How to Migrate to Office 365 Exchange Online
What is Exchange Online
Exchange Online is a hosted email service from Microsoft. It is Microsoft Exchange on Microsoft's Azure cloud platform.
You connect to Exchange Online via Microsoft Outlook, a web browser or any other POP3 or MAPI compatible applications.
Exchange Online can be purchased as a service by itself or it can be purchased as part of the Office 365 suite.
Preparing Your On-premise Active Directory for Migration
Before the migration takes place, the on-premise Active Directory needs to be cleaned up.
Your external domain name that is used for your external e-mail addresses needs to be added as a User Principle Name (UPN) suffix in your active directory. If you had installed active directory under a domain name of somename.local, then your default UPN suffix is somename.local. You should add the FQDN of your external domain name as a UPN suffx.
To add an additional UPN suffix to the forest :
- Go to Active Directory Domains and Trusts.
- Right-click Active Directory Domains and Trusts -> Properties.
- On the UPN Suffixes tab, type the new user principal name (UPN) suffix, and click Add.
(NOTE: Add as many UPN suffixes as required since you may have some office in other countries which share the same active directory forest but may have a different domain name for their e-mails e.g. in the US office, you may have email@example.com, and in the UK, you might have firstname.lastname@example.org . )
Once the new UPN suffix or suffixes have been added, use the Active Directory Users and Computers management console to change the properties of each user account to have the appropriate UPN suffix. Most of the time, the UPN login name is identical to the e-mail address of the user and this makes it less confusing. If not, the user just needs to remember that when they log in to their Exchange Online account, they need to be using their UPN login account and NOT their e-mail address.
Take this opportunity to give your Active Directory a nice clean out, especially with user accounts.
Preparing the On-Premise Exchange Server to be Migrated
Microsoft Office 365 offers three ways to migrate your on-premise Exchange to the Exchange Online version. One is a cut-over migration, the second is the staged migration and the third is a clean slate i.e. start off clean on Microsoft Office 365, but you can always export the on-premise mailboxes as PST files and attach it to your Microsoft Outlook profile. You can either leave the e-mails in the PST files or copy it to the Exchange Online server.
We will be looking at the staged migration. It makes sense because then you can move a handful of users at a time, and make sure everything works before migrating the rest of the mailboxes.
Enabling RPC over HTTP on the server running Exchange
Because we have chosen Exchange 2003 as an example of migrating to Office 365/Exchange Online, the OS that usually Exchange 2003 would be running on would be Windows Server 2003.
To enable RPC over HTTP, on the Exchange 2003 server, go into Control Panel -> Add or Remove Programs .
Select Add/Remove Windows Components and the Windows Components Wizard comes up.
Scroll down and highlight Networking Services . Click the Details button and the Networking Services window comes up.
Tick the RPC over HTTP Proxy option and hit OK. Hit Next .
Enabling RPC over HTTP on Exchange 2003
Use Exchange System Manager and enable RPC over HTTP back-end server. If you have only one Exchange server i.e. no front end server, it is okay to enable RPC over HTTP on this server.
Configuring the RPC Proxy Server to Use Specified Ports for RPC over HTTP
Follow this Technet article to configure the RPC Proxy Server to use specific ports for RPC over HTTP.
Just follow the Before You Begin section and the Procedure section in the following link.
Install a valid SSL Certificate
A valid SSL Certificate for the domain name or external FQDN of the Exchange server needs to be purchased and installed. This is done by generating a CSR and then using that to generate the SSL certificate from certification authorities such as Comodo and Verisign.
Add a Port Forwarding Rule in Your Firewall
On your firewall, allow and port forward TCP Ports 443 and 6002 to the Exchange server.
This will allow RPC communication to take place to your Exchange server.
Verifying RPC over HTTP connectivity
You will need to verify that RPC over HTTP connectivity is working before staged migration can be setup in the Exchange Online/Office 365 admin portal.
To verify connectivity, go to the following web site:
Select the Office 365 tab,
And select the Outlook Connectivity option and enter the appropriate details in the fields to test for connectivity.
While theoretically you shouldn't be getting any errors if you have set up the registries and port forwarding properly, I have found that where I still seem to get an error for the "Testing HTTP Authentication Methods", I was still able to successfully perform the migration.
