Export (0) Print
Expand All
18 out of 23 rated this helpful - Rate this topic

Migrate All Mailboxes to Exchange Online with a Cutover Migration

Exchange Online
 

Applies to: Exchange Online

Topic Last Modified: 2014-03-31

Use the Migration page (also called the migration dashboard) in the Exchange Administration Center (EAC) or use the Exchange Management Shell (Shell) to migrate all the mailboxes and corresponding mailbox data from your on-premises Exchange organization to Exchange Online in a single migration batch over the course of a few days. This type of migration is called a cutover Exchange migration because all on-premises mailboxes are migrated in preparation for moving your entire organization to Microsoft Office 365 and Exchange Online. After mailboxes are migrated to Exchange Online, the corresponding user accounts are managed in Office 365.

To migrate only some of your on-premises mailboxes or to migrate more than 2,000 mailboxes, you need to perform a staged Exchange migration. You can only migrate Exchange 2003 and Exchange 2007 mailboxes using a staged migration. To migrate more than 2,000 mailboxes from an Exchange 2010 or Exchange 2013 organization, you have to implement an Exchange hybrid deployment. For more information about these types of migrations, see:

To learn about and compare other options to migrate mailboxes to Exchange Online, see Mailbox Migration to Exchange Online. Or use the Cloud Only option in the Exchange 2013 Server Deployment Assistant.

NoteNote:
Cutover migration is available in Office 365 for education, but it isn’t available for Microsoft Live@edu organizations.

Here's what happens when you migrate mailboxes to Exchange Online using a cutover migration:

  • Exchange Online provisions new mailboxes in your Office 365 email organization. It creates an Exchange Online mailbox for each user account in your on-premises Exchange organization. On-premises distribution groups and contacts are also migrated to Exchange Online during a cutover migration.

  • After the new Exchange Online mailboxes are created, email messages, contacts, and calendar items from each on-premises Exchange mailbox are copied to the corresponding mailbox in Exchange Online. This process is called initial synchronization.

  • After the initial synchronization, the on-premises and Exchange Online Exchange mailboxes are synchronized every 24 hours, so that new email sent to on-premises mailboxes is copied to the corresponding Exchange Online mailboxes. This process is called incremental synchronization.

  • Exchange Online sends an email message to the administrator when the migration batch has completed initial synchronization. This message lists the number of mailboxes that were successfully migrated and how many couldn’t be migrated. The message also includes links to migration statistics and error reports that contain more detailed information.

When you're ready, you can route email directly to the Exchange Online mailboxes and delete the cutover migration batch. Then you can decommission your on-premises Exchange organization if you want.

  • Estimated time to complete this task: 2-5 minutes to create a migration batch. After the migration batch is started, the duration of the migration will vary based on the number of mailboxes in the batch, the size of each mailbox, and your available network capacity. For information about other factors that affect how long it takes to migrate mailboxes to Exchange Online, see Migration Performance.

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Migration" entry in the Recipients Permissions topic.

  • If you’ve activated and installed the Windows Azure Active Directory Sync tool, you can’t run a cutover migration. If you’ve already installed the directory synchronization tool, but haven’t run the tool yet, you can deactivate directory synchronization in your Office 365 tenant and then run a cutover migration. For more information, see Manage directory synchronization.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in the Exchange Admin Center.

TipTip:
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection..
  • Add your on-premises Exchange organization as an accepted domain of your Office 365 organization.   The migration service uses the SMTP address of your on-premises mailboxes to create the Microsoft Online Services user ID and email address for the new Exchange Online mailboxes. Migration will fail if your Exchange domain isn't an accepted domain or the primary domain of your Office 365 organization. For more information, see Add your domain to Office 365.

  • Configure Outlook Anywhere on your on-premises Exchange server.   The email migration service uses RPC over HTTP, or Outlook Anywhere, to connect to your on-premises Exchange server. For information about how to set up Outlook Anywhere for Exchange 2010, Exchange 2007, and Exchange 2003, see the following:

    ImportantImportant:
    Your Outlook Anywhere configuration must be configured with a certificate issued by a trusted certification authority (CA). It can't be configured with a self-signed certificate. For more information, see How to Configure SSL for Outlook Anywhere.
  • Verify that you can connect to your Exchange organization using Outlook Anywhere.   Try one of these methods to test your connection settings:

    • Use Microsoft Outlook from outside your corporate network to connect to your on-premises Exchange mailbox.

