An Engineers Notebook

Office 365 Migrations

Cut overStagedHybridIMAP
Exchange Versions2003 and later2003 / 20072010 / 20132000 Onward
ProsSimpleGreater than 2000 usersMore time (no down time)Migrate legacy mailboxes
ConsMax 2000 UsersCoexistenceRequires Hybrid Exchange WizardOnly Inbox Migrated
ConsMax 2000 UsersCoexistenceRequires Hybrid Exchange Wizard

Cut over Migration
A cut over migration is a “all at once” method of migrating.

Outlook anywhere (HTTP over RPC) AKA Auto discover
SSL Certificates
Custom domain added to Office 365 tenant account
Preparing the Cut over Migration
If Outlook anywhere / auto discover is already configured, skip to step 7.
1. Create a Custom certificate request
Template: (No Template) Legacy Key
PKCS #10
Certificate Name: Outlook Anywhere
Common name:
Enter an Alternative DNS: and
Extended Key Language: Server Authentication
Key Type: Exchange
Key Size: 2048
Make Key Exportable
Save CSR as Base64.

2. Submit the CSR to a public CA. Once it’s received, import the certificate

3. Export the certificate

Export Private key: yes

PKCS #12

Save the certificate to the exchange server

4. Check firewall for required ports

HTTPS: 443

5. Create DNS Records (CNAMEs)

6. Import the Certificate into Exchange

Open IIS
Locate the OWA Site
Assign the certificate to the https bindings.

7. Test exchange connectivity 

Executing the Migration
1. Ensure the on-premises account has correct permissions
2. Add the domain to Office 365
Only step 1 is required for this process there is no need to add licences yet as there are no accounts in Office 365 to assign them to.
3. On the on-Premises exchange, go to Migration
Select cut over migration
Enter credentials of the administrator
Enter the exchange server: exchange.ADDomain.local
Enter the RPC Proxy:
Name the Migration Batch: Batch 1

The batch will then run.

4. Change the MX Records to point to Office 365
5. Disable Synchronization and delete batch on the local exchange
6. Decommission Server
Guide to continue…

Leave a Reply

Your email address will not be published.