FAQ: Office 365 Exchange Online Hybrid MigrationsAlex Fields
I think I get more traffic and questions about this topic than just about any other. A lot of people send in comments or contact requests asking about things that I know I have already written about. But, apparently I haven’t done a good job of capturing this information in one single place yet.
This post is designed like an “FAQ” and is meant to remedy the situation. I.e.: I should be able to send people here from now on if I get these types of questions, and I won’t have to type out individual responses to everyone. Also I can update it if someone asks a question I have previously not answered.
- Q: What is a hybrid migration?
A: Hybrid means that your local Exchange server is in a special relationship with Exchange Online, whereby you are able to seamlessly migrate mailboxes between environments almost as though you were moving to another on-premises server, with a similar end-user experience. You can have some mailboxes on-premises, and some in the cloud, and maintain certain functions such as mail-flow, free busy info, etc. in the process.
- Q: Is hybrid better than cut-over or staged migration?
A: It is not necessarily “better.” The main benefit of hybrid over the other methods is that you don’t have to reconfigure Outlook clients when you complete the mailbox move. Clients are instead prompted to close and reopen Outlook–similar to migrating into a new on-premises Exchange 2016 server, for example. Note: you still have to reconfigure mobile devices manually, or send self-service instruction to the users.
- Q: When is hybrid my only or best option?
A: If maintaining a single password for on-prem AD & Exchange Online sounds appealing, or keeping that new user provisioning process on-prem is important to you for management purposes, then chances are you’ll be looking at hybrid anyway. However, know that you are not necessarily locked in–you do have two options:
1) Use Directory Synchronization with Azure AD Connect & a hybrid on-premises Exchange server, OR
2) Enable the Essentials experience role and configure Azure AD & Office 365 Online Services Integrations.
These are very different technologies and should not be used in conjunction.
- Q: What are the pre-requisites for an Exchange hybrid migration?
A: You need exactly five things to succeed with this migration:
1) On-premises accounts logon names/UPN suffixes should be set to match the primary SMTP email address. E.g. instead of email@example.com it should be firstname.lastname@example.org.
2) Obtain an Office 365 and Azure trial subscription in advance
3) You must then enable Directory Synchronization using Azure AD Connect (can be installed on a DC, Exchange hybrid server, or another member server of your choice–Windows Server 2012 R2 or newer recommended)
4) You need a full installation of Exchange 2010, 2013 or 2016 server in your environment (can be licensed for free with a qualifying 365 plan), with a valid UCC SSL certificate
5) And last, you will have to buy Exchange Online/Office 365 licensing of your choice
- Q: What versions of Exchange support hybrid migration?
A: You must have at least Exchange 2010 to migrate using hybrid, however you can add an Exchange 2013 server to a 2007 environment, for example, if you need a hybrid server to act as a bridge between a legacy system and 365. You do not need to migrate any services or data over to this server–it just needs to be available to make the hybrid connection.
- Q: What about migrating from hosted Exchange servers, or non-Exchange servers?
A: You cannot use hybrid to move from a non-Exchange source environment. In the case of hosted environments, you can always ask your provider if this is possible, but the answer is almost always no. Third party tools are often recommended in this case.
- Q: Can I do a hybrid migration from Small Business Server?
A: Yes, you can. I have done many such migrations. For SBS 2008 or 2011, I recommend adding a hybrid Exchange server (2013 or 2016) to facilitate the migration.
- Q: Isn’t hybrid “too complex” or have too many requirements for a small business coming from SBS?
A: Not in my opinion. And now there is an even more simplified approach called an “express” migration. Check out the details here. Otherwise, you can always attempt a simple cut-over, and help users to reconfigure their Outlook profiles after the cut.
- Q: Can I install a hybrid Exchange server onto a domain controller?
A: Yes, and I have done this before. It is technically supported, however Microsoft has made this statement.
- Q: Can I remove my hybrid Exchange server after the migration is done?
A: Yes, you can. However, you must also remove Directory Synchronization in that case. Reason being, Microsoft does not technically support another method for managing mailboxes when Directory Synchronization is enabled, although it is possible to do. Bottom line though, it isn’t supported. Another alternative: you can use the Essentials experience role instead of Azure AD Connect to manage mailboxes and sync passwords.
- Q: What if I previously migrated from a legacy Exchange system such as 2010 using the hybrid method, and now I want to do away with my legacy server? Do I still need an Exchange server?
A: Not necessarily, no. But again, removing the last Exchange server means retiring Directory Synchronization as well. You have two options: 1) Upgrade to an Exchange 2016 Hybrid Server or 2) Retire everything properly, and replace Directory Sync with the Essentials Experience Online Services integration. For what it’s worth, I typically recommend path #1. Unless it is a very small client with only an Essentials server.
- Q: Can I use hybrid to migrate mailboxes in reverse, from Exchange Online to Exchange On-premise?
A: Yes, you can. It is called “offboarding” and Steve Goodman has an excellent detailed series on this topic.
- Q: Can a hybrid migration be used to migrate mailboxes from one Office 365 tenant to another?
A: No. Because you can only have a vanity domain name associated with one tenant at a time, this is not possible. In fact, your best option in this case is to use a third party tool (preferred), or PST export/import.
- Q: What if I had already pre-staged or provisioned Office 365 and/or mailbox accounts in the cloud, but now I want to do a hybrid migration of on-premises mail items for these users instead. Will this still be possible?
A: Yes, but it depends. You may be better off going down a different migration path such as a third party tool in this case. Reason being, you cannot have mailboxes in both places–the Directory Synchronization will write the mailbox GUID into the cloud, but if this value already exists in the cloud there will be an error on these mailboxes and you will be unable to migrate.
The best way to accomplish the hybrid in this case would be to wipe out all the cloud accounts first and then re-create them from scratch using Directory Synchronization, or synchronize to a new tenancy. For a lot of folks, this is not possible, for example: they already have SharePoint, OneDrive, etc. populated for their users with live data.
We are having an exchange hybrid in place with office 365 tenant (Tenant A and use for Domain A). Now we need to migrate Domain B using hybrid scenario to different office 365 tenant (Tenant B and use for Domain B).
I would like to know if we can have this scenario supported with Exchange Hybrid.
Appreciated your feedback.
Not yet but it is on the roadmap: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=63991
Dear Mr. Alex
We have a customer requirement to migrate from Exchange 2016 to different tenants – different domains need to go to different tenants? Shall we do hybrid with one tenant and then migrate all the required domains to it and then remove the hybrid and then run it for another hybrid; continue like this?
I believe we require different certificates if we need to include multiple tenants in the same hybrid? Pleas advise.
You can only create a hybrid relationship with one tenant at a time, that is correct. You could do it in serial order, and you want to be mindful when you set up Azure AD Connect so that you only bring over the accounts that pertain to the right domain(s) that are associated in the respective tenants. Or just use third-party tools to move to each environment if you want to go simultaneously.