Home

Office 365 Migration of Service accounts

%3CLINGO-SUB%20id%3D%22lingo-sub-194639%22%20slang%3D%22en-US%22%3EOffice%20365%20Migration%20of%20Service%20accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-194639%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20in%20the%20process%20of%20migrating%20our%20users%20to%20Office%20365%2C%20and%20we%20are%20getting%20down%20to%20the%20point%20were%20we%20will%20migrate%20service%20accounts.%20Some%20of%20these%20service%20accounts%20have%20access%20permissions%20to%20other%20mailboxes%20to%20do%20custom%20tasks.%20I%20am%20having%20a%20hard%20time%20wrapping%20my%20head%20around%20how%20these%20service%20accounts%20will%20authenticate%20in%20a%20post%20migrated%20world.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20federated%20accounts%2C%20so%20we%20cant%20just%20open%20our%20application%20and%20change%20the%20email%20address%20username%20and%20password%20in%20the%20app%20can%20we%3F%20I%20may%20be%20wrong%20though%20since%20the%20app%20is%20on%20prem%20it%20may%20still%20auth%20to%20AD%20somehow%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOptions%26nbsp%3BIthought%20of%3A%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20we%20have%20to%20mail%20remove%20their%20properties%20on%20premises%20and%20create%20cloud%20only%20mail%20accounts%20and%20reassign%20permissions%20then%20reconfigure%20our%20applications%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdd%20a%20new%20UPN%2C%20Put%20the%20service%20account%20in%20a%20non%20federated%20domain%20then%20update%20the%20application%20with%20the%20new%20username%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20other%20options%20out%20there%20people%20can%20think%20of%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-194639%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMigration%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-200615%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Migration%20of%20Service%20accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-200615%22%20slang%3D%22en-US%22%3E%3CP%3EYeah%20that%20Might%20be%20the%20idea.%20We%20are%20almost%20done%20with%20our%20user%20migration%20and%20really%20only%20down%20to%20service%20accounts%20now.%20Ideally%20we%20would%20decommission%20all%20our%20exchange%20servers%20except%20a%20management%20server%20so%20we%20dont%20have%20that%20life%20cycle.%20And%20we%20want%20to%20get%20out%20of%20hybrid%20ASAP.%20With%20all%20mailbox%20users%20migrated%20to%20MSOL%20we%20wont%20been%20hybrid%20mode%20even%20if%20we%20leave%20a%20relay.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198486%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Migration%20of%20Service%20accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198486%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20that%20case%20why%20not%20just%20use%20the%20hybrid%20exchange%20server%20(on-premises)%20as%20a%20relay%2C%20you%20only%20need%20to%20migrate%20the%20users%20that%20will%20consume%20the%20Exchange%20Online%20service.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-198479%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Migration%20of%20Service%20accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-198479%22%20slang%3D%22en-US%22%3E%3CP%3EMost%20are%20just%20sending%20SMTP%20mail.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-197264%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20Migration%20of%20Service%20accounts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-197264%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20depends%20what%20the%20app%20is%20and%20what%20it%20is%20trying%20to%20do...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eapplication%20impersonation%3F%3C%2FP%3E%3CP%3Esend%20SMTP%3F%3C%2FP%3E%3CP%3EUse%20MAPI%20to%20open%20and%20read%2Fwrite%20to%20a%20mailbox%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable

We are in the process of migrating our users to Office 365, and we are getting down to the point were we will migrate service accounts. Some of these service accounts have access permissions to other mailboxes to do custom tasks. I am having a hard time wrapping my head around how these service accounts will authenticate in a post migrated world. 

 

We have federated accounts, so we cant just open our application and change the email address username and password in the app can we? I may be wrong though since the app is on prem it may still auth to AD somehow?

 

Options Ithought of: 

Do we have to mail remove their properties on premises and create cloud only mail accounts and reassign permissions then reconfigure our applications?

 

Add a new UPN, Put the service account in a non federated domain then update the application with the new username?

 

Any other options out there people can think of?

4 Replies

It depends what the app is and what it is trying to do...

 

application impersonation?

send SMTP?

Use MAPI to open and read/write to a mailbox?

Most are just sending SMTP mail. 

In that case why not just use the hybrid exchange server (on-premises) as a relay, you only need to migrate the users that will consume the Exchange Online service.

Yeah that Might be the idea. We are almost done with our user migration and really only down to service accounts now. Ideally we would decommission all our exchange servers except a management server so we dont have that life cycle. And we want to get out of hybrid ASAP. With all mailbox users migrated to MSOL we wont been hybrid mode even if we leave a relay. 

Related Conversations
Accounts limit in Edge for iOS and iPadOS
Ole Thomsen in Discussions on
3 Replies
Dont see any Contact in Teams
nicb in Microsoft Teams on
2 Replies
OUTLOOK JUNK FOLDER DUPLICATION BUG
Phil Gibbs in Office 365 on
1 Replies
How to export Office 365 mailbox to PST?
alainajodi in Office 365 on
8 Replies
No Microsoft Endpoint Manager in Office 365 E5?
HotCakeX in Office 365 on
4 Replies