Exchange On-Premise to Office 365 Hybrid | Mailbox Migration Exchange Online | Step by Step Guide

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Applause] [Music] hello and welcome everyone so this video will cover a complete step-by-step guide showing a migration from exchange on premise to office 365 using a hybrid migration so hybrid can be great for organizations that want to have some mailboxes on-premise and some in the cloud with the freedom to move mailboxes back and forth as required with an option of a full migration of mailboxes to office 365 as the end goal in this scenario it offers a low risk and a planned approach which is seamless to end users so hybrid configurations are available for exchange organizations that contain at least one exchange 2010 sp free or later server in this scenario we will be running two exchange servers as you can see there in the diagram uh one 1 2013 and the other 2016 uh with our domain cloud inspired dot co dot uk so we will install the hybrid connector on the exchange 2016 server as a prerequisite in this configuration hybrid configurations require directory synchronization so we need to sync from on-premise active directory using ad connect to azure ad as shown there in the diagram so in this demo we will use our ad connect with password synchronization and single sign-on so before we get started please subscribe to my channel to be notified of weekly up and coming videos covering cloud technical and certification guides i'll give you a moment to do this now and then we can take a look at the full contents of what's actually covered within this video thank you okay so this video will cover the following so ad connect configuration for password and account synchronization domain name set up in office 365 and what we need to do to get started in that area we will set up some microsoft e3 trial licenses and sign up to those we will take a look at preparation for the hybrid install and the current on premise exchange configuration and what needs to be done to the virtual directories our certificate requirements um current mx record setup for our on-premise exchange we'll look at testing connectivity ready for the hybrid install and then perform the step-by-step installation so after the install we will see what the hybrid install is actually changed in our office 365 and on-premise config and then we will test mail flow internally into the cloud to see what is working and what is not and then resolve any issues that we found we also change mx records completely for office 365 and then finally with all the testing we have done we can then migrate a mailbox on-premise to the cloud successfully [Music] so first of all let's take a look at part of the ad connect configuration with regards to password hash and exchange hybrid deployment so we have ticked password hash synchronization and single sign-on here so single sign-on automatically sign users in when they're on their corporate devices connected to your corporate network so when enabled basically users don't need to type in their passwords to sign into azure id or office 365 and usually even type in their their username so this feature provides your users with easy access to your cloud-based applications without needing any additional on-premise components so password hash synchronization synchronizes a hash of the user's password from an on-premise d to azure id so this enables us to sign in to azure ad services log office 365 i'm using our full domain upn and password in this case username at cloudinspire.co.uk we also take exchange hybrid deployment here with an ad connect so this feature allows for the coexistence of exchange mailboxes both on premise and in office 365 so as always the connect is synchronizing a specific set of attributes from azure id back into your on-premise directory for example details on mailbox moves and being written back to the on-premise directory and other exchange attributes so we don't cover the foreign store of ad connect here only the config we'll be using to sync um for office 365 so if you need information how to fully install and configure the connect within your domain there's a video in this channel links are below in the description to cover that [Music] so we need to set up our domain in office 365. so as you can see this has been verified as part of the full ad connect install as i said before it's covered in a separate video links below so if you don't if you haven't reached that part yet with your domains being verified on azure and the whole led connect piece then please check out the video in the description so let's go to admin dot microsoft.com the office 365 portal to set up our domain so on the left if we go to setup domains and then if we confirm and then we can just add our domain that's already been verified here and it's as easy as that so basically our dot co dot uk domain is verified our cloud inspired.com domain we won't be using during this configuration so it's not verified yet [Music] so to enable our cloud users we will need a license so in this case we will use a trial license of microsoft e3 so to avoid any confusion microsoft recently renamed their licensing name some office to microsoft therefore what was office e3 is now microsoft e3 so this is how we set it up for a trial so go to the microsoft e3 url links are in the description for your convenience then we'll need to click the trial and we're logged in with our global admin user and azure so we enter our phone number and go through the process to complete so we have a look in the office 365 portal under active users we can see that our cloud admin account that we set the trial up with us all uh got a license automatically assigned we can assign further licenses by going into each user and then just ticking the the office 365 tech box we can also go over to licensing in the azure portal and see what's available and licenses used etc so normally to set this up correctly we would create an ad group on premise and let this sync back up to azure so then we would add that