I have O365 subscription for a company north.com. There is Hybrid deployment and SSO enabled. On premises is deployed Exchange 2003 and 2007 Exchange infrastructure, and Exchange 2010 Hybrid server.
Part of company restructure procedure, some of users will logically be split between two companies , they will exist in same Active Directory, there emails will be change to south.com and UPN suffix , will be later change to south.com, before we start migrating them to cloud. Users do have Lync online license. Users that will belong to south.com, do not have O365 mailboxes, and are hosted on-premises.
At the end of the migration, ALL mailboxes that belongs to south.com users will be hosted in O365.
Step 1: Basic Admin steps for users that are going to be migrated to new O365 subscription south.com:
- Remove Lync O365 license.
- Modified DirSync so that is not syncing users that will belong to south.com.
- Manually delete dose users from O365 tenant for north.com "removing those users from syncing with DirSync will not happened automatically"
- Set new UPN "south.com" for those users that will belong to South.com Company.
- Change E-mail policies, so that those users get primary e-mail address @south.com.
- Create mail users, from south.com, that have e-mail address of @north.com, so that email address sanded to old but original email address @north.com, will be redirected to new email @south.com.
- Modified DirSync so that will encompass newly created mail user object, and that mail from users that are hosted in O365 north.com subscription will be routed to on premises users.
- Domain south.com, is removed from O365 north.com subscription. SSO was setup for UPN with north.com, so no modification is necessary on ADFS farm.
- MX record for south.com domain should point to on premises Exchange organization.
Results of Step 1 :
- Users are logically spited between to organizations.
- Lync is not operational for users that belongs to @south.com. Although Lync license could be assigned to mail users in O365, but for time being not recommended, simply because it will take or could take a day that license users are operational…
- No SSO is operational for @south.com
- Distribution group membership in not changed. Although Dynamic distribution group membership filters, should be verified.
- Mail flow will not be effected..
Step 2 : Activated O365 subscription for south.com domain.
- Add south.com domain
- MX record will point to on-premise Exchange organization
- Auto discover record in Public & private DNS zone for domain south.com, will point to On-premises Exchange 2007 sever.
- Configure Outlook Anywhere.
- Optional all south.com mailboxes that are hosted on Exchange 2003 server, should now be hosted on Exchange 2007 server.
- It might be recommended that temporary all south.com mailboxes are hosted on separate Exchange 2007 / 2010 server, to which public Autodiscover migration point will point to.
- Assign permission for users, who is going to migrate users in migration process.
Results of Step 2 :
- South.com domain will be verified
- Mail flow will not be affected (internal and external).
- Administrative account, which will migrate users, have FullAccess and Receive As permission for those mailboxes..
- Users are moved to Exchange 2010 system, which will be use for cutover migration (supported by Exchange Server 2003 and later versions).
Step 3 : Start migrating south.com users to O365 - cutover migration
- Start "Phased cutover" migration batch for all south.com users.
- Assigned Exchange license for south.com users in O365.
- Assigned Lync license for south.com users in O365.
- Assigned temporary password for all =365 users.
Step 3 : Post migration steps :
- Point Autodiscover record to cloud
- MX record will be pointed to on-premises system, because email send from outside organization and addressed to old user email that start with north.com must be delivered to new email that start with south.com
- Complete cutover migration.
Results of Step 3 :
- Users of south.com, are now hosted in O365.
- No mailboxes for south.com users are hosted on-premises
- Distribution group membership is ????
- User can access Lync.
- Mail flow is not affected.
- Users do not have SSO experience
Step 4 : Enrich experience
- Install DirSync server for password sync
- Implement Exchange Federation O365
- Implement Lync Federation O365
Results of Step 4 :
- Users have same User name and Password, when accessing O365.
- All users ( north.com & south.com) see address lists, experience is the same as it was before
- All users have ( north.com & south.com) Lync experience as it was before the split.
Question that I have is :
- How to manage distribution groups, which do not have control in migration process, but can do post fixup.
- Would be better to implement stage migration.
- If I miss something, do point out
Thank you for any pointers.