKast on May 22, 2017Hi Alex,Nice write up and blog!I have a question what changes does the new Hybrid Express migration make in an Exchange 2013 organization?Full hybrid creates an Email Address Policy for Remote Routing Address and stamps all recipient with a onmicrosoft.com email alias addres, does the Express migration also do this?
And the Full Hybrid also creates Send/Receive connector, does the Express does this also? And lastly does the Express need MS Federation GW and EWS like Full Hybrid does?. Alexander on May 23, 2017Express basically leverages the option, which does everything that full hybrid does, except secure (TLS) mail flow between on-premises and cloud, and any Exchange Federation features such as free/busy. The MRS is still required to move mailboxes, and mailboxes that have already been moved will have their targetAddress property updated for the onmicrosoft.com alias. Basically you can think of it like the bare minimum features that would be required for onboarding mailboxes to Exchange Online, without the parts required for medium or longer term co-existence.
Alexander on May 23, 2017So the connectors that would otherwise be created in a full hybrid are NOT necessary in this case, because we do not need TLS secured mailflow between on-prem and cloud environments. However, you will notice that:1) The MRS proxy will be enabled2) Two remote domains will be created for tenant.mail.onmicrosoft.com and tenant.onmicrosoft.com, as well as a new accepted domain for tenant.mail.onmicrosoft.com.
As part of that, the proxyAddresses attribute is updated to include the coexistence alias. Note, that the users must have the option to automatically update their email address based on email address policies. If that option is not checked, then you’d have to manually enter the coexistence address under proxyAddresses for users migrating to 365.3) Once you actually migrate a user, the “targetAddress” property will be updated with that coexistence alias, so that mail sent from the on-prem exchange server will continue to find its way to the Exchange online mailbox. Alexander on May 24, 2017It sounds like you are pretty familiar with the changes that are made with hybrid already, and the answer is yes–this works exactly the same way. Because the recipients will have the alias added via the email address policy updates, mail will continue to flow between on-prem and cloud mailboxes. Therefore it does not need to sync every 24 hours after it is done migrating, as new mail items delivered to the on-prem server after migration would be forwarded onto the cloud mailbox via the alias in real time. Whether you choose the minimal or the full hybrid option this is true, but with minimal it will not be delivering that mail via TLS (so it will not be encrypted between your server and Exchange Online).
Check Exchange Version Powershell
When you run the wizard you can select either minimal or full hybrid. The express option (syncing users only once) is only available if you choose the minimal hybrid route. Even though it is only synced one time, it is still a minimal hybrid configuration that uses the same technology to migrate the mail and keep mailflow between organizations. Technically, even though I liked the express option at first, in practice I always recommend that my customers keep AAD Connect for its many other benefits, so I usually setup a full sync with Azure AD Connect, and choose minimal in the Hybrid Configuration Wizard, then create my migration batches in the EAC (unless there is a need for longer term co-existence, free/busy, encrypted mailflow, etc.–in which case I choose full). I don’t find that the minimal w/ one-time sync provides that many benefits, vs. Just keeping AAD Connect and leaving a management interface for Exchange behind somewhere in the environment.
RKast on May 24, 2017Alex, I have done litterally dozens of “full” hybrid migrations since Exchange 2010 era. But for a new customer that wants to migrate fully to Office 365 (Cloud user and not Synced users) with 1400 mailbox the Express migration sounded like the way to go. But unfortunately their current Exchange 2013 Organization is a hosted multi-tenant Exchange Organzation. So the hosting company will not allow changes being made in their Exchange Organization (email address policy updates, add proxy aliases, new remote domains etc). As described perfectly by you there are changes being made (as described) so I guess the hosting company don’t allow us to use the Express Migration. Looks like we are stuck to Cutover Migration that does not make all those changes in the multi-tenant Exchange Organization.Only thing that rests me to do is to Thank You very much for all your valueable information and time.
It is really much appreciated. Will keep following your blog for sure!FYDIBOHF23SPDLT 🙂. Alexander on May 24, 2017Ah yes, that makes sense–I have wanted to use hybrid in so many cases like this myself. But in this situation, I usually turn to BitTitan’s Migration Wiz + Deployment Pro. Saves tons of work, totally worth the cost IMO.