group in here so that would give us the ability to just add users to that group and they'll be automatically get assigned a microsoft e3 license we can now log into our cloud mailbox now it's licensed we can download our office applications if we like to our devices or we can access our applications such as outlook or word directly online through the portal [Music] so let's take a look at our current on-premise exchange configuration so if we log into the exchange admin center and then if we click mail flow on the left and then the send connector up in the top right so we can see we have a working send connector that allows us to send mail that's handled and associated with the recipient domain by the domain registrar via the mx record we also have our receive connector allowing incoming mail on port 25 and we have our accepted domain cloudinspired.co.uk so mail is flowing successfully internally and externally through these connectors [Music] so it's important that we configure our on-premise virtual directories before we carry out the hybrid installation as these rely on a successful um install so i've run some powershell here to list the directories that are configured for internal and external usage to match our certificate namespace shown later on for the ews virtual directory it's important that this has an external namespace configured on our exchange exch o2 server as this will be used by the mailbox replication service when it's installed on that server also the proxy endpoint needs to be ticked on the ews virtual directory as it's used for cross forest mailbox moves and remote move migrations between your on-prem exchange organization and office 365 also basic authentication is ticked in this configuration so migration endpoint communications must happen securely over ssl so therefore when choosing the external endpoint in the ews directory you must make sure that the valid certificate is used on the exchange server the host name must be covered in this case mail.cloudinspired.co.uk [Music] hybrid male flow is configured to use transport layer security tls by default so this is uh to stop any security compromise and between on premise and office 365 therefore a valid certificate issued by a trusted public certificate authority must be purchased and installed so you can't just use a the default self-signed certificate installed um in exchange um the subject name or the subject alternative name on the certificate used to negotiate tls must match the fully qualified domain name used to connect to the remote server so in this case it's mail.cloudinspired.co.uk which is configured for https smtp and imap [Music] here we can see the mx record in our domain register the mx record specifies the mouse server responsible for accepting email messages on behalf of a domain name so it's a resource record within dns in this case an email for cloudinspire.co.uk is received and handled by our on-premise exchange server through the public address issued here [Music] the hybrid agent is built on the same technology as your application proxy so this makes life a little easier as it removes some requirements for external dns entry certificate updates and inbound network uh connections through your firewall to enable exchange hybrid features ports required for the agent are outbound 443 and 80 they must be open between the server that has the hybrid agent installed and the internet ports 443 5985 5986 must be open between the server that has the hybrid agent installed and the exchange client access server that's selected in the hybrid configuration wizard all client access servers must also be able to reach outbound uh to microsoft 365 office 365 endpoints via https um port443 can also verify connectivity um so if you can download um the script um in the description and then run this so that will verify the connectivity we'll do this now okay and then that will come back with any issues with connectivity as you can see in this instance we need to enable tls to continue with the hybrid installation [Music] okay so we're now at the point where we can actually install the hybrid connection wizard so if we go into the exchange admin center go to hybrid click on modify under setup and then we can log in with our cloud account in this case is going to be cloud admin at cloudinspire.co.uk which is a global admin okay if we click configure and then click install and then wait for that to download okay now if we click run and this will now launch the hybrid wizard so if we click next and it detects the optimal exchange server to install the wizard on so in this case it's exchange a2 so we have very very options we'll go with a default click next okay we need to sign in with our exchange online account which is cloud admin at cloudinspired.co.uk if we enter our password okay if we now click next so we'll now go away and gather all the config information is required so in this demo we're gonna go for the full hybrid configuration let me click next and we will choose the modern hybrids topology which is the latest and then we'll type our on-premise account for our administrator type the password click ok click next and then it goes away and installs the hybrid agent and then once that's validated click next and then we're going to go for the typical installation the first option because we're using client access and mailbox servers if we're using edge transport would choose a second option and then we're going to use exchange o2 for the receive and then exchange a1 for the send connector and we'll choose our default transport certificate so the fqdm here is mail.cloudinspired.co.uk and then we click next and then update ready for the configuration and installation [Music] so let's now check out what's actually changed after the hybrid install so if we go to exchange from the admin center and now if we click on mail flow and go to connectors we can see two new connectors have been installed here so this first connector is a connector from on-prem s2 office 365 and we can see our name space we have here and if we