• State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 20 subscribers
  • Views 29116 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cross-forest migration in Exchange Hybrid with Azure AD connect enabled

Bobby Dore
over 6 years ago

Thanks in advance for the help.

I have two on premises Active Directory forests, ForestA and ForestB. Azure AD Connect is installed on a server in ForestB and has connectors synchronizing both ForestA and ForestB to Office 365. I also have an Exchange hybrid server in ForestA that is being used to manage mailboxes in Office 365 and one in ForestB. Each user in ForestA has a mailbox in O365 and is matched using ms-ds-consistencyGUID (there are no on-premises mailboxes).

I need to migrate all AD user accounts from ForestA to ForestB. When I do this, I need to be sure that the mailbox is not deleted and the migrated user account in ForestB is matched to the O365 mailbox via directory synchronization.

How do I do this? Please note that I need to migrate 5000+ accounts so it will need to be done in batches and I can't disable dirsync at any point. I will use Quest Migration Manager for AD.

Parents
  • 0 over 6 years ago

    The question is not how to make the Quest tool do it, it is about the MS Directory sync. The MS Dir Sync needs to see only the source or target object during you migration. So this means that the MS Dir Sync has to be scoped and not full domains. For example, do the following

    • Create an OU in the source and target OU=Excluded Objects
    • Reconfigure MS Dir Sync to be Scoped, and select all OUs and Containers except OU=Excluded Objects
    • Using your migration tool, migrate a Object from source to OU=Excluded Object,DC=Target. 
    • Now move the source object from their current OU to OU=Excluded Object,DC=Source 
    • AND move the Target object from OU=Excluded Object,DC=Target to Any other OU. 
    • Run the MS Dir Sync. 

    The Cloud object will now be associated with the Target Object.

    Quest Migration Manager for AD has a directory sync function that would allow you to cut all of the the MS Dir Sync functions to the target, while batching the actual migrating of the Workstation and Users form the source. ADMT is a session based tool and this will require you to run a session to update attributes, membership. Where QMM AD will maintain this through sync at an attribute level. 

    Yes, this will work for all supported object classes. You might want to setup a technical call with your sales rep. He will get a subject mater expert on the call that can explain the benefits of using QMM AD over ADMT.  

Reply
  • 0 over 6 years ago

    The question is not how to make the Quest tool do it, it is about the MS Directory sync. The MS Dir Sync needs to see only the source or target object during you migration. So this means that the MS Dir Sync has to be scoped and not full domains. For example, do the following

    • Create an OU in the source and target OU=Excluded Objects
    • Reconfigure MS Dir Sync to be Scoped, and select all OUs and Containers except OU=Excluded Objects
    • Using your migration tool, migrate a Object from source to OU=Excluded Object,DC=Target. 
    • Now move the source object from their current OU to OU=Excluded Object,DC=Source 
    • AND move the Target object from OU=Excluded Object,DC=Target to Any other OU. 
    • Run the MS Dir Sync. 

    The Cloud object will now be associated with the Target Object.

    Quest Migration Manager for AD has a directory sync function that would allow you to cut all of the the MS Dir Sync functions to the target, while batching the actual migrating of the Workstation and Users form the source. ADMT is a session based tool and this will require you to run a session to update attributes, membership. Where QMM AD will maintain this through sync at an attribute level. 

    Yes, this will work for all supported object classes. You might want to setup a technical call with your sales rep. He will get a subject mater expert on the call that can explain the benefits of using QMM AD over ADMT.  

Children
No Data