SOLVED

Migrate from Skype for Business Hybrid to Skype for Business online

Brass Contributor

Has anyone attempted this and what was your experience?  We are currently in the process of moving all of our users from on-premises to the cloud.  I found a great article that goes through some steps modify DNS to support online only connnectivity.

https://blogs.technet.microsoft.com/praj/2016/03/25/migration-of-skype-for-business-hybrid-environme...

The article doesn't go into detail about managing accounts or removing all of the on-premises servers.  Our goal is to completely remove our on-premises servers.  However, I'm not sure if this is possible if we sync our on-premises AD accounts to Azure AD.  We don't create accounts in Office 365, so to enable new accounts, we might still have to keep the on-premises environment in place, at least one pool to move users from onprem to the cloud.

19 Replies

Yes certainly possible to complete your migration and after the last user has been moved to Skype4B Online you can begin the process to transistion DNS to be a cloud only Skype4B deployment.  This esstientially is repointing specific records to Skype4B online servers vs your on-prem infrastructure.  Once this is done and you are confident there are no dependencies on-prem from a Skype perspective you can decommission all the Skype4B Servers. 

 

From an accounts perspective, and ongoing user management you will still need your DirSync/ADConnect server to synchronize accounts to the cloud from your on-prem AD.  If using SSO you will also still continue to your on-prem ADFS infrastructure as well.  User management from a Skype perspective will now be handled entirely in the cloud using the Skype for Business Online Admin Center. 

Thanks for the response.  I don't see the option to Enable users in the Skype for Business Admins center.  Is this somehow turned on after Hybrid mode is removed?  Furthermore, are there Powershell commands to enable a user in Skype for Business online?

 

I found a link somewhere that states when provisioning an Office 365 user, after creating the account and assigning a license, the user is enabled "in cloud".

Hello Earl!

 

Looking to the future when you no longer have an on-prem infrastructure for Skype for Business, your users will still be synced to Office 365 via Azure AD Connect, as Dino pointed out. At this point, however, all you have to do to enable a user for Skype for Business is assign them the appropriate license. For instance, if you assign an E5 license, and Skype for Business is toggled On within the E5 drop-down, then that user is now enabled for SKype for Business Online. You will then be able to manage their Skype for Business settings within the Skype for Business Admin Center. There is no where within the Skype for Business Admin Center, however, to "Enable" a user for Skype for Business; that is all done via licensing once you are in a pure Skype for Business Online environment.

 

Hope that helps to clarify!

 

Respectfully,

 

Josh Blalock

Hi Josh,

 

Thanks for the clarification.  My confusion was that we sync users to Office 365 today via Azure AD and assign licenses, however, they are not " in cloud" because we're in Hybrid mode. 

 

I would like to see Microsoft include documentation on their site to remove Hybrid mode and go to cloud only.  I hope this helps someone else that goes throught the sames steps as me.

 

Earl

best response confirmed by Earl Zirkle (Brass Contributor)
Solution

Earl,

 

When you say remove Hybrid mode and go to Cloud only, are you referring to Skype for Business Hybrid, or are you talking about even disconnecting Azure AD? For removing Hybrid from a Skype for Business Online tenant, you would simply change the required DNS over to point at Skype for Business Online, and then remove the configuration that was set via PowerShell to setup the "SharedSipAddressSpace" in SFBO. At that point, your Skype for Business Online environment is completely standing on its own (and on-prem servers can be decommissioned), but your user accounts themselves will still show "Synced", as they are created in your on-prem AD and synced to the Cloud using Azure AD Connect.

 

Sorry if I seem to be rambling, I just wanted to make sure it was all cleared up on your end.

 

Josh

Josh,

 

That's correct and exactly what I mean.  However, Microsoft just assumes that you know to do this.  I'm not saying they are wrong and it all makes sense to me, but they should document it just like everything else on Technet.

Thanks,

 

Earl

Ah yes, that makes sense, I got ya!

 

Well, best of luck as you move forward, and look forward to bumping into within the Tech Community later on!

 

Josh

We made our DNS changes last weekend and I've turned off Hybrid connectivity.  However, when we sync users from onprem AD to Azure and assign a Skype for Business plan 2 license, they are not displayed in the Skype for Business Admin Center.  Does anyone know why this is not working?