take a look at the second connectors this is a connector from office 365 back to on premise and here we specify which domains can use this connector and this is where we specified tls is used together with the sound names within the certificate and then we have our accepted authoritative domains issued here also [Music] so here we're now going to test some mail flow to see if it's all working so if we go to the first connector we can actually test to see whether we've got mail flowing from office 365 back to our on-premise exchange service so if we just go through this wizard and at the end we've got a validation tool here so if we click the plus sign and we can add in our email address so in this case it's mailbox01 at cloud inspired dot co dot uk which is a mailbox on premise and now we can validate whether we can send an email so as we can see we've actually got a failure here and the failure is we can't connect to our remote server from office 365 so if we go back to the wizard again and we might need to change something on the the connector so if we look at here and click next so if we untick that box and then just use a sign certificate instead and now we can redo the test okay so if we type our mailbox address again click ok now i attempt to send that mail again for my 365 to our on-premise mailbox and now we've got a succeeded message which we could confirm now as senator if we go to our on-premise mailbox we can see that there's a message in there as well and then we can also connect to the the cloud admin mailbox um within the cloud within office 365 and then we can send a message to on-premise so that's working that way if we test back so if we do a replay on that message from on-premise to a365 we actually get a problem and the message we get is dns records for this domain they're configured in the loop and this also gives us the same message if we try and send externally from say a hotmail or gmail account to our cloud mailbox as well so in summary who have issues with the following area of messages bouncing this happens when we send emails to office 365 and mailbox so from on-premise mailbox one um and also from an external email address as well so this can be resolved by configuring the mx records for office 365 and your domain register and then removing the existing mx records the point internally we'll actually cover that in the next steps if you didn't want to go down number one route just now we can configure number two which is a smart host on your smtp outbound connector instead of being looped backed through the co and mx records and then three which we're not going to cover today but we can provision additional services with the hub transport role and then we can configure the option to keep one set of hub transport servers for receiving mail and another set of hub transport servers for sending mail so let's quickly cover option two here now so if we go to our smtp connector our send connector and we can see we can issue a smart host on the sntp outbound connector instead of looping back through the current mx records [Music] so we're going to go for the option one here so the mx record can be changed at any time after the hybrid configuration installation so some companies choose to change the mx record in a hybrid migration and straight away this can be beneficial so that we can use and utilize the exchange online protection so exchange online protection is a hosted email security service basically it's owned by microsoft it filters spam and remove removes computer viruses from email messages so the service does not require client software installation but is activated by changing each customer's mx records some companies may also change choose to to change their mx record later in the project where most all the mailboxes have been migrated over to office 365 so this is entirely your choice and based upon your requirements and configuration so here's how to change the mx records for office 365 so with the in the exchange admin portal if we go to domains we can see our domain if we go to dns we can see our records here have got a red mark basically against them because they're not being populated within our domain register yet so this is the dns records before for on-premise configuration and these are the dns records now configured for office 365. so if we go back to office 365 and click refresh we should see now these all turn green to say that they're configured correctly within dns so now we're ready to move a mailbox from uh on-premise to office 365. so we have an exchange admin center if we go to migration click the plus sign migrate to exchange online we click the plus sign again and we can choose our mailbox that we wish to migrate so in this case it's mailbox01 now if we choose our migration endpoint now this part is also populated with our ews directory that we configured earlier with the proxy endpoint so if we type our batch name and then if we click next and finish we can now connect to exchange online via powershell if we type our credentials and then we can connect okay and then we can run a command called move request um just to check to see whether the mailbox has now been synced and that has been synced so if we look in exchange admin center we can see that's a user right now so if we click refresh we can see that's changed to office 365 so that's now confirmed that mailbox has been migrated and that hosted within office 365. also we can connect using single sign-on using outlook to our new mailbox within the cloud so thank you very much for watching the video please subscribe to the channel to receive updates on new videos posted weekly all the very best take care and see you in the next video bye for now [Music]

Info

Channel: Cloud Inspired

Views: 97,029

Rating: undefined out of 5

Keywords: exchange, migration, mailbox, office 365, exchange online, on-premise, hybrid, connection, wizard, domain, licenses, e3, e5, trial, mx, certificates

Id: msPKY9Lx4H8

Channel Id: undefined

Length: 25min 22sec (1522 seconds)

Published: Wed Sep 02 2020