I usually just explain the circumstances to the customer and say that we can, for an additional fee, make this way less painful (and it’s only painful because the current provider does not support certain changes for best compatibility with 365–therefore we require a third-party tool with a one-time fee to get it done). Otherwise labor is much more costly, or you give the users some self-service instructions which can also be a headache to manage. Mikey on May 29, 2017HiGreat article BUT Most environments have more than 2 exchange 2010 OR more than 2 exchange 2013 servers.Let’s say these are your records & you have 2 multi-role exchange servers:autodiscover.SMTPDomainName.comOWA.SMTPDomainName.com (for owa, owa, ecp, AS.)1.
If using an existing exch server to install hybrid wizard: What roles must the exchange server that is hosting the hybrid wizard have? CAS/HUB in 2010 OR CAS/Mailbox in 2013?2. If using an existing exch server to install hybrid wizard: Where do you point above records internally & externally during the co-existence phase?3. If using a NEW exch server to install hybrid wizard: Where do you point above records internally & externally during the co-existence phase?Sorry but your article doesn’t clarify that.Thank you. Alexander on May 30, 2017Hey Mikey: Actually, most environment that I am talking about would have a single Exchange server, not multiple. Small Business Server or a small organization of 300 seats or less usually deploys a single Exchange Standard server, in my experience. There are of course exceptions to that.
But this article is particularly about the “express” option, which I would only recommend for smaller sized organizations making a move toward a “cloud-only” environment, e.g., single server setups most likely. In 2010 the key roles that are used in hybrid were hub/cas and the key roles used in 2013 were cas & mailbox (full install). Of course in 2016 you just have the one (mailbox) role. During co-existence, the on-prem servers handle everything just as before; it is your choice for example whether you want OWA access to switch from an existing 2010 or 2013 over to something newer like 2016–it makes no difference where this function lives. The hybrid configuration wizard will automatically choose the newest server version in the environment to be the hybrid connection point. You can either switch your front-end services such as autodiscover, owa, etc.
Over to a new 2016 server as though you were migrating to it, and then move mailboxes to 365 instead (a common method), or leave everything as-is, and just have a separate “hybrid.” alias on a new 2016 server off to the side with a new external IP, and allow the old system to remain being accessed during co-existence without referring to the new server. The hybrid server does become your “endpoint” for migration (it runs the mailbox replication service to 365). So for larger deployments I usually recommend:1.
Deploy new server (2016 most likely)2. Either cut the existing front end/OWA services & autodiscover over to it OR give it a separate new name such as hybrid.company.com that is accessible inside & outside the network w/ this name included in the UCC cert3.
You Have A Previous Version Of Microsoft Exchange Messaging Service
Run AAD Connect & Hybrid Config Wizard4. Migrate mailboxes to 365, etc., etc.I don’t recommend just creating a longer-term hybrid from existing 2010 servers–it is much better to just have a newer hybrid server in place, since you will need to remove 2010 sooner or later anyway as it falls from support, and you can get 2013 or 2016 for free if it’s just being used for hybrid. Alexander on July 22, 2017It is true that this is the official, published opinion of Microsoft. However, I have been speaking with Exchange Online support team, and on two separate occasions recently they have confirmed it is supported to use Azure AD Connect with password sync, and yet NOT maintain an on-premises Exchange server. So that is different than the published “official” stance, but, there is also a lot of customers wanting to ditch Exchange on-prem. So, they seem to be coming around to this point of view on the support side.
I just wish they would publish something to this effect, because otherwise it seems to just be “word of mouth” type of thing–and many orgs will not necessarily get behind that (they want it in writing). Remember: you will need to make certain changes (e.g. ProxyAddresses) on-premises in ADSIedit or similar, without an Exchange server. Steve on July 19, 2017Hi Alex,Thanks again for the great article. I have a question though. We are migrating from SBS 2011 and only have the single server on the network. For the express migration since we can’t run AD connect on the SBS box and we have no other members servers running on the network, can the Express migration and AD connect be run from a domain joined WIndows 7 computer.