PS D:\> Get-CsAccessEdgeConfiguration
Identity                               : Global
AllowAnonymousUsers                    : True
AllowFederatedUsers                    : False
AllowOutsideUsers                      : False
BeClearingHouse                        : False
EnablePartnerDiscovery                 : False
DiscoveredPartnerVerificationLevel     : UseSourceVerification
EnableArchivingDisclaimer              : False
EnableUserReplicator                   : False
KeepCrlsUpToDateForPeers               : True
MarkSourceVerifiableOnOutgoingMessages : True
OutgoingTlsCountForFederatedPartners   : 4
DnsSrvCacheRecordCount                 : 131072
DiscoveredPartnerStandardRate          : 20
EnableDiscoveredPartnerContactsLimit   : True
MaxContactsPerDiscoveredPartner        : 1000
DiscoveredPartnerReportPeriodMinutes   : 60
MaxAcceptedCertificatesStored          : 1000
MaxRejectedCertificatesStored          : 500
CertificatesDeletedPercentage          : 20
SkypeSearchUrl                         : https://skypegraph.skype.com/search/v1.0
RoutingMethod                          : UseDnsSrvRouting



PS D:\> Get-CsHostingProvider
Identity                  : Exchange Online
Name                      : Exchange Online
ProxyFqdn                 : exap.um.outlook.com
VerificationLevel         : UseSourceVerification
Enabled                   : False
EnabledSharedAddressSpace : True
HostsOCSUsers             : False
IsLocal                   : False
AutodiscoverUrl           :

It can take a few minutes before it shows up in the SfBO admin center after licensing, give it an hour or so.  If they're still not there, unlicense and re-license, if still not there, you may need to contact support.

No, It didn't work. I'm opening a ticket with Microsoft.

I opened a case with Microsoft and they helped me identify and correct the issue.

 

  1. Since we no longer enable users in the Skype for Business onpremises, we stil need to create a SIP address value under the proxyAddresses attribute of new accounts before they are synced to Azure.
  2. Ensure the msRTCSIP- attributes are all configured to <not set>.  I think one attribute msRTCSIP-DeploymentLocator had a value of "SRV:" and had to be changed to <not set>.

I hope this helps anyone else moving from onpremises to fully in the cloud.

I've only just seen this thread, but had this every time I've performed a migration to SFBO from on-prem that's been in hybrid at any point. In a none hybrid scenario (pure on-prem), when you disable a user for Skype for Business, all the Skype related user attributes are cleared out from the user object and you wont have any problem enabling them online and having them appearing in the online control panel. However if the environment has been in a hybrid at any point and you disable a user, all the attributes are cleared out with the exception of the DeploymentLocator which stays populated with an SRV value. Taht value is sync'd to the cloud as part of your account sync process, and when you assign a license the Skype provisioning process hits a brick wall because a required attribute is already populated. As you mentioned, clearing the attribute and then allowing for a sync cycle will fix the problem. From experience, I've noted there's no need to remove and re-assign licenses etc. The accounts will simply drop in 10-15 minutes after the sync of the null Deployment Locator attribute.

 

Appreciate you've already made people aware of the fix, but in addition this isn't a querk unique to yourself or the way you went about doing anything - it will happen 100% of the time for any hybrid migration.

 

Kind regards
Ben

@Anthony Caragol - I've had it take an hour or more per user depending on the size of the organisation before it shows up on SfBO Admin portal.

@Jason Wynn Yep :)  I'm way too impatient for that, that's when time slows down for me...

I'm writing up the procedure to completely remove Skype for Business from our on-premises infrastructure.
After removing the Edge and Front End pools, effectively fully removing the deployment from the topology, I'm wondering if it's safe to remove the changes to the AD schema?  I don't believe Skype for Business online uses the SfB AD attributes.

Commands I'm interested in using:

Disable-CsAdDomain
Disable-CsAdForest

 

Has anyone used these commands to undo the domain/forest preparation tasks put in place by Skype for Business?

Yeah, I've used both commands recently in an org that moved all users to Skype for Business Online. They go through and clean things up nicely, and I don't believe it should impact S4BO in a negative way. It definitely hasn't in the environment that I have used them in last week. It cleaned up all the groups, ACLs, etc.

Yep you are good to run those assuming you have first decommissioned all the on premise servers - see https://blog.adexis.com.au/2016/10/25/decommissioning-skype-for-business-2015-on-premise-after-migra... for detailed steps.
1 best response

Accepted Solutions
best response confirmed by Earl Zirkle (Brass Contributor)
Solution

Earl,

 

When you say remove Hybrid mode and go to Cloud only, are you referring to Skype for Business Hybrid, or are you talking about even disconnecting Azure AD? For removing Hybrid from a Skype for Business Online tenant, you would simply change the required DNS over to point at Skype for Business Online, and then remove the configuration that was set via PowerShell to setup the "SharedSipAddressSpace" in SFBO. At that point, your Skype for Business Online environment is completely standing on its own (and on-prem servers can be decommissioned), but your user accounts themselves will still show "Synced", as they are created in your on-prem AD and synced to the Cloud using Azure AD Connect.

 

Sorry if I seem to be rambling, I just wanted to make sure it was all cleared up on your end.

 

Josh

View solution in original post