Remote mailbox moves without Hybrid

I have been working with a customer who recently acquired a new company that has 400+ mailboxes running on two Exchange 2010 servers. They need all mailboxes moved to Office 365 where the tenant is already setup has an existing Hybrid configuration to an on-prem Exchange 2016 environment. They don’t want the new users setup with Azure ADConnect and will be created In Cloud. If possible they want to perform MRS mailbox moves instead of paying for licenses for Migration Wiz. Besides you can’t have two Hybrid configurations connecting to one tenant.

I did some testing in a lab environment and have have been successful in setting up MRS mailbox moves without having ADConnect or running the Hybrid Configuration Wizard. I decided to share the steps involved if anyone is in a similar position and needs some help.

  1. Installed Exchange 2010 SP3 as the customer on-prem server was SP1
  2. Enabled MRSProxy on the Web Services Virtual Directory
    • Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -MRSProxyEnabled $True
  3. Created new Receive Connector on the 2010 server scoped for the O365 IP addresses and configured with for Fqdn with a valid SSL certificate
  4. Add the new domain to the Office 365 portal and verify
  5. Changed the accepted domain in Exchange Online from Authoritative to Internal Relay
  6. Add outbound connector for the domain in Exchange Online
  7. Add inbound connector for the domain in Exchange Online
  8. Create a migration endpoint pointing to the on-prem Exchange server
  9. Setup federation from On-Prem Exchange to Exchange Online (this was easier to do the the EMC)
  10. Setup Organization Relationship from On-Prem to Exchange Online
  11. Setup Organization sharing from Exchange Online to On-Prem (Exchange Admin Center)
  12. Now you need to create new Mail Users in the Office 365 tenant and these can be scripted out and run from a PowerShell session
    • New-MailUser -Name “Alan Border” -Alias “alan.border” -DisplayName “Alan Border” -FirstName “Alan” -LastName “Border” -ExternalEmailAddress “alan.border@<domain.com> -MicrosoftOnlineServicesID “alan.border@<domain.com>” -Password (ConvertTo-SecureString -String ‘P@ssw0rd’ -AsPlainText -Force)

  13. Add the LegacyExchangeDN from the On-Prem 2010 to the Mail User ExchangeGUID in Exchange Online
    • Set-MailUser -Identity “alan.border@<domain.com>” -ExchangeGUID <05c362f2-120d-472f-9cf0-f846e2f52e0f>

  14. On-Prem Exchange will need to add the accepted domain for <tenant>.mail.onmicrosoft.com as authoritative
  15. On-Prem mailboxes need the alias address for <tenant.mail.onmicrosoft.com>. This can be done using an Email Address Policy 
  16. Mail User recipients in Exchange Online need to have both the following addresses added <tenant>.mail.onmicrosoft.com> and <tenant>.onmicrosoft.com
    • Set-MailUser -Identity “alan.border@<domain.com>” -EmailAddresses @{add=”smtp:alan.border@<tenant>.mail.onmicrosoft.com”,”smtp:alan.border@<tenant>.onmicrosoft.com”}
  17. Assign the MsolUser with a valid license for Exchange Online

 

Note that because the MailUser has a value for ExchangeGUID the provisioning service within Exchange Online doesn’t convert this into an empty mailbox when you assign a license. Now you can perform a remote mailbox move and when the move completes the objects will convert from a MailUser to a UserMailbox in Exchange Online and from a UserMailbox to a MailUser in Exchange On-Prem.

I recommend testing this out before doing any live production mailboxes and ensure mail flow is working. You will also want to validate free/busy and ensure all mailboxes including resource and shared get provisioned as MailUser in Exchange Online before moving any mailboxes. You will also need to create Distribution Groups in Exchange Online and add the LegacyExchangeDN to prevent users getting bounce back messages when sending to them.

 

Update 365 License from F1 to E3

Here is a script that can be used if you need to bulk change a license subscription from an F1 to E3 for a list of 365 user. In this script the requirement is to remove the license for Office 365 F1 and also Exchange Online (Plan 2) and adds a license for Office 365 Enterprise E3. The second requirement was to turn on E3 but only enable it for some of the services. 

To review which services are included with the E3 license subscription I ran the following:

In the script below I only enable the services for To-Do (Plan 2), Azure Rights Management, Office 365 ProPlus, Skype for Business Online (Plan 2), Office Online, SharePoint Online (Plan 2) and Exchange Online (Plan 2). As you can see the remaining services were all added to the $DisabledPlans variable. You should be able to change this as necessary to meet your needs.

This script is my version of the TechNet one that changes E1 to E3 licenses. https://gallery.technet.microsoft.com/scriptcenter/Change-Office-365-licenses-e3a26eb0 

Let me know if you find this helpful or have any issues with running the script.