If not, could I temporarily install a WIndows Server 2012 on the network to do the one time synchronization and then remove it?Thanks in advance. Steve Dimestico on July 24, 2017Ok, thanks for the info. I will setup a windows Server 2012 R2 standard to do the migration.
My colleague did it on another system but ran the express migration from the SBS server itself. It did synchronize all the accounts and passwords but did not do it for just the single time. It is continuing to synchronize the accounts and I am a little concerned about removing the AD connect and the ramifications since it was run on the SBS box. Do you see any issues in removing AD connect in that situation?Thanks,Steve. Catherine B on October 3, 2017Looking to do this Express migration with SBS 2011 Standard. Can you verify this piece of the puzzle? “When migration is completed, users will be prompted to close and re-open Outlook, at which point they will be reconnected to their cloud mailboxes, and prompted to authenticate using their email address and password.” So this automatically happens once their mailbox migrates to O365 but when they close Outlook and reopen again does it create a new profile?
Or keep the existing one? We are sick of doing the desktops touching as well so the hybrid solution seems sweeter the more I read about it. Catherine B on October 4, 2017Yeah that saves tons of time. It won’t affect the domain logon to the computers? And the password they enter is the same as their domain one? The environment we have is a bit nutty.
They have about 5 different email addresses under their mailboxes since they kept changing their mind on email addresses. So for example:,. And the domain logon would be joe for the user name to the domain. I was thinking of doing the full hybrid since they have archives in the mix too but we aren’t keeping Exchange on site afterwards although I see on your other post that you can remove it through additional steps. I assume the Hybrid Express won’t move the Exchange archives? Thanks for your help. R Smith on November 9, 2017Love the site, but this article needs a health warning about the Minimal Hybrid route if your source server is not at the right version.In summary – if you run Minimal Hybrid and aren’t on the right source version, you will be prevented from doing a cutover instead for a period of up to 24 hours.
Yes this has screwed up plans again on a migraiton already delayed a week waiting for Microsoft to fix a migraiton bug, EX124276.My conclusion is that the source Exchange Server probably needs 2010 SP3, just as with the full Hybrid route, although of course Microsoft don’t bother to include this little nugget of information in their docmentation. 2010 SP2 may work; the specific command ours failed on was introduced in SP2; but I suspect it would have failed on something else later had that command run.Unluckily for us we were running 2010 SP1.If you are, and you run the Hybrid Configuration Wizard, it will do two things.
Firstly, it will fail. The error shown in the interface is unhelpful. Against the on-prem exchange it will fail with four red dots and “Command not recognized. Please verify you have the correct Management Role assigned to your account”.This is not actually a permissions problem as hinted. The command that actually causes the error can be found by looking at the logs in “C:usersAppDataRoamingMicrosoftExchange Hybrid Configuration”. Find the latest timestamped.xhcw file and open it with Internet Explorer.There you will see a line with the commandlet that failed.
In this case it was Get-HybridConfiguration.The TechNet article for Get-HybridConfiguration shows this command did not exist until SP2, therefore SP1 will never complete the Minimal Hybrid/Express Migration.aspx“Oh well,” you’ll say, “Minimal hybrid would have been really nice, especially the auto-updating of clients, but we’ll just have to go cutover instead.” Fine plan, but not so fast there.Microsoft have another unpleasant surprise for you here.When you run the wizard sets the DirectorySynchronizationStatus flag in your online tenant to Enabled. Yes of course it does before even bothering to check whether it will work. You can verify this in a PowerShell Connect-MsolService session by running Get-MSOLCompanyInformation ft DirectorySynchronizationStatus.If you try to create a Cutover batch, you’ll get an error that tells you you can’t do that because Directory Sync is enabled, including a link to click for more help which doesn’t actually contain any information about the issue.If you try to turn it off from MSOL with Set-MsolDirSyncenabled -EnableDirSync $false you’ll get an error telling you can’t turn it off! That’s right, to stop people toggling their synchronization willy-nilly, Microsoft don’t let you turn this off for a variable period that appears to be up to 24 hours. That information courtesy of this page:So proceed with extreme caution if you’re not on SP3.In fact I just tried the Cutover option again and the radio button is now grayed out this goes from bad to worse. Alex on November 9, 2017I will add a note about that! Yes, as with ANY migration, be sure you are up-to-date before you begin.
