Exchange 2013 cross-forest migration to Office 365

%3CLINGO-SUB%20id%3D%22lingo-sub-312758%22%20slang%3D%22en-US%22%3EExchange%202013%20cross-forest%20migration%20to%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-312758%22%20slang%3D%22en-US%22%3E%3CP%3EScenario%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20performing%20workstation%2C%20user%2C%20and%20mailbox%20migrations%20from%20Forest%20A%20to%20Forest%20B%2C%20with%20a%20two%20way%20transitive%20trust%20in%20place.%20Forest%20A%20has%20Exchange%202013%20and%20Forest%20B%20has%20Office%20365%20(with%20an%20Exchange%202016%20server%20for%20management%20purposes%2C%20with%20Azure%20AD%20sync%20in%20place).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20Forest%20A's%20Exchange%202013%20server%2C%20I%20am%20doing%20remote-moves%20to%20Forest%20B's%20Office%20365%20tenant%20in%20parallel%20to%20the%20Active%20Directory%20user%2Fworkstation%20cutover.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20the%20workstation%20and%20mailbox%20have%20been%20cutover%20to%20Forest%20B%20%2F%20Office%20365%20and%20the%20user%20logs%20in%20for%20the%20first%20time%20-%20Outlook%20always%20tries%20to%20connect%20to%20Forest%20A's%20CAS%20server%2C%20no%20matter%20what.%20This%20results%20in%20repeated%20credential%20prompts%2C%20and%20no%20acceptance%20of%20either%20legacy%20or%20new%20credentials.%20I%20have%20updated%20the%20SCP%20object%20to%20outlook.office.com%20and%20autodiscover%20seems%20to%20be%20taking%20the%20logical%20steps%20with%20'test-email%20autoconfiguration'%2C%20but%20there%20seems%20to%20be%20no%20re-direction%20from%20the%20legacy%20CAS%20server%20to%20Forest%20B's%20Office%20365%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20lost%20here%2C%20what%20am%20I%20overlooking%3F%20Is%20there%20some%20additional%20attribute%20I%20need%20to%20set%20in%20the%20source%20forest%20to%20get%20the%20redirection%20to%20Office%20365%20(%20I%20have%20already%20set%20the%20targetaddress%20attribute)%3F%20There%20are%20some%20instances%20where%20if%20I%20cancel%20the%20first%20credential%20prompt%20(i.e.%20the%20connection%20to%20the%20legacy%20CAS%20server)%2C%20autodiscovery%26nbsp%3Bwill%20kick%20in%20and%20open%20a%20new%20credential%20prompt%2C%20connecting%20to%20Office%20365.%20From%20there%20I%20can%20enter%20my%20credentials%20and%20it%20works%20as%20expected.%20Any%20help%20here%20is%20appreciated.%20I%20hope%20I%20don't%20need%20to%20recreate%20outlook%20profiles%20for%2010K%2B%20users....%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-312758%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-661314%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%202013%20cross-forest%20migration%20to%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-661314%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F178797%22%20target%3D%22_blank%22%3E%40David%20Mollin%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI%20was%20wondering%20what%20was%20the%20solution%20to%20your%20problem%20if%20you%20have%20discovered%20it%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1049796%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%202013%20cross-forest%20migration%20to%20Office%20365%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1049796%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F352747%22%20target%3D%22_blank%22%3E%40Einar_S%3C%2FA%3E%26nbsp%3BNever%20found%20a%20resolution.%20I%20ended%20up%20segmenting%20the%20migration%20process%20into%20two%20phases%2C%20mailbox%20cutover%20and%20workstation%20cutover.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Scenario:

 

I am performing workstation, user, and mailbox migrations from Forest A to Forest B, with a two way transitive trust in place. Forest A has Exchange 2013 and Forest B has Office 365 (with an Exchange 2016 server for management purposes, with Azure AD sync in place).

 

On Forest A's Exchange 2013 server, I am doing remote-moves to Forest B's Office 365 tenant in parallel to the Active Directory user/workstation cutover.

 

After the workstation and mailbox have been cutover to Forest B / Office 365 and the user logs in for the first time - Outlook always tries to connect to Forest A's CAS server, no matter what. This results in repeated credential prompts, and no acceptance of either legacy or new credentials. I have updated the SCP object to outlook.office.com and autodiscover seems to be taking the logical steps with 'test-email autoconfiguration', but there seems to be no re-direction from the legacy CAS server to Forest B's Office 365 tenant.

 

I am lost here, what am I overlooking? Is there some additional attribute I need to set in the source forest to get the redirection to Office 365 ( I have already set the targetaddress attribute)? There are some instances where if I cancel the first credential prompt (i.e. the connection to the legacy CAS server), autodiscovery will kick in and open a new credential prompt, connecting to Office 365. From there I can enter my credentials and it works as expected. Any help here is appreciated. I hope I don't need to recreate outlook profiles for 10K+ users....

2 Replies
Highlighted

@David Mollin 

Hi,

I was wondering what was the solution to your problem if you have discovered it?

Highlighted

@Einar_S Never found a resolution. I ended up segmenting the migration process into two phases, mailbox cutover and workstation cutover.