Remote mailbox moves without Hybrid

I have been working with a customer who recently acquired a new company that has 400+ mailboxes running on two Exchange 2010 servers. They need all mailboxes moved to Office 365 where the tenant is already setup has an existing Hybrid configuration to an on-prem Exchange 2016 environment. They don’t want the new users setup with Azure ADConnect and will be created In Cloud. If possible they want to perform MRS mailbox moves instead of paying for licenses for 3rd party migration tools.

I did some testing in a lab environment and have been successful in setting up MRS mailbox moves without having ADConnect or running the Hybrid Configuration Wizard. I decided to share the steps involved if anyone is in a similar position and needs some help.

  • Installed Exchange 2010 SP3 as the customer on-prem server was SP1
  • Enabled MRSProxy on the Web Services Virtual Directory
  • Created new Receive Connector on the 2010 server scoped for the O365 IP addresses and configured with for Fqdn with a valid SSL certificate
  • Add the new domain to the Office 365 portal and verify
  • Changed the accepted domain in Exchange Online from Authoritative to Internal Relay
  • Add outbound connector for the domain in Exchange Online
  • Add inbound connector for the domain in Exchange Online
  • Create a migration endpoint pointing to the on-prem Exchange server
  • Setup federation from On-Prem Exchange to Exchange Online (this was easier to do the the EMC)
  • Setup Organization Relationship from On-Prem to Exchange Online
  • Setup Organization sharing from Exchange Online to On-Prem (Exchange Admin Center)
  • Now you need to create new Mail Users in the Office 365 tenant and these can be scripted out and run from a PowerShell session
  • Add the LegacyExchangeDN from the On-Prem 2010 to the Mail User ExchangeGUID in Exchange Online
  • On-Prem Exchange will need to add the accepted domain for <tenant> as authoritative
  • On-Prem mailboxes need the alias address for <>. This can be done using an Email Address Policy 
  • Mail User recipients in Exchange Online need to have both the following addresses added <tenant>> and <tenant>
  • Assign the MsolUser with a valid license for Exchange Online

Note that because the MailUser has a value for ExchangeGUID the provisioning service within Exchange Online doesn’t convert this into an empty mailbox when you assign a license. Now you can perform a remote mailbox move and when the move completes the objects will convert from a MailUser to a UserMailbox in Exchange Online and from a UserMailbox to a MailUser in Exchange On-Prem.

I recommend testing this out before doing any live production mailboxes and ensure mail flow is working. You will also want to validate free/busy and ensure all mailboxes including resource and shared get provisioned as MailUser in Exchange Online before moving any mailboxes. You will also need to create Distribution Groups in Exchange Online and add the LegacyExchangeDN to prevent users getting bounce back messages when sending to them.

Leave a Reply

Your email address will not be published.