If you are using hybrid cutover is not an option, as it works differently, namely the mailbox GUID is synced in hybrid via Azure AD Connect, whereas in cutover, a new mailbox is created with a totally unique GUID. Also, if there is already a mailbox created in the cloud for some accounts, then it isn’t possible to turn on Azure AD Connect and have it sync, so that you can do a remote move migration. So these are mutually exclusive options. R Smith on November 9, 2017Thanks Alex. I really think MS should be saying “2010 SP3” on the page for this. They do list that for full hybrid. They market this as a quick easy option for people who don’t want or need hybrid – they do not stipulate that the source Exchange needs to be fully updated.Also I appreciate they’re hybrid and cutover are mutually exclusive options.
But since I can’t have hybrid I’m going to go cutover. But because MS have turned on Directory Sync.before. checking whether it can be used, I’m stuck waiting until they allow Set-MsolDirSyncEnabled -EnableDirSync $false to work.UPDATE: I just tried to disable the sync again (it had never happened, it was just turned on) and it worked.
However, I wasn’t able to create a cutover batch through the web GUI. The radio button was just greyed out. The migration endpoint for the on-premises server still existed from my earlier failed attempt at creating the cutover batch.I was able to create the batch in PowerShell withNew-MigrationBatch -Name CutoverBatch -SourceEndPoint OnPrem -AutoStartLet’s hope it works.
Alex on March 6, 2018The time depends heavily on the bandwidth, etc. I suggest setting aside a day to get the setup done (more if you have to update service pack, etc., less if not). And then, you will kick off migration, sometimes there are errors to correct/sweep up while those begin syncing, so add another day there. Now you wait (again it depends on how much data, how good is bandwidth). Once synced, you can schedule a ‘cutover day’ with the client.
I usually go through cutover procedures first thing in the morning and help users as their profiles switch over to O365. I just charge a whole onsite day for that day. There may be an additional few hours to throw in for fielding help requests that come in after the fact. Alex on March 11, 2018That would be really dumb. You obviously are missing something.
You should be able to sync other mailboxes, assuming you have your entire directory synced, and it can see the full GAL you should be able to pick any/all addresses. But you know you can also just use the migration wizard right from EAC online, recipients migration. Once the sync and hybrid config wizard has run, you don’t have to use the horrendous interface in the default admin UI. Go to Admin Centers Exchange. HELMUT on March 14, 2018Hello Alex,Thx for the great tutorial.I made a copple of test with 5 mailbox and 1 onpremise public folder, 4 user moves to the cloud, setup with powershell to use remote public folder all work fine.The only problem is that i cannot configure calender permission across onpremise and hybrid.Is this normaly?What happen wen i have a company wit 30 mailbox that use the calender across the user,Wenn i move 10 mailbox to o365 for this user is possible to access to the onpremise calender?If not is bether create a full hybrid and after finish the migration remove this?Thx. Garret on March 16, 2018Thanks for the excellent article Alex,In the article as well as back on March 15, 2017 you mentioned that in order to keep AAD sync running you’d need to keep an on premise Exchange (2010 in our case) instance running perpetually to keep passwords in sync.It seems like (at least with no SBS in the picture,if that matters) you could install AAD sync on any member server even before running HCW and get password syncing between on-prem and the cloud going? With this type of AAD on member server setup would expect to be able to run the minimal setup via HCW and keep passwords in sync even after the migration has completed while also decomming all on-prem Exchange?.
