account forest hybrid migrations - meetupfiles.meetup.com/16201662/o365ug - december 2016 - exchange...
TRANSCRIPT
![Page 1: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/1.jpg)
Exchange Resource\Account Forest Hybrid Migrations
Lessons learned from migrating complex Exchange resource\account forests to Exchange Online
Mohammad al Adham
![Page 2: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/2.jpg)
Typical Exchange Resource\Account Forest Scenario
2
![Page 3: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/3.jpg)
Solution Requirements
• Ability to move Linked Mailboxes
• Introduce a unified UPN for each forest:• Contoso.com
• Fabrikam.com
• Wingtip.com
• Rich coexistence must be maintained between mailboxes moved to Exchange Online and the offshore forest
• On-premise identities must be matched with Yammer identities
• Solution must accommodate for a changing identity landscape
![Page 4: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/4.jpg)
Ability to move Linked mailboxes
4
![Page 5: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/5.jpg)
Introduce a unified UPN for each forest
• Challenges with changing user UPN’s:
• Mobile Device Management solutions
• User certificates
• Corporate Applications
• Depending on the organization size, changing user
UPN’s can be done gradually
• AADC can accommodate for UPN changes as long as
we are not changing a federated UPN
5
![Page 6: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/6.jpg)
Identity Overview
6
![Page 7: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/7.jpg)
Maintain Rich Coexistence
• Natively provided in Exchange Hybrid 2010/2013/2016
• Single GAL and Free\Busy: requires synchronizing all
email objects to Azure AD
7
![Page 8: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/8.jpg)
On-premise identities must be matched with Yammer identities
8
![Page 9: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/9.jpg)
On-premise identities must be matched with Yammer identities
9
• The matching between on-premise accounts and
Yammer identities happen in this order:
1. Primary email address equals Yammer email login
2. Any email address equals Yammer email login
3. On-premise UPN equals Yammer login
![Page 10: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/10.jpg)
Changing Identity Landscape
• Choosing Source Anchor:
• Choose a unique Value (typically object GUID)
• Use a field in AD that isn’t used already (like
adminDisplayName)
• Copy that value to that AD Field
• This is used in hard matching users if recreated in a different
forest
10
![Page 11: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/11.jpg)
Overall Solution
11
![Page 12: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/12.jpg)
Gotchas
• Stage AADC and check the Metaverse for user matching
• The resource forest object MUST be disabled in order for the user matching to happen
• How will you deal with new users? Remote mailbox?
• Contacts between forests will cause synchronization issues
• Yammer Users needs to login to O365 to initiate the matching process so until this happens the Yammer account will remain separate
12
![Page 13: Account Forest Hybrid Migrations - Meetupfiles.meetup.com/16201662/O365UG - December 2016 - Exchange Mi… · Exchange Resource\Account Forest Hybrid Migrations Lessons learned from](https://reader033.vdocuments.us/reader033/viewer/2022051813/6031f4bab630d16faa0fd8a4/html5/thumbnails/13.jpg)
Moving organisations to the cloud