Office365 - off-boarding users
-
25 ianuarie 2012 14:59
is it possible to have a hybrid, rich coexistence, Exchange model and then use Office365 to off-board users to that environment before migrating (off boarding) to an entirely different AD/Forest (hence Exchange environment)
so in a sense using the cloud as a stepping stone
Toate mesajele
-
28 ianuarie 2012 17:15
If I understand what you are asking, and please correct me if I don't, is that you want to move mailboxes to the cloud, then transition them to a different forest/domain longer term.
My suggestion would be to use the Migration method called hybrid migration for a subset of mailboxes.
Here is a link:
Upon completion you can disable directory sync using the powershell online services module - note this is NOT the exchange module on prem
Set-MsolDirSyncEnabled -EnableDirSync $false
Wait 72 hours before attempting to resync. Setup directory synchronization in your new forest on a Win 2k8 member server. Then use the graphical interface and the normal steps to enable it again.
Upon re-enabling directory synchronization for the new domain, you will need to map the UPN of the users to their on premise user account in directory synchronization. Directory synchronization will map users by their primary SMTP and the UPN. you can then manage them through the new domain longer term. Be sure the UPN in the new domain matches the primary SMTP address. though Directory sync is a one way tool, as long as the users match up on the UPN, it will take the on premise GUID and apply it.
http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652557.aspx
- Propus ca răspuns de Interlink - Jason 28 ianuarie 2012 17:15
-
1 februarie 2012 13:38
Hi Jason
If I understand what you are asking, and please correct me if I don't, is that you want to move mailboxes to the cloud, then transition them to a different forest/domain longer term.
yes that is exactly what I meant, thanks for the reply
so in essence, the cloud (office365) becomes a staging post in an inter forest user/mailbox migration
I will check out the link, many thanks
-
31 iulie 2012 21:32
Found this thread via Google. I know its old, but for the next guy that finds it:
No you cannot do this. Dirsync is one-way (except for a few properties) and Office 365 currently does not support multi-forest (which is essentially what you are asking).
In order to offload users from O365 you indeed need a hybrid config. However, in order to offboard a mailbox, the mailbox needed to be placed in the cloud by the Hybrid config in the first place. Ofcourse, this is not the case when you want to offboard to a different forest. The hybrid config wasn't there in the first place so you can't do it.
-
1 august 2012 14:21
I dont think you can do this for a number of reasons.
1. DirSync is only supported in a single forest, for now.
2. Cloud objects are managed by on-premise AD
Rajith Enchiparambil | http://www.howexchangeworks.com |
-
8 august 2012 23:27
I do, appologize, Sandor, but that is incorrect.
1. Disabling DirSync removes the Immutable ID from the O365 object (this is the attribute that ties it to the current forest), so that a customer can then sync to the new forest and have DirSync re-create the Immutable ID and connection to the O365 object and take ownership.
2. Creating a Hybrid or Exchange Federation connection to the new forest is very simple and doesn't require having pushed the mailboxes from on-premises to O365 in the first place. It is a very simple feature of Exchange 2010 (MRS) that allows this function to occur.
The steps Hodgy would have to perform are this (assuming your current infrastructure is Exchange 2003 or later):
1. DirSync from Forest1 to create objects in O365
2. Deploy and federate Exchange 2010 Hybrid server with O365
3. Perform MRS task to move mailboxes to O365
4. Remove federation between O365 and Exchange 2010 Hybrid on-premises
5. Disable DirSync in the O365 portal (this removes the Immutable ID and any connection to the current forest)At this point there is no difference between your current mailboxes and a mailbox that was created initially in O365
6. Enable DirSync and perform an initial sync from the new forest
7. Deploy and federrate Exchange 2010 Hybrid server with O365
8. Perform MRS task to move mailboxes to on-premises
9. Have fun with your mailboxes in their new homeHave a great day,
Dan
http://insecurityinc.info
- Propus ca răspuns de Daniel Trautman 8 august 2012 23:27
- Marcat ca răspuns de Hodgy0_2 9 august 2012 07:05
- Anulare marcare ca răspuns de Hodgy0_2 9 august 2012 07:05
- Marcat ca răspuns de Hodgy0_2 9 august 2012 07:10
-
9 august 2012 07:10
Hi Dan
yes I thought it would be possible, and assumed the approach would be the same as the on you posted
presumanbly if you only needed to do a subset of user from forest1m, you would only move those to the cloud before breaking the DirSync/ADFS and recreatingn with Forest2
-
9 august 2012 07:19
Intresting, Dan. Have you tested this?
I alway assumed, since dirsync is oneway, you can't go back unless you synced the objects there in the first place.
-
10 august 2012 00:13
I have not tested this yet since I don't have a 3rd party certificate to apply to my test environment, but MRS is very simple and the Exchange federation does not require DirSync, it simply makes it easier.
You can connect EMC to O365 to view your users without having DirSync running, or federation enabled. The federation simply creates the trust so you can then move the users over.
http://insecurityinc.info
- Propus ca răspuns de Daniel Trautman 10 august 2012 00:13
-
10 august 2012 05:44
The movement of mail boxes has nothing to do with Exchange Federation (thats for free/busy and calendar sharing and so on). The MRS is resonsible for moving the mailboxes, yes..however, it needs an AD object to move the mailbox onto.
So my question is stil, how wil you get the AD objects synced to the second forest from O365? In my opinion you can't. So that means you can't offboard like this. At least, that is my theory. I haven't tried it yet either. :)
- Editat de SandorV 10 august 2012 05:44
-
10 august 2012 20:46 Sorry if I was unclear. The federation is not required for moving the mailbox, but keeping free/busy, etc. continuous through the move process.
http://insecurityinc.info
- Propus ca răspuns de Daniel Trautman 10 august 2012 20:46
-
11 august 2012 06:25
I just explained that, yes. The question was how you would get AD objects syned from O365 to On-Prem.
-
11 august 2012 06:45
@Hodgy0_2
What you _can_ do is migrate your on-prem to another forest and hook that forest up to O365 again. So you have forest 1 connected to O365. You migrate users from forest 1 to forest 2 and then reconnect forest 2 to O365. This can be done; look here: http://jasperkraak.wordpress.com/2011/06/26/re-connecting-a-new-active-directory-to-an-existing-office365-environment/?
You must realise that for that scenario you need to ADMT users from forest 1 to forest 2. So you are already migrating here.
What you can't do is (and this is what I believe you are asking) move a user from forest 1 to O365 to forest 2 where O365 would be a stepping stone.
The bottomline is, you need to have on-prem users before you connect to O365. You can't offboard to an empty forest as suggested in this thread. That would mean that DirSync needs to create objects in your forest (and that is not possible).
.png)
