Migrating On-Prem Distribution Groups to Exchange Online in Hybrid Mode

Copper Contributor

I have come across a number of articles on migrating distribution groups to Office 365 when you're not in hybrid mode. My situation is having hundreds of DLs on my on-prem Exchange environment that I need to move to the cloud. We don't want these converted to Office 365 groups, we want true distribution groups in the cloud. Is this possible with scripting or some other method? I really don't want to have to re-create these by hand.

47 Replies

To make sure that I understand what you want to do: you have a set of DLs on-premises and you now want to move them to Exchange Online without changing any of the members. You don't want to create new Office 365 Groups based on the DLs - you just want to use the DLs as they are.

 

Do you have a hybrid environment? If so, you can use AADConnect to synchronize the on-premises DLs with AAD so that they appear in the cloud GAL. The groups will have to be managed on-premises because they are "owned" by that environment.

 

If you don't want to synchronize the groups, you can recreate the DLs in the cloud. This is a manual process as there is no tool that I know of to move a DL from one environment to the other. However, it's easy enough to use PowerShell to export DL membership to something like a CSV file (on-premises) and then read that CSV file to create the DL in the cloud.

Can you please elaborate more on, "how to export DL (on-premises) and then create in Cloud using PowerShell"? 

 

Thanks!

Use the Get-DistributionGroupMember to get the membership of the on-prem DL and then create the new DL inside Exchange Online (a cloud object) before populating its membership (Add-DistributionGroupMember) with the objects you fetched from the original DL. You can connect PowerShell to both the on-prem and cloud environments at the same time, so you can run these commands in a single session.

Hello @Tony Redmond,

 

Sorry, your answer is quite old now but I have a question regarding the situation.

 

I'm in a similar situation with the customer here:

- Made a hybrid deployment to migrate from Exchange 2010 to Office 365;

- Have AAD Connect (and ADFS)

- Migrated almost all users (and shared mailboxes, etc.)

- The end goal is to shut down the Ex10 server since I've told uninstalling it is a terrible idea. We'll be managing things like SMTP Addresses from the AD Attribute Editor.

 

Now about the DGs: We've sync'ed them all with AADC. We can see them in o365 AC and ExO but not manage them as expected.

If I would like to manage them there, can I simply remove the DG OU from AADC Sync?

 

EDIT: Thinking about it, I've realized doing what I've described above should change the ID of the DG since it isn't a migrated object but a created one. Therefore, I suppose people who use Autocomplete (meaning everybody ^^) will be screwed.

Users will have to get the DG from the Online GAL, correct?

 

Thanks in advance for your answer

If you have a bunch of DLs on-premises, you will need to:

 

1. Recreate them in the cloud.

2. Delete them on-premises.

 

If you don't do this, you'll end up having to keep an on-premises server to manage the objects that remain there. It is easy enough to script the recreation and deletion with PowerShell. You'll need to have a session connected to both on-premises and the cloud when you run it.

So in order to completely migrate to 365 there is no way to move the on prem distro's 365 exchange with out creating new distro's in cloud. In other words the distro sync'd by AD will go away once you decomission the on prem exchange? 

 

As of now if i create a distro in the cloud external users cannot reach that email group. ( my MX records still point on Prem ) I have a second domain in my 365 exchange which does have the mx records point to the 365 exchange and they are working fine so i am assuming that when i change my mx records to point to  365 those  " in cloud" distro's will work just fine. 

 Just want to ensure that i'm understanding the reading in this article correct before proceeding. I've got just about every mailbox created and will be left with room mail boxes and distro's to finish this migration. My goal is to decomission the on prem exchange server and just leave a mail relay .

 

You should recreate the DLs in the cloud and then remove the on-premises equivalent. People often script this removal so that the new cloud DL receives the old email address used for the on-prem DL.  You could do it like this:

 

Create the new DL in the cloud. Set the new DL to be hidden from address lists so no one can see it. Give it a temporary email address.

Add the members to the cloud DL.

 

On-premises, update the old DL to give it a new email address and hide it from address lists.

 

After the on-premises change synchronizes to the cloud, update the new DL to give it the original email address and unhide it from address lists. Clients will now see the new DL and begin using it. 

 

After a week or so, when you are sure that everything works as expected, you can delete the old DL from on-premises AD.

 

Email addresses always need to be resolvable before delivery can occur. Once you switch the MX records, the cloud DLs can be used.

 

Thanks Tony. Would we need to add an X500 address to the online group so DLs cached that are deleted in Outlook will be recognized as the newly created ones?

Ah the old tricks are the best... so, yes.

@Tony Redmond 

 

Tony, thank you for your insight on this so far - I am unfamiliar with this last comment about the X500 addresses.

 

As a part of this process would I want to change the existing X500 address along with the DL's mail address, and then use those on the new Online DL? Or would I be creating a new X500 address on the Online replacement DL?

@Jerryn Bunnell 

 

The X.500 address is from the old DL. Email sent to the old DL will have the X.500 address in the header, so if you move the X.500 address to the new DL it means that Exchange will be able to deliver replies to the messages sent to the old DL.

Awesome, so I could then user PowerShell to grab that and the primary SMTP address and apply it to the new DG in Exchange Online.

One more for you - We have SMTP relays still connected on premises. If i create these DG's in Exchange online, will they sync on-premises, or will I need to create a mail object on premises?

@Jerryn Bunnell I don't know how you have things set up but generally speaking cloud objects do synchronize back to on-premises AD.

@Tony Redmond 

I was reading an article when searching how to do this and it claimed if you went to office 365 exchange admin, went to groups and in the upper right clicked on upgrade distribution lists it would let you move them however when I click there it doesn't show any of my on prem DLs.

 @Boe Dillard  Your DLs might not meet the criteria for conversion. For example, if they have any nested members, you can't convert the DLs with EAC.

thanks, it may be something like that.   There aren't any nested members but as you say there might be something about them.    I created a new group about an hour ago, it just had 2 names in it but it wouldn't let me migrate it.  I'll ask MS to see if they can figure it out.

@Tony Redmond Thanks - that is the article I was looking at.  I opened a case with MS but he got distracted by something else.   He seemed to think since it was synced I shouldn't worry about it which might be valid but I'm trying to avoid the day that their exchange server stops working and it depends on anything that is on prem.    I'll open another case. 

 

I did get this command to find out if it is Mastered on Premise or hosted in office 365

get-recipient -identity dlname@yourdomain.com |FL

 

The ones I'm upgraded are groups I created in Exchange.   I wonder if those eligible ones (ones I don't see any of) are ones people created in their outlook.

Reading through the posts here is some short code as I understand the process of migrating an OnPrem DL to a Cloud DL:

OnPrem

1. Get the x500 LegacyExchangeDN from the DL

2. Get the members of the DL

3. Remove the DL

Cloud

1. Create the DL

2. Add Members to the DL

3. Add Alias x500 equal to the LegacyExchangeDN from above