How to perform a Cutover Migration to Office 365Alex Fields
My preferred method for migrating Email to Office 365 is to use the Remote Move (aka “Hybrid”) method. If you are coming from SBS 2011 or Exchange 2010, then definitely go that route. If you are coming from older versions such as SBS 2008 or Exchange 2007, note that it is indeed possible to add a free hybrid server to complete the Remote Move migration.
Still, for various reasons, many people will end up choosing the cutover method, so I want to detail the process here. Finally, in case you run into issues setting it up, there is a fail-safe method you can use (export/import PST), which I will also share in this article. Here are the steps to complete a cutover migration:
- Prepare for the migration
- Migrate Exchange data
- Create a migration batch in Exchange Online OR
- Export Outlook data to .pst files
- Export other Outlook settings
- Finalize the migration batch & activate the mailboxes
- Complete your Office 365 Setup and cut-over DNS
- Changes to on-premises Active Directory and Exchange
- Add SMTP relay connector (if applicable)
- Create new Outlook profiles, import data & settings
- Reconfigure mobile devices
- Post-migration tasks
Step 1. Prepare for the migration
If you haven’t already, go ahead and sign up for an Office 365 account online and verify your domain. Also: so many pitfalls can be avoided by taking the following precautions:
- Have a good backup before making any changes–for Active Directory as well as Exchange
- Ensure your source server has the latest service packs / updates
- Run Best Practices Analyzers to identify potential issues with existing configuration
- Any users with more than 15-20 GB mail data should archive old items (e.g. prior to 1-2 years)
- Review the steps in advance and communicate the plan to stakeholders / end users
If you do these things first, you will avoid many issues and be able to recover in case of unforeseen problems.
Step 2. Migrate Exchange data
Two methods are discussed in this article, because some folks have trouble getting their migration batches working, and may need to fall back on the “manual” PST export/import procedure. I will discuss both in turn.
A. Create a Migration Batch Online
Now you are finally ready to begin moving mailbox data. First you need to create a migration endpoint. Go to the Exchange admin center in the Office 365 Admin portal. Navigate to recipients > migration and find the ellipse (see screenshot):
Step through the wizard to define your on-premises Exchange server as the migration endpoint. Pick Outlook Anywhere since this is a cutover migration.
After the endpoint is defined, choose the plus symbol and select Migrate to Exchange Online from the drop down.
Step through the rest of the wizard–you will need to provide the Internet address of your Exchange server as well as credentials for reading the mailbox data. Once you complete the wizard, data will begin to copy. You can return to this portal later on to watch the progress of your sync.
B. Export Outlook data to .pst files (optional)
In case you have issues connecting Exchange Online to your on-premises Exchange server, the fail-safe method I mentioned earlier is to export and import your email, contacts and calendars to an Outlook .pst file. The following article from Office support will help your users do just that, from various Outlook versions:
Note: You can use the .pst export/import method to migrate Public Folders also, if applicable.
C. Export other Outlook settings
Whether you use a migration batch, or do manual .pst export/import, Outlook rules and signatures are not included. Have the users export their rules, and back up their signatures and auto-complete lists. Do this in advance of the cut-over date, while the data is still moving.
Step 3. Finalize the migration batch & activate mailboxes
If you were able to use the cutover migration batch successfully, the status of your migration batch(es) will say “Synced”. In this state, the initial synchronization is completed, and deltas will continue to run every 24 hours. You can now cut over your DNS records at any time. Note, depending on when your batches finish and when you cutover mailboxes, there may be some “delayed” mail items, since there is a chance some new messages have been delivered on-premises. Over the next 24 hours, this should get all caught up, so just be sure to set expectations in advance.
Also, in case you haven’t activated your users’ licenses yet, return to the Office 365 Admin center, bulk-select your Users, and click Edit product licenses to apply the Office 365 / Exchange Online licensing. This will activate the cloud mailboxes.
Finally, if you are using the Windows Server Essentials Azure AD / Office 365 Online Integration services (instead of Azure AD Connect), you will want to click on each user in the Essentials Dashboard and Assign a Microsoft Cloud account (this will link the on-premises account to its counterpart in the cloud). Completing this action will force users to reset their passwords on next login, so that the new credentials can be synchronized to Office 365.
Step 4. Complete the Office 365 Setup and cut-over DNS
I usually complete steps 5-8 after hours, at the end of a work day, and set expectations that mail will be unavailable until the morning when we proceed to reconfigure Outlook profiles and mobile devices. However, tech-savvy users would be able to configure their own devices as soon as you are done cutting over DNS records.
As soon as you’ve finalized the migration batch, you are ready to complete the Office 365 setup process you started earlier by verifying your domain. Return to the Office 365 Admin center > Settings > Domains to complete your set up. You will be required to enter additional DNS records with your domain registrar / service provider.
Once you have added the records, mail will no longer be delivered to your on-premises Exchange server.
