Parts I and II of this article explained key concepts of BPOS email coexistence, and how to configure Active-Directory synchronization.
Windows Server 2012 is now available!
It offers businesses and service providers a scalable, dynamic, and multitenant-aware cloud-optimized infrastructure.
Windows Server 2012 helps organizations connect securely across premises and helps IT Professionals to respond to business needs faster and more efficiently.
To recap, configuring email coexistence with BPOS requires the following steps:
- Add your own domain to BPOS and enable external relay (Covered in Part I)
- Verify the domain (Covered in Part I)
- Verify email traffic flow (Covered in Part II)
- Enable Active Directory Synchronization (Covered in Part II)
- Activate migrated users
- Migrate mailboxes to BPOS
- Optional steps: Configure SPF and secure the mail flow
At this point you should be able to send email between your on-premise Exchange, and a test user on BPOS. You also should have installed the Dirsync tool, and have successfully synchronized your own Active-Directory to BPOS.
In this final article of the series, we’ll activate users and then set up the key tool that makes this all work – the Mailbox Migration tool.
Step 5: Activate Migrated Users
Synchronized user accounts are disabled by default. First step – activate them.
Open up the BPOS admin center. Click on the Users tab, then the User List sub-tab. Click on “Disabled User Accounts” from the left-hand task pane.
A list of all users synchronized from your domain should appear if synchronization is working correctly.
Click on one of the users to open up their properties window, then click the “Activate User Wizard” link.
To activate a large number of users at once, simply select them using the checkboxes beside their accounts on the Disabled Users screen. Then, click the “Activate Users” link to do a bulk activation.
Go ahead and enter an email address if you want BPOS to email a login link and password to your users. Then click next.
Select the location of your users, then click next.
And finally, select mailbox size limits for your users, then click next.
Next you should see a successful confirmation and list of activated users, as well as temporary passwords. Make a note of the passwords if you did not select the option to have them emailed to your users.
One last important note – In the previous steps, BPOS Dirsync may have imported users with a default domain set to [whatever].microsoftonline.com. If you want your users to log in to BPOS using your own domain (e.g. bpostutorials.com vs bpostutorial.microsoftonline.com), and send mail from your own domain name, then you should change this after activating users.
Step 6: Migrate Mailboxes to BPOS
Now that you’ve made it to this point, you’ve completed all the prep work for email-coexistence. In this last step we will install the Migration tool, and finally migrate selected mailboxes to BPOS.
The migration tool is the key piece to configure coexistence. The tool configures your on-premise Exchange SMTP settings to forward mail over to BPOS for migrated users. And, it will also migrate mailbox data over to BPOS. With the migration tool, users won’t lose content like mail and calendar items.
First, download and install the migration tool. To do this, go to the “Migration” tab in BPOS, then launch the “Migrate Mailboxes” link.
Before you can download the tool you’ll have to check the box to confirm that you’ve read the planning document. Then, download the tool.
The migration tool can be installed on any machine that meets the prerequisites below. It does not have to be installed on your Exchange server.
- Windows PowerShell is installed.
- Windows Vista, Windows Server 2003, or Windows XP with Service Pack 2 is installed.
- If Windows Server is installed, the computer can be configured as an Active Directory domain controller.
- Microsoft .NET Framework 2.0 or later must be installed.
In addition, you’ll need to run the migration tool from an account with Exchange server administrator privileges. And of course, you’ll also need admin permissions in BPOS.
Install the Migration tool using all of the default settings.
Once you’ve finished the install, open up the Migration Console from the Start menu (Start-Programs-Microsoft Online Services-Migration-Migration Console)
A sign-in box will prompt you for your BPOS user name and password. Enter the credentials for an account with administrator permissions, then click Sign In.
Click on “Mailboxes Ready to Migrate” to see a list of mailboxes that correspond to Activated BPOS user accounts. Any of these mailboxes can be migrated when you're ready to proceed.
Select the mailboxes that you wish to migrate, then right-click on one of the mailboxes. From the context-sensitive pop-up menu, choose “Migrate mailboxes”.
This will launch a migration wizard. Click Next on the introductory screen.
You now have two options. You can either configure forwarding records and migrate mailbox content, or configure forwarding records without migrating any content. You should migrate content if you want users to have access to their old data once they move over to BPOS.
If you chose to migrate content, then you can also decide whether to allow data to pass over an unsecured connection. Be aware that if you chose to allow this, then mailbox data could pass from your exchange server to the internet in an unsecured manner. Microsoft recommends securing the connection, though it’s not necessary. (For more information on securing traffic, please see Step 6 in this article.)
Assuming you’re going to migrate content to BPOS, choose the option to “Copy the local mailbox content”, then click Next.
Next, review the mailboxes you plan to migrate. Ensure that the source mailbox isn’t larger than the quota you’ve assigned to the BPOS users. Mailboxes could take considerable time to migrate depending on size and network bandwidth, so be cautious about how many mailboxes you move at once.
Now, select mailbox content types to migrate, like mail and calendar items. If desired, select the date ranges of data to migrate. Click Next when you’re ready to proceed.
Note that some items will not be migrated by the tool – more details on that here: http://www.microsoft.com/online/help/en-us/helphowto/fa139bc5-76d7-4e1a-9029-abc431b3c39a.htm
The tool provides one last opportunity to do a final review. If everything looks correct, then click Migrate to start the process.
The Migration tool will show a progress window like this one:
Once migration is complete, then review the status window for any errors or warnings, then click Finish.
Verifying Migration in Active-Directory
Let’s jump back to your own Active-Directory where you can view the changes made by the migration tool.
Open up Active Directory Users and Computers, and navigate to the Users container. You’ll see that in addition to your user objects (e.g. User Three) the migration tool has created a new contact object for each of the migrated users. So in this example