    • Use the Microsoft Exchange Remote Connectivity Analyzer to test your connection settings. Use the Outlook Anywhere (RPC over HTTP) or Outlook Autodiscover tests.

    • Run the following Shell commands.

      $Credentials = Get-Credential
      
      Test-MigrationServerAvailability -ExchangeOutlookAnywhere -Autodiscover -EmailAddress <email address for on-premises administrator> -Credentials $credentials
      
    • Successfully create a migration endpoint to the Exchange organization that hosts the mailboxes that you're migrating. When you create the endpoint, select Outlook Anywhere as the endpoint type. For more information, see Create Migration Endpoints.

  • Assign an on-premises user account the necessary permissions to access mailboxes in your Exchange organization.   The on-premises user account that you use to connect to your on-premises Exchange organization (also called the migration administrator) must have the necessary permissions to access the on-premises mailboxes that you want to migrate to Exchange Online. This user account is used to create a migration endpoint to your on-premises organization.

    The following list shows the administrative privileges required to migrate mailboxes using a cutover migration. There are three possible options.

    • The migration administrator must be a member of the Domain Admins group in Active Directory in the on-premises organization.

      Or

    • The migration administrator must be assigned the FullAccess permission for each on-premises mailbox.

      Or

    • The migration administrator must be assigned the Receive As permission on the on-premises mailbox database that stores the user mailboxes.

    For more information about assigning Exchange permissions, see Assign Permissions to Migrate Mailboxes to Exchange Online.

  • Disable Unified Messaging.   If the on-premises mailboxes you’re migrating are enabled for Unified Messaging (UM), you have to disable UM on the mailboxes before you migrate them. You can then enable UM on the mailboxes after the migration is complete.

  • Security Groups and Delegates   The email migration service cannot detect whether on-premises Active Directory groups are security groups or not, so it cannot provision any migrated groups as security groups in Office 365. If you want to have security groups in your Office 365 tenant, you must first provision an empty mail-enabled security group in your Office 365 tenant before starting the cutover migration. Additionally, this migration method only moves mailboxes, mail users, mail contacts, and mail-enabled groups. If any other Active Directory object, such as user that is not migrated to Office 365, is assigned as a manager or delegate to an object being migrated, they must be removed from the object prior to migration.

Return to top

A migration endpoint is a management object in Exchange Online that contains the connection settings for the on-premises server that hosts the mailboxes you're migrating and the credentials for an on-premises user account that has the necessary administrative permissions to migrate mailboxes. For a cutover migration batch, you have to create an Outlook Anywhere migration endpoint. When you create a migration batch, the information in the migration endpoint is used to connect to the on-premises Exchange server. The migration endpoint also defines the number of mailboxes to migrate simultaneously.

For more information about creating an Outlook Anywhere migration endpoint, see Create Migration Endpoints.

TipTip:
Although you can create the first Outlook Anywhere migration endpoint when you create the migration batch for a cutover migration, we recommend that you create migration endpoints before you create a migration batch. When you create a migration endpoint, Exchange Online tests the connection to the on-premises Exchange server. The migration endpoint isn't created unless Exchange Online can successfully connect to an on-premises server. This lets you troubleshoot and resolve connectivity issues before you create a migration batch. Otherwise, you have to cancel the migration batch and resolve any connectivity issues before you can create a migration batch.

Return to top

As previously stated, in a cutover migration, on-premises mailboxes are migrated to Exchange Online in a single migration batch. Therefore, you can create only a single migration batch for a cutover migration.

The following procedure will vary based on whether you or another administrator in your Exchange Online organization have created any migration endpoints. We recommend that you create a migration endpoint before you create a migration batch for a cutover Exchange migration.

  1. In the EAC, navigate to Recipients > Migration.

  2. Click New Add Icon and then click Migrate to Exchange Online.

  3. On the Select a migration type page, click Cutover migration, and then click Next.

  4. Depending on whether any Outlook Anywhere migration endpoints have been created for your Exchange Online organization, do one of the following:

    • No migration endpoints have been created: On the Enter on-premises account credentials page, type the following information, and then click Next.