Alex on March 18, 2018Here is the problem, Garret. It is NOT SUPPORTED to remove the last Exchange server from the environment, if Azure AD Connect is still in place. Doing so is actually somewhat problematic since you can end up removing Exchange properties (aliases, etc.) when you remove Exchange, and the users in the cloud are adversely affected, since the changes are synchronized from on-premises. It is necessary therefore to remove Azure AD Connect first, before removing Exchange. If you were to put Azure AD Connect back in place you would want to make sure all your aliases, etc.
Were accurate in the on-premises directory again. Now, it is not supported to have this synchronization without some kind of on-premises Exchange server because you cannot edit the Exchange-related properties of a user account without something such as ADSI edit or whatever–and MS does not want you doing that. Hence they say to use the Exchange management console.
For this reason, they also provide a free hybrid Exchange license to Enterprise customers (E1, E3, E5, etc.) because they are more likely to be using Directory Synchronization. I have written on this before also at great length. Garret on March 20, 2018Understood and I appreciate the response Alex,One other item I have noted as I research the express migration process is that some blog posts seem to say that you need a legitimate/trusted/not expired 3rd party certificate to run even the express version of HCW. Have you found that to be true? My current cert is expired and I would prefer to avoid buying one just for the migration. I’m planning on migrating over a weekend so I would not need any extended O365 On-Prem mail flow that would necessitate a cert it seems?Thanks.Garret.
Lee on March 18, 2018On the options of Cloud Only, you do need to disable the DirSync. I connect to Azure AD and run(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled to verify it’s still enabled.Then I runSet-MsolDirSyncEnabled -EnableDirSync $falseto turn it off.Also on another subject, my client had mail enabled public folders and they weren’t rec’ing external email. Besides setting all the permissions and SMTP addresses, I had to set the accepted domain to Internal relay to get the mail to flow.Good write-up. Have enjoyed your posts. Dan on March 27, 2018Great article here, Alex!Question for you – and thanks in advance!!!
Here’s my scenario:We are currently using Office 365 Business Premium/Essentials at our company of about 60 users (let’s call it Company A). We recently acquired a company of about 25 users (let’s call it Company B) that has an already existing Exchange 2013 server on-prem.
We would like to migrate that company’s mail services from that on-prem server to our current Office 365 account using Express Hybrid.There’s no AD syncing being used at the moment in Company A’s Office 365, so from what I understand this should be a fairly simple migration. I was considering using the Express Hybrid to migrate mailboxes up, but I’m concerned that might affect Company A’s current Office 365 mailboxes/accounts.Basically, we’re looking for some advice on how to add a new company to an already existing Office 365 account and migrate up from on-prem Exchange. Is Express Hybrid the way to go?Thanks very much!Dan. Alex on April 5, 2018Typically I’d use a third party tool like BitTitan’s Migration wiz for mergers/acquisitions, however since you do not already have a hybrid in place this could be possible.
But I would also decom the dirsync and hybrid connections after you are done with the migration. It should not affect the existing mailboxes, since there are no identities in the Company B’s AD that correspond to your accounts. I would check to see if there are contacts, however that refer to accounts. When you join the 2 orgs together, you’ll want to move the groups and aliases for those contacts onto the corresponding mailboxes instead, removing the contacts (because now the mailboxes will be in the same org rather than in different ones, so contacts to represent those destinations won’t be necessary). Be careful, because sometimes there are legacy X500 aliases and so on, which also need to be preserved/moved to the mailboxes. Jack on August 14, 2018In step 5, before we update DNS records, the article says“When migration is completed, users will be prompted to close and re-open Outlook, at which point they will be reconnected to their cloud mailboxes, and prompted to authenticate using their email address and password.”Does this mean that users will be connected to a cloud mailbox even before we update the DNS records?
Does this happen after all the selected mailboxes are migrated, or per mailbox? Also, before we update DNS records but after the migration finishes, will the on-premise mailbox continue syncing to O365, so if we don’t update their DNS records right away, then they won’t notice any missing mail?
