We are a small company with offices in in Europe and the US with about 250 users. We currently have two Windows 2003 Native forests containing a domain each. We use BPOS for Exchange and IM but are being transitioned to Office 365 soon. We have no on-premise Exchange servers.
As part of a company rebrand we’re planning to do an AD inter-forest migration i.e. moving all users and resources from the European domain into the US domain, after we transition to Office 365. We’ll use ADMT for the AD migration.
Microsoft has a document called “Identity and Provisioning Service Description_Office 365 Dedicated Plans_October 2011” available at http://www.microsoft.com/download/en/details.aspx?id=18128
On page 38 there’s a section titled "Automatic Service Reconnection After User Domain Moves" where it states: With minimal pre-work, customers can automatically reconnect a user to their Exchange Online mailbox, BlackBerry services, SharePoint Online sites, Lync Online profile, or other provisioned service after the user is moved to another forest.
Since last October I have been trying to find out what this minimal pre-work is with various MS Support trouble tickets; no one seems to know, so far.
I’ve decided to look for my own solutions. I’ve come up with two but I’m not sure how feasible they are.
- 1. Export/Import PST.
a. User backs up mail to PST.
b. Delete user from Office 365
c. Migrate user to US domain
d. Enable the new account in Office 365
e. Import PST and sync it up the cloud
- 2. Follow instructions from http://jasperkraak.wordpress.com/2011/06/26/re-connecting-a-new-active-directory-to-an-existing-office365-environment/
what a pain... isn't it?
We have a solution, thus unsupported by Office 365 teams but adopted by other customers who were in the same scenario.
We have a product called CloudAnywhere that synchronizes Active Directory objects (users, groups, contacts, organizational units, passwords) with every SAAS providers including Office 365. Our reconciliation key is whatever you want, for example the user email stored in an attribute.
After your AD migration, you just have to sync your AD with CloudAnywhere instead of dirsync.
It takes half of a day to install and setup...
Once again, if this is important for you, I warn you that it is not supported by Microsoft:
- Microsoft supports to not use Dirsync at all.
- Microsoft provides powershell apis to manage users in Office 365 and supports to manage accounts through powershell.
But Microsoft does not support the solution consisting in reading an Active Directory, checking changes and writing changes periodically using powershell calls :-).
I'm replying to you because you're in the FIM 2010 forum and CloudAnywhere can work with it and extend it to provision SAAS applications like Office 365, Google Apps, SalesForce, RunMyprocess, e-learning platforms, storage platforms etc...