- Exchange Cutover Migration
- Exchange Staged Migration
- Hybrid Exchange Deployment
- IMAP-based Email Migrations
Staged migrations also require additional infrastructure be deployed on premises. The Microsoft Online Services Directory Synchronisation tool (also known as Forefront Identity Manager or DirSync) needs to be deployed on-premises on a server which is not running as an Active Directory domain controller. This tool ensures that all recipient objects on premises are synchronised to Office 365 to ensure the Global Address List is fully populated both on-premises and in the Office 365 cloud. This allows users both on-premises and in the cloud to view the entire global address list - a process which is often referred to in online documentation as GALSync. It is also important to note that Office 365 tenants must have an M or an E type licensing plan available in their Office 365 subscription in order to use the Microsoft Online Services Directory Synchronisation tool.
Exchange staged migrations also work by the Office 365 servers connecting the on-premises Exchange servers through RPC over HTTPS (also known as Outlook Anywhere) and downloading all mailboxes into Office 365. As a result the on-premises Exchange environment must be configured with Outlook Anywhere and a valid digital certificate for the migration process.
Unlike cutover migrations however, staged migrations do not support incremental synchronisation of mailbox information. This is because in a sense, staged migrations do not need incremental synchronisation to due to simple coexistence. When the Office 365 migration wizard starts migration on a selected batch of on-premises users, the wizard automatically configures the TargetAddress property of the user’s on-premises mailbox using administrative credentials of an on-premises administrator supplied to Office 365 to an Office 365 specific email address. This ensures for every email the on-premises mailbox receives, the on-premises Exchange server also forward a copy of the email onto Office 365. This process is shown in the following diagram.
- The Microsoft Online Services Directory Synchronisation tool (also known as Forefront Identity Manager or DirSync)
- Active Directory Federation Services (ADFS)
- At least one Exchange 2010/2013 server on the on-premises Exchange environment
The Active Directory Federation Services (ADFS) server is a mission critical server in hybrid configurations and as a result it is often recommended clustering be implemented through Microsoft Network Load Balancing (NLB) or a third party load balancer technology. When Office 365 is configured in a hybrid deployment with an on-premises environment, the "source of authority" is configured to point to the on-premises Active Directory environment. What this means is all authentication requests for user which happens within a tenants Office 365 environment is sent back to the on-premises environment through ADFS to authenticate against an on-premises domain controller. In the event the on-premises ADFS deployment become unavailable, users will not be able to authenticate with Office 365.
The Exchange 2010 / 2013 server is required to setup a federation trust between the on-premises Exchange organization and Microsoft Federation Gateway. This is what enables the rich co-existence to occur between the on-premises Exchange environment and Office 365 to allow features such as free/busy and delegation to work between the two environments.
A hybrid configuration between Office 365 and an on-premises Exchange environment is the best approach for organisations who wish to setup rich co-existence and migrate users slowly in controlled batches. Unlike other migration methods such as cutover or staged, hybrid configurations do not require users to obtain a new password. Through the use of ADFS they can continue using their on-premises username and password for logging in and accessing cloud resources a process known as single sign-on.
Another advantage of performing a hybrid migration to Office 365 is users do not need to recreate their Outlook profile, a major disadvantage of cutover and staged migrations. This means users do not need to re-re-download the entire Outlook OST file or “cached exchange mode” cache.
Think of a hybrid configuration as making your on-premises Exchange and Office 365 environment one and the same. Some organisations setup a hybrid configuration for other purposes other than just migration to Office 365. For example, if you want to put a user’s secondary archive mailbox in the cloud a hybrid configuration is needed. Hybrid configuration also allows you to migrate users through mailbox moves from the cloud back to an on-premises environment providing the utmost flexibility.
IMAP-based Email Migrations
An Office 365 IMAP migration provides the ability to migrate an IMAP based mailboxes to Office 365 in which Office 365 downloads the user’s mailbox by connecting to the IMAP server. IMAP migrations are intended to provide a migration path for non-Microsoft email systems to Office 365.
An IMAP migration works by creating a CSV file with all the account names and passwords for each of the IMAP users which are to be migrated to Office 365. This process means administrators need to gather each user’s password to their IMAP mailbox and manually input the password into the CSV file. This CSV file is uploaded to Office 365 in the web interface. Office 365 will then connect to each mailbox and download all email for each user into Office 365.
As with cutover migrations, Office 365 is able to perform incremental syncs every 24 hours for IMAP mailboxes to ensure any new emails which arrive on-premises are also synchronised to the cloud.
When all users have been migrated to Office 365, administrators simply need to cut over the MX records for any domain names associated with the mailboxes and distribute the new Office 365 username and passwords to the end users.
I still need help!
In the event you need assistance with planning or performing your Office 365 email migration, I am more then happy to assist. Please get in contact with me by emailing me on firstname.lastname@example.org or leave a comment below.
I hope this blog post has been helpful.