      • Email address   Type the email address of any user in the on-premises Exchange organization that will be migrated using this endpoint. Exchange Online will test the connectivity to this user's mailbox.

      • Account with privileges   Type the user name (using the domain\user name format) for an account that has the necessary administrative privileges in the on-premises organization that hosts the mailboxes that you're migrating. Exchange Online will use the Autodiscover service and this account to detect the migration endpoint and to test the permissions assigned to this account by accessing the mailbox specified in the previous box.

      • Password of account with privileges   Type the password for the administrator account that you specified in the previous box.

      If the connection settings are successfully discovered, the fully qualified domain name (FQDN) of your on-premises Exchange server and RPC proxy server are displayed on the Confirm the migration endpoint page. Verify the settings and then click Next. If the test connection to the source server isn't successful, you’re prompted to manually specify the FQDN of your on-premises Exchange server and RPC proxy server. You have to successfully connect to the source server to continue.

      Exchange Online creates a new migration endpoint using the connection settings that were successfully discovered or that you provided manually. By default, this migration endpoint is configured to support 20 maximum concurrent migrations and 10 maximum incremental synchronizations.

      NoteNote:
      It's recommended that you use a migration endpoint that’s created with connection settings that are automatically discovered rather than using settings that you provide manually because the Autodiscover service will be used to connect to each user mailbox in the migration batch. This is important if you have multiple on-premises Exchange servers. Otherwise, you may need to create different migration endpoints that correspond to each on-premises server.
    • One migration endpoint has been created: Exchange Online displays the connection settings from the selected migration endpoint on a read-only page. Verify the connection settings, and then click Next.

    • Two or more migration endpoints have been created: Under Select a migration endpoint, select a migration endpoint from the drop-down list, and then click Next. Exchange Online displays the connection settings from the selected migration endpoint on a read-only page. Verify the connection settings, and then click Next.

  5. On the Move configuration page, type the name of the migration batch, and then click Next. This name will be displayed in the list of migration batches on the Migration page after you create the migration batch. Batch names can’t contain spaces or special characters.

  6. On the Start the batch page, do the following:

    • Click Browse to send a copy of the migration reports to other users. By default, migration reports are sent to the administrator who creates the migration batch. You can also access the migration reports from the properties page of the migration batch.

    • Specify one of the following options to start the migration batch after it's created:

      • Automatically start the batch   The migration batch is started as soon as you save the new migration batch. The batch is first marked with a status of Created. It’s changed to a status of Syncing after it's been started.

      • Manually start the batch later   The migration batch is created but it's not started. The status of the batch is set to Created. To start a migration batch, select it on the migration dashboard and then click Start Start Icon.

  7. Click New to create the migration batch.

    The new migration batch is displayed on the migration dashboard.

You can use the New-MigrationBatch cmdlet to create a migration batch for a cutover migration. You can create a migration batch and start it automatically by including the AutoStart parameter. Alternatively, you can create the migration batch and then manually start it afterwards by using the Start-MigrationBatch cmdlet.

This example creates and starts a migration batch. The example uses the New-MigrationEndpoint cmdlet to create an Outlook Anywhere migration endpoint, and then uses that endpoint to create the migration batch. The migration batch is automatically started with the AutoStart parameter.

The Get-Credential cmdlet is used to obtain the credentials for the on-premises administrator account, which are required to create the migration endpoint. When prompted for the user name, you can use either the email address or the domain\user name format for the administrator account.

$Credentials = Get-Credential
$MigrationEndpoint = New-MigrationEndpoint -ExchangeOutlookAnywhere -Name EXCH-SRV-01_Endpoint -Autodiscover -EmailAddress administrator@contoso.com -Credentials $Credentials
New-MigrationBatch -Name CutoverBatch -SourceEndpoint $MigrationEndpoint.Identity -AutoStart

This example creates a migration batch and uses the migration endpoint that was created in the previous example. Because the AutoStart parameter isn't included, the migration batch has to be manually started on the migration dashboard or by using Start-MigrationBatch cmdlet. As previously stated, only one cutover migration batch can exist at a time.

