Office 365 Exchange Migration - Hybrid

qrW@-*5r2$+3BL3Qvm4*lLS0

Review cutover document to see what applies as it is a more comprehensive list

365 Exchange Cutover Migration

Create 365 domain

ID Exchange domains that will be needed

Add public domains as routable domains

Add public domains to 365

Create "365sync" group on premise

Set as Universal Group

Update users with email domain using script

Routable Domain

Setup sync between on-premise

Include option for Hybrid Exchange

Include SSO option

Setup SSO

Run on-premise Exch commands to sync permissions between on-premise and cloud

Set-OrganizationConfig -ACLableSyncedObjectEnabled $True

Create 2 test accounts. One for on-premise testing, the second to migrate to 365 Cloud for testing

Add all Exchange related accounts to "365sync" group or accounted for in other ways (duplicated in 365 EOL)

Users

Shared Mailbox

Contacts

Distribution groups

Dynamic Distribution Groups

On-premise need to add external email addresses

365 need to recreate groups and ensure external email addresses are included

Set Default domain within 365

Monitor and clear out any sync errors

Take documentation for rules, send connectors, receive connectors

Update RULES in Exchange Online 365 for:

Barracuda: '209.222.80.0/21' or '64.235.144.0/20'

Accent

Update 365 Security

https://security.microsoft.com/quarantinePolicies

https://protection.office.com/antispam

https://protection.office.com/antiphishing

Run Hybrid Configuration Wizard - Use correct link for download Run ELAVATED

Run from Exchange Shell before wizard to prevent MRP endpoint problems

Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -MRSProxyEnabled $false

IISRESET

Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -MRSProxyEnabled $true

IISRESET

https://aka.ms/hybridwizard

Update email address policy

Ensure all email address policy have '%domain%.mail.onmicrosoft.com' added

Run script to ensure all existing mailboxes that don't follow address policy get that email address

Add_SMTP_365_Proxy_Email.ps1

Update Firewall rules to allow secure connection between on-premise Exchange and MS 365 EOL/

https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

Purge all old Migration jobs

Get-MoveRequest | ? {$_.Status -eq "Completed"} | Remove-MoveRequest

Migrate test account to cloud

Test mail flow

External <-> 365 cloud

External <-> on-premise

365 clout <-> on-premise

Get full listing of mailboxes

Export On-Premise listing to CSV and provide to client with easy instructions on sorting purge/convert/keep

Once you get listing back strip down to just email address and header is "EmailAddress" for quick import to 365 Exchange

Migrate mailboxes

Check licensing

Be clear with client about expectations

Time

Outlook Problems

Mobile device setup

Outlook RULES

Update settings so that "Sent items" go to the correct mailbox for delegated items.

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'SharedMailbox')} | set-mailbox -MessageCopyForSentAsEnabled $True

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | set-mailbox -MessageCopyForSentAsEnabled $True

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'SharedMailbox')} | set-mailbox -MessageCopyForSendOnBehalfEnabled $True

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | set-mailbox -MessageCopyForSendOnBehalfEnabled $True

Update mail flow (MX records)

Update Autodiscover

Office 365 Exchange Hybrid Migration -Decom

https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps

https://docs.microsoft.com/en-us/exchange/permissions

AD<->ADD sync

Start-ADSyncSyncCycle -PolicyType Delta

Active Directory Auditing Tool

Active Directory: Add a Domain Controller to PowerShell

Add a domain to the Active Directory

Add a Mapped Drive to a User Profile Using GPO

Add all users in OU to security group

Add Extension Attribute to User

ADSI Purge

Change Windows Desktop Background Using Group Policy

Checking Active Directory Domain Controller Health and Replication

Clean Up Server Metadata

CONFIGURE NTP TIME SYNC USING GROUP POLICY

Create a Group to Assign Permissions to Access Files

Create WMI Filters for the GPO

Cross Forest Resource Security

Demote or Promote Domain Controller

Determine AD forest and domain level

Disable "These files might be harmful to your computer" warning?

Disabling and Enabling Outbound Replication

Domain Controller DNS Best Practice

Domain Trust

Force reinstall of applications deployed by software GPO after uninstall

Get Password Info

How To Add Local Administrators via GPO (Group Policy)

How to Audit User Account Changes in Active Directory

How to Change the Default Lock Screen Image using GPO

How to create and manage the Central Store for Group Policy Administrative Templates in Windows

How to Disable NTLM Authentication in Windows Domain

How to Export Active Directory Users to CSV and Build Reports

How to find the source of failed logon attempts

How To Fix Group Policy: Error Windows could not determine if the user and computer accounts are in the same forest

How to install and configure Microsoft LAPS

How to Remove (Demote) a Domain Controller in Active Directory

How to Remove (Demote) a Domain Controller in Active Directory

How to store BitLocker keys in Active Directory

Joining Active Directory Error

Keytab file

LAPS_OperationsGuide

Migrate user domain profile from one domain to another domain

Modify Group Policy's refresh interval

Move FSMO Roles

Move-ADDirectoryServerOperationMasterRole

Netlogon Logging

Powershell export AD users in OU to CSV

Rejoining an "untrusted" workstation and primary domain

Rename Domain

repadmin

Repairing Broken Trust Relationship Between Workstation and AD Domain

Restore Default Domain Policy

Securing Active Directory: Who can add computers to the domain? Only the domain admin?

Security Groups

Step-By-Step: Manually Removing A Domain Controller Server

USER PROFILES AND USER FOLDERS REDIRECTION USING GPO

Using NTDSUTIL Metada Cleanup to Remove a Failed/Offline Domain Controller Object.

Wrong error message for missing .adml files

Transferring/Seizing FSMO Roles to Another Domain Controller

Raise domain and forest functional levels in Active Directory Domain Services

7zip Command Line

Add user to Administrators Group

Choice Command

CMD Line Admin

CMD Line Registry Delete

Configure TCP/IP from the Command Prompt

DNS Change Via CMD Line

Enable Remote Desktop Via Command Line

Hyper-V

Invalid H:\ Drive

Network Share Folder

Remote GPResult

Run Commands

Test if Computer is Azure Joined

Windows Activation Post Azurre Migration

Windows S.M.A.R.T Check

Check Installed Drive Type

Check type of computer

Change power settings

Clear DFS Problems

DFS Backlog Check

DFS Checker

DFS Checker client install and setup

DFS Checker Configuration Settings