Forum Discussion

Deleted's avatar
Deleted
Aug 14, 2017

decommision resource forest and install Exchange 2016 in account domain with existing hybrid

Following situation at a customer: - Account and Resource forest - Office 365 tenant - Azure AD Connect  machine running in Account forest, syncing both directories - ADFS in Account forest - Ex...
2010
2016
exchange online
hybrid
Dominik Hoefling's avatar
Dominik Hoefling
MVP
Aug 14, 2017

Hi Olaf,

 

Based on my expierience doing a lot of account/resource forest migrations when hybrid is already in place: Do first the consolidation within your forests and then go hybrid to your tenant before moving any users to Exchange Online.

 

Another possible solution is to migrate all users to Exchange Online, decomissioning Exchange 2010 and configure Exchange 2016 for hybrid and offboard users if necessary.

 

The problem with already migrated users from Exchange 2010 to Office 365: you "must" normallly use Prepare-MoveRequest prior migration users to Exchange Online to create a MEU object in the new Exchange 2016 forest. It is not supported to write Exchange attributes with ADSIEDIT or other tools without using Exchange.

 

If you setup the Exchange 2016 hybrid environment, your already migrated users will be a "RemoteMailbox, Privisioned". Your currently migrated mailboxes from Exchange 2010 are "RemoteMailbox, Migrated". And, if you want to offboard users during "reversy hybrid" you have to export the MailboxGUID from the Exchange Online mailboxes to your on-premise MEU object.

 

Long speak short: firest consolidate your on-premise Forests with a cross-forest migration and then go hybrid to your tenant. This is the "supported" and easiest kind of migration. Of course, you can copy all Exchange attributes with PowerShell or FIM (except some attributes like HomeMDB, ExchangeVersion, etc.) after your hybrid switch to the Exchange 2016 forest, but this requires a lot of planning and some other tools for the attribute flow between the forests.

 

Cheers,

Dominik

Deleted's avatar
Deleted
Aug 14, 2017

Thanks Dominik. Although I have null experience in this, this is also what I thought would be the best approach. But unfortunately, the customer has already setup a hybrid with Ex2010 in their Resource domain, setup Azure AD Connect in the Account forest and migrated already users to EOL.

So, we need to do in this config, like described:

- Ex2010 in resource forest, Azure AD Connect in Account forest, Hybrid on Ex 2010 and already users migrated to EOL.

 

So the question, what global steps do I take to decommission the Resource forest? Thanks for helping me in advance!

  • Dominik Hoefling's avatar
    Dominik Hoefling
    MVP
    Aug 14, 2017

    The problem is that you should have been provisioned the migrated users to the Exchange 2016 resource forest prior migrate it to Exchange Online. You can't to this for Exchange Online mailboxes anymore.

     

    1. Export all attributes from the Exchange Online migrated users from your on-premises Active Directory in the Exchange 2010 resource forest.

    2. Migrate Cross-Premise to Exchange 2016.

    3. Import the Exchange attributes in the new Exchange 2016 user account (except those which were moved with prepare moverequest, like homemdb, exchangeversion, etc.)

    4. Stop AAD Connect.

    5. Decomission hybrid: https://technet.microsoft.com/library/dn931280(v=exchg.150).aspx

    5. Run AAD Connect in the new Forest

    6. Set up hybrid

     

    But this is not a overall supported solution, just my personal experience. And, of course, it is a very low level list which tasks must be performed.

    • Richard Innes's avatar
      Richard Innes
      Brass Contributor
      Aug 14, 2017

      I am working on a similar project with what sounds like an almost identical setup with the user/resoure forest and mailboxes have already been migrated to Office 365. We havent got to the stage yet where Exchange 2016 is installed in the user forest. My thoughts around the steps involved were as below:

       

      1. Install EX2016 in user forest - Set SCP to null to prevent any Autodiscover funnys

      2. Add Office 365 mail routing domain as remote domain in EX2016

      3. Export Exchange attributes from resource forest account

      4. Stop AAD connect

      5. Remove resource forest acccount from AAD connect scope so it only syncs from user forest account

      6. Import Exchange attributes to user forest account and run the new-remotemailbox command

      7. Start AAD connect

      8. Decommission hybrid from resource forest

      9. Configure hybrid in user forest

       

      I am plannnig to validate this process on a batch of test accounts first to see if any issues occur.  

       

       

       

      • Davi Van Laethem's avatar
        Davi Van Laethem
        Copper Contributor
        Jun 13, 2018

        Richard, 

        Are these the attributes are important for the export and import?

        EmailAddress

        ProxyAddresses

        msExchRecipientTypeDetails

        msExchMailboxGuid

        Or am I missing some attributes?

         

         

        Accounts are already created and configured for SSO in the users forest.I will map the users with msExchMasterAccountSID and objectGuid

         

         

         

Resources