New-MigrationBatch -Name CutoverBatch -SourceEndpoint EXCH-SRV-01_Endpoint

To verify that you've successfully created a migration batch for a cutover migration, do one of the following:

  • In the EAC, navigate to Recipients > Migration. Verify that the batch is displayed on the migration dashboard. If the migration batch was automatically started, the value displayed under Status is Syncing. If you configured the batch to be manually started, the value is Created.

  • In the Shell, run the following command to display information about the new migration batch.

    Get-MigrationBatch
    

    To display detailed information about the migration batch, run the following command.

    Get-MigrationBatch | fl
    

Return to top

If you create a migration batch and configure it to be manually started, you can start it by using the EAC or the Shell.

ImportantImportant:
Migration batches with a status of Synced that have no administrator-initiated activity (for example, no administrator has stopped and restarted a migration batch or edited a migration batch) for the last 30 days will be stopped, and then deleted 30 days later if no further action is taken by the administrator. When in the stopped state, you can reset the 30 day interval by running the Start-MigrationBatch cmdlet.
  1. In the EAC, navigate to Recipients > Migration.

  2. On the migration dashboard, select the batch, and then click Start Start Icon.

Run the following Shell command to start a migration batch.

Start-MigrationBatch -Identity <identity>

If a migration batch is successfully started, its status on the migration dashboard is specified as Syncing. To verify that you've successfully started a migration batch, do one of the following:

  • In the EAC, navigate to Recipients > Migration. Verify that the migration batch was started.

  • In the Shell, run the following command to verify that the migration batch was started.

    Get-MigrationBatch -Identity <identity> | fl Status
    

Return to top

Until you change your MX record, email sent to users is still routed to their on-premises Exchange mailboxes. After a mailbox is successfully migrated, the incremental synchronization process synchronizes the on-premises Exchange mailbox and Exchange Online mailbox once every 24 hours until you stop or delete the migration batch. This ensures that messages sent to on-premises mailboxes are copied to Exchange Online mailboxes until you configure your organization's MX record to point to your Office 365 email organization. After you configure your organization's MX record, all email is sent directly to the Exchange Online mailboxes. For information about configuring MX records, see Create DNS records for Office 365.

It can take from 24 to 72 hours for the updated MX record to be propagated. Wait at least 24 hours after you change the MX record and then verify that mail is being routed directly to Exchange Online mailboxes.

Return to top

After you change the MX record and verify that all email is being routed to Exchange Online mailboxes, you're ready to delete the cutover migration batch. Verify the following before you delete the migration batch:

  • That mail is being sent directly to the Exchange Online mailboxes after you change your MX record to point to your Office 365 email organization.

  • That all users are using their Exchange Online mailboxes. After the batch is deleted, mail sent to mailboxes on the on-premises Exchange server will not be copied to the corresponding Exchange Online mailboxes.

  • That Exchange Online mailboxes have been synchronized at least once after mail began being sent directly to them. To do this, make sure that the value in the Last Synced Time box for the migration batch is more recent than the date and time when mail started being routed directly to Exchange Online mailboxes. This will help ensure that the most recent mail was migrated to Exchange Online mailboxes before mail was sent directly. After you delete the migration batch, on-premises and Exchange Online mailboxes will no longer be synchronized.

When you delete a cutover migration batch, the migration service cleans up any records related to the migration batch and deletes the migration batch. The batch is removed from the list of migration batches on the migration dashboard.

ImportantImportant:
Migration batches with a status of Synced that have no administrator-initiated activity (for example, no administrator has stopped and restarted a migration batch or edited a migration batch) for the last 90 days will be stopped, and then deleted 30 days later if no further action is taken by the administrator.
  1. In the EAC, navigate to Recipients > Migration.

  2. On the migration dashboard, select the batch, and then click Delete Delete Icon.

Run the following Shell command to delete a migration batch.

Remove-MigrationBatch -Identity <identity>
  • In the EAC, navigate to Recipients > Migration. Verify that the migration batch is no longer listed on the migration dashboard.

    Or

  • Run the following command to verify that the migration batch has been deleted.

    Get-MigrationBatch <identity>
    

    The command will either return the migration batch with a status of Removing or it will return an error stating that the migration batch couldn’t be found, verifying that the batch was deleted.