Note about DNS changes / Email delivery: After DNS cutover, it is possible an email or two could still delivered to the old server, but the “finalized” migration batch will sync deltas during the next 24 hours, which can cause a “delayed” email effect in the new mailboxes. This behavior should cease after DNS TTL has expired and the new record has propagated.
Step 5. Changes to on-premises Active Directory and Exchange
On-premises, there are some changes that need to be made at this time, also. First, DNS will need to be updated, but only if the zones for your Email domain names exist on-premises. Note that you only need to add the autodiscover records for the Email domains, and not for “.local” or “.lan” DNS zones. If you only have a “.local” DNS zone, and no zones for the Internet domain name that you use for Email, you can skip the on-premises DNS update.
A. Update DNS Records
Open the DNS management console on your Active Directory server. If you have existing (A) records for autodiscover, remove them first. Expand the DNS zone for your Email domain, and edit or add the CNAME record for autodiscover here: autodiscover.outlook.com.
You can verify it is working by clearing the DNS cache on the server and then pinging autodiscover.yourdomain.com. It should return a value for one of the Microsoft datacenters, such as nameast, namwest, namnorth, etc.
You can add the other DNS records if you choose to use Skype for Business, Intune, etc., but this one record alone would be sufficient for the purposes of Email migration to Office 365.
B. Changes to Exchange Server
Depending on which version of Exchange Server you are migrating from, you will have some different adjustments to make to ensure that clients no longer attempt to connect to the local server.
SBS 2008/2011 or Exchange 2007/2010
Open the Exchange Management Shell and type the following:
Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://autodiscover.outlook.com
And press Enter.
Next, to disable Outlook Anywhere, simply type the following into your Exchange Management Shell:
Disable-OutlookAnywhere –Server <ServerName>
And press Enter. You’re done.
SBS 2003 / Exchange 2003
Open the Exchange System Manager. Expand the tree to find your server, and right-click to open the Properties dialogue.
Navigate to the RPC-HTTP tab and select Not part of an Exchange managed RPC-HTTP topology.
Click OK–you’re done.
Step 6: Add SMTP relay connector (if applicable)
You might also want to add an SMTP relay connector to Office 365, if you were previously using your Exchange server to relay mail from on-premises LOB apps, or from scan-to-email devices, etc. Office 365 can provide a relay connector to replace this functionality.
1. From the Exchange Online admin portal, go to Exchange Admin Center > Mail flow > Connectors. Use the “plus” symbol to add a new connector, choose From: Your organization’s email server and To: Office 365. Step through the wizard, specifying the external IP address(es) of your organization under By verifying that the IP address… and clicking the “plus” symbol. You can leave default values in the rest of the wizard.
2. Ensure that your spf record in DNS includes spf.protection.outlook.com as well as ip4:<YourExternalIp>:
v=spf1 ip4:[ExternalIPAddress] include:spf.protection.outlook.com -all
3. Check that your firewall allows SMTP (25) outbound from the device(s) that require access to the connector.
4. On the device itself, you will need to change the SMTP or smarthost address from the internal Exchange server’s IP to the host of your MX record (e.g. companyinc-com.mail.protection.outlook.com). You can ping this address to obtain an IP if the device only accepts inputs of IP rather than hostnames.
Step 7. Create new Outlook profiles, import data & settings
A. Outlook clients
Users will now be required to setup a new Outlook profile and import the data & settings that were exported earlier. These Office support articles can help your users complete these tasks:
- Create an Outlook profile
- Outlook email setup
- Import email, contacts and calendars from an Outlook .pst file (if applicable)
- Import or Export a set of rules
- Copy email signatures to another computer
- Import Auto-Complete List
B. Public Folders (if applicable)
If you exported Public Folder data to PST, you will need to create a Public Folder mailbox in Exchange admin center first, before importing the data to Office 365. Go to Exchange admin center > public folders > public folder mailboxes.
Step 8. Reconfigure mobile devices
Users must also reconfigure mobile devices to use Office 365. In most cases, this just involves removing and then re-adding the Email account. Assuming you have autodiscover configured properly, this should be pretty straightforward.
If you have to enter manual settings, you would use outlook.office365.com for the server name, and re-enter the email address again if asked to provide a domain\username.
Step 9. Post-migration tasks
Now that you are done migrating Email to Office 365, you no longer need your on-premises Exchange server. See this post for how to remove Exchange 2007 or 2010 (written for SBS servers but works on non-SBS Exchange boxes also).
If you made it this far, congratulations on the migration! Don’t forget to keep improving–explore what else is new in Office 365. Maybe you will want to configure Mobile Device Management (MDM), Multi-factor authentication (MFA), or turn on Email encryption with Azure Rights Management (RMS). Or check out other add-on features such as Advanced Threat Protection (ATP) to help with emerging / zero day threats.
All of these technologies would have likely represented separate third-party products / investments in the past. Now you can leverage the Microsoft Cloud to easily & cost-effectively deliver them from one place to your end users. How about that?