Rick on January 23, 2019Hi Alex,So I’ve got SBS 2011/Exchange 2010, Server 2016 as a member server with AAD Connect running on it. The users accounts have sync’d in my Office 365 tennant OK. I’ve run the Office 365 Hybrid Configuration Wizard on the SBS2011 server and it completed successfully. However in the Office 365 mail migration advisor on the “Verify hybrid deployment” I’m getting an orange warning about “Make sure you’ve run the Hybrid Configuration Wizard on-premises before proceeding” and when I skip ahead to the next tab and try a test migration it doesn’t work – I see it briefly say “starting” and then it changes back.Any ideas as to how I can troubleshoot this?. Chris Francis on August 8, 2019HelloAm I right in understanding that all the office365 migration methods require a public ssl certificate?I am trying to migrate my test lab Exchange 2016 to Office365 but the hybrid express migration failed with a few errors related to ssl/tls not found.The only way I can see it working without a public certificate is by using the method to setup an empty office365 E3 account and then importing the PST files into desktop outlook and then it syncs up to the microsoft server??Any suggestions without using Public Certs would be appreciated.Thanks. My name is Alex Fields.
I am a real, actual human being. I like to write about things that interest me and share them with my friends & co-workers.
I live in Minneapolis, Minnesota where I've been helping small businesses in their transition to the Microsoft cloud for the better part of a decade. If you want to connect, find me on Facebook or Twitter. Thanks for reading!Recent Posts.Archives.Tags. © ITProMentor.com. All Rights Reserved.
Disclaimer: You are 100% responsible for your own IT Infrastructure, applications, services and documentation. ITProMentor.com owners, authors and contributors assume no liability or responsibility for your work.
Please independently confirm anything you read on this blog before executing any changes or implementing new products or services in your own environment. Privacy: We will never collect personal information about you as a visitor except for standard traffic logs automatically generated by our web server and Google Analytics. We will never sell or voluntarily disclose your personal information or email address.Navigation.
Microsoft Exchange is Microsoft's email server solution. In layman's terms, it's a piece of software that runs on a server and manages all your emails.Incoming, outgoing, saved, drafts, calendars–everything is done through Microsoft Exchange and stored on the server.Microsoft Exchange isn’t the only way a company can manage their emails.Most organisations start with what's called POP3 email. What that basically means is whoever hosts your website also manages your email. They collect it and then send it to each individual computer, effectively downloading that email onto each computer.The problem with POP3, and why products like Microsoft Exchange exist, is that all of the emails that you're downloading from your web-hosting provider are stored on individual computers. Therefore if one of the individual computers dies, all your emails would be lost.
Microsoft Exchange is designed to centralise your emails into one database. Instead of your web-hosting company handling your email and them storing them on your computer, Exchange manages and backs up the emails on a server.The rise in popularity of ‘ hosted exchange’ has allowed organisations to access a variety of enterprise-grade software solutions and bypass the major hurdles of infrastructure costs, licensing fees, maintenance and training. A hosted exchange hosts your emails in the cloud. IT service providers offer Hosted Microsoft Exchange services and can handle of all your emails and store them securely in the cloud.
Why Microsoft Exchange is important?Microsoft Exchange enables email to be delivered directly to a server. It works by sending the emails back to your individual workstations in which your staff can access. Small and medium-sized companies can achieve three benefits from using Microsoft Exchange. Centralise emails so that they can be backed up. If you're using an old POP3 model, you risk losing your emails. Exchange is first and foremost about centralising and backing up that information. Eliminate email threats before they reach your network.
Exchange actively protects your communications with built-in defences against email threats. Multi-layered anti-spam filtering comes with continuous updates to help guard against increasingly sophisticated spam and phishing threats, while multiple anti-malware engines work to protect your email data from viruses.
Shared calendars between different members of your organisation. Stay informed of what other staff members are doing. Shared calendars help companies to be more organised and productive. Set an out-of-office reply. A simple but useful feature. Keep your fellow colleagues, clients and sales prospects informed when you are out of the office or away on holiday.Challenges of Microsoft Lync. Upgrading can be difficult.
The Microsoft Exchange server is a hassle to upgrade. Since it’s on a server, you need to buy the new version, back up all the old emails, and install the new version. This is time consuming and can be frustrating. Maintenance for local server.
Since it’s hosted on a server, it requires maintenance.