Return to top

  • Assign licenses to Office 365 users.   When you migrate a user's mailbox to Exchange Online using a cutover migration, an Office 365 user account is created for the user. You have to activate this user account by assigning a license. If you don't assign a license, the mailbox will be disabled when the grace period ends. To assign a license in the Office 365 admin center, see Assign or remove a license.

  • Create an Autodiscover DNS record.   After all on-premises mailboxes are migrated to Exchange Online, you can configure an Autodiscover DNS record for your Office 365 organization to enable users to easily connect to their new Exchange Online mailboxes with Microsoft Outlook and mobile clients. This new Autodiscover DNS record has to use the same namespace that you’re using for your Office 365 organization. For example, if your cloud-based namespace is cloud.contoso.com, the Autodiscover DNS record you need to create is autodiscover.cloud.contoso.com.

    Exchange Online uses a CNAME record to implement the Autodiscover service for Outlook and mobile clients. The Autodiscover CNAME record must contain the following information:

    • Alias   autodiscover

    • Target   autodiscover.outlook.com

    For more information, see Create DNS records for Office 365.

  • Implement a single sign-on solution.   After all mailboxes are migrated to the cloud, you can implement a single sign-on solution to enable users to use their on-premises Active Directory credentials (user name and password) to access their Office 365 mailboxes and existing on-premises resources. You implement a single sign-on solution by deploying Active Directory Federation Services 2.0 (AD FS 2.0). For more information, see Cutover Exchange Migration and Single Sign-on.

  • Decommission on-premises Exchange servers.   After you’ve verified that all email is being routed directly to the Exchange Online mailboxes, have completed the migration, and no longer need to maintain your on-premises email organization or don’t plan on implementing a single sign-on solution, you can uninstall Exchange from your servers and remove your on-premises Exchange organization.

    ImportantImportant:
    If you implement a single sign-on solution, we strongly recommend that you maintain at least one Exchange server so that you can access Exchange System Manager (Exchange 2003) or the Exchange Management Console/Exchange Management Shell (Exchange 2007, Exchange 2010, and Exchange 2013) to manage mail-related attributes on the on-premises mail-enabled users. For Exchange 2007 and Exchange 2010, the Exchange server that you maintain should have the Hub Transport, Client Access, and Mailbox server roles installed.

    For more information, see the following:

    CautionCaution:
    Decommissioning Exchange can have unintended consequences. Before decommissioning your on-premises Exchange organization, we recommend that you contact Microsoft Support.
  • Re-enable offline access for Outlook Web App.   Offline access in Outlook Web App lets users access their mailbox when they're not connected to a network. If you migrate Exchange 2013 mailboxes to Exchange Online, users have to reset the offline access setting in their browser to use Outlook Web App offline. For more information about offline access in Outlook Web App, the browsers that support it, and how to turn it on, see Using Outlook Web App Offline.

Return to top

Here are some tips to optimize your cutover Exchange migration:

  • Change the DNS Time-to-Live (TTL) setting on your MX record.   Before you start to migrate mailboxes, change the DNS TTL setting on your current MX record to a shorter interval, such as 3600 seconds (one hour). Then, when you change your MX record to point to your Office 365 organization after all mailboxes are migrated, the updated MX record should propagate more quickly because of the shortened TTL interval.

  • Updating the WindowsEmailAddress attribute   The WindowsEmailAddress attribute is used as the primary key for the cutover migration and changing the WindowsEmailAddress attribute on the on-premises side during a cutover migration isn’t recommended. If the WindowsEmailAddress attribute needs to be changed, we recommend that you remove the target MigrationUser attribute, remove the target mailbox, group and contact, and then restart the migration batch.

  • Communicate with your users.   Let users know ahead of time that you’re migrating the content of their on-premises mailboxes to Exchange Online. Consider doing the following:

    • Asking users to delete old or unnecessary email messages from their Exchange mailboxes before migration. This helps reduce the amount of data that has to be migrated and can help reduce the overall migration time. Or, you can clean up their mailboxes yourself.

    • Suggesting that users back up their Inboxes.

    • Telling users when they can use their Office 365 user account to access the email that was migrated from their on-premises accounts. Don't give users access to their Exchange Online mailboxes until you're ready to switch your MX record to point to Office 365.

Return to top

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.