So if it looks like everything is set up correctly but you are still getting an error on the above, proceed through the next steps anyway.
Signing into the Office 365 Portal
Go to the Portal :
Log in using your Global Administrator account. This is usually the account you have setup when you first signed up to Exchange Online/Office 365.
Adding Your Domain Name to Office 365
We now need to add your mail domain name to the Office 365/Exchange Online portal so it can recognise the e-mail address domain name.
Once you are logged into the Portal, go to the Office 365 Admin Center, Click Domains, and the page corresponding to the domains management will come up. Click on Add Domain.
You need to go to your domain registrar's portal so you can add a TXT record with the information as listed in Office 365. This is one way that Office 365/Exchange Online can verify that you are the owner of the entered domain name.
Update DNS Records to work with Office 365/Exchange Online
Office 365 will prompt you if you want it to add DNS records for your domain. It's possible with some domain registrars that you can get Office 365 to make the necessary changes for you. However, it's better we control it ourselves an we should select "No" to the option.
Office 365 will give you information on what DNS records you need to add or modify.
Add/Edit everything EXCEPT for the MX record. This will need to be done last once all mailboxes have successfully been migrated.
You can ignore the errors to do with the MX record because we have chosen not to change it yet.
Install the Directory Sync Tool
We are now ready to start SYNCING the on-premise Active Directory accounts to the Office 365/Exchange Online environment and then migrating the mailboxes across.
To sync the on-premise Active Directory accounts to Office 365/Exchange online, you need to install DirSync on a member server that is part of the on-premise domain.
A page describing the Tool and a link to the download is here :
Once this is installed and configured, the active directory user accounts will start syncing to Office 365/Exchange Online. You can log in to the Office 365 portal and navigate to the active Users section (on the Office 365 Admin Center screen) to view the list of users that have now been synced across.
Syncing the Mailboxes and then Assigning the Licenses
Create a CSV file containing the e-mail address of the users to be migrated.
The file needs to be one column listing the e-mail addresses and it needs to have a header :
Create an Migration Endpoint
In the Office 365 portal, go to the Admin Exchange page . Under the recipients section, select migration .
Click on the "..." link and select Migration Endpoints .
Creating a Migration Batch
Now that we have created the Migration Endpoint, we will create the Migration Batch which will consist of uploading the CSV file we created above and selecting the Migration Endpoint which we've just created.
Verifying the User has Synced
In the Office 365 Portal, if you go to the Active Users and search or browse for the mailboxes that you have put in the CSV file, you should be able to see it in the list.
Assuming that you have added Office 365/Exchange Online licenses to your portal, you will now need to highlight the user, and from the right hand pane, select to assign the user a license. If the user does not have a license, you cannot access the mailbox.
This is the easiest part if you have already setup the DNS records for autodiscover to point to Office 365/Exchange online.
Just open up Outlook and create a new e-mail profile. It will use auto discover to detect the mailserver settings, and it will prompt for a username and password to the mailbox. Enter the user's full UPN login details (i.e. email@example.com) and password.
NOTE: If you haven't re-configured Outlook to talk to Office 365/Exchange Online, it will still point to the on-premise Exchange. It will look as though no e-mails have come in for your mailbox since the migration/syncing took place. You MUST re-configure your Outlook to point to Office 365/Exchange Online to be able to see all the new e-mails (and the old ones).
Change MX Record to Point to Exchange Online
Once all mailboxes have been migrated across, it is now time to change the MX record to point directly to Office 365/Exchange online. Currently e-mail is entering the organisation via the on-premise Exchange server. The migration batch created above continually syncs all new e-mails to Exchange Online.
Once you change the MX record to point to Office 365/Exchange Online, then the e-mail points directly to Office 365. Technically speaking, it looks to be going through Microsoft's mail filter first. You can see by looking at the CNAME that you need to point your MX record to.
The above are the basic skeleton of how to migrate an on-premise Exchange to Exchange Online/Office 365. No doubt each organisation will have challenges of their own but at least if you start with a framework, it will be able to be done easier. I didn't have a framework to work off. I had to consult numerous articles, and the Microsoft "contextual" help as you go through the Office 365 portal was very confusing.
Anyway, I hope this article could at least guide you in the right direction.