Forum Discussion

Marc Gehri's avatar
Marc Gehri
Copper Contributor
Jan 05, 2021

AD- and Exchaneg migration (Cross-forest / and Hybrid Resource Forest)

I am faced with the task of migrating our AD and Exchange environment. In doing so, I would like some guidance/advice from you guys on what the best migration path is.

 

Existing Environment:

  • Entire ActiveDirectory - and Exchange environment is hosted by a ServiceProvider in his Shared Environment (Multiple customers in the same ActiveDirectory and Exchange environment).
  • Azure AD Connect Server is in place to synchronize users and groups to our dedicated O365 tenant (PHS)
  • AD users with Exchange OnPrem mailboxes.

Target Environment:

  • Create new, dedicated ActiveDirectory forset.
    • Create a trust between the two forests.
    • For about 9 months, migrate only user objects. Then migrate remaining AD objects.
  • New Exchange environment in new forest (hybrid with Exchange Online).
  • Exchange mailboxes hosted in Office 365/Exchange Online.
  • Azure AD Connect Server in new forest to sync users and groups into our dedicated O365 tenant (PHS).

Now the question:

 

What would be the recommended way to migrate A: the AD user objects to the new forest and B: migrate the mailbox to Exchange Online?

 

I have thought about it as follows:

  1. create the new forest.
  2. create the forest trust.
  3. install and configure Exchange Hybrid in the new forest.
  4. migrate the users with ADMT including SID history.
  5. attach the mailbox from the source forest to the migrated user as a linked mailbox.
  6. reconfigure Azure AD Connect to allow synchronization of users from both forests (AAD Connect merges the two objects).
    or
    Install a new Azure AD Connect server in the new forest and configure it to synchronize users from both forests. (AAD Connect merges the two objects).
  7. migrate the emails to the Exchange environment of the new forest.
  8. migrate the mailboxes to Exchange Online.

 

What do you think?

2016
Exchange Server
hybrid
office 365

2 Replies

Sort By
  • saifs19802210's avatar
    saifs19802210
    Copper Contributor
    Feb 05, 2021
    Are you going to keep same UPN or change the UPN for all AD users after migrating to Forest C.
  • LIT-RS's avatar
    LIT-RS
    Copper Contributor
    Feb 01, 2021

    Marc Gehri Hey Marc how did you get on with this one? 

    I notice these questions get more of a response when posting on docs.microsoft.com forums as opposed to these techcommunity ones.

     

    I am interested to know how you got on with this though, as I am implementing something similar with one of my customers.

     

    I'm interested to know your thinking around migrating them to your local on-prem first and then into O365.. because I'm thinking that if you (will) have a trust in-place, then you could migrate them to O365 from the existing Exchange environment (set up Hybrid) and then you can use Set-MsolUser scripts to force the immurable ID of the MSOL User objects for them O365 mailboxes to use the on-prem AD account in your target environment that you have set up via AADConnect being the source of authority?

     

    Just thinking out loud with you.

     

    Thanks

    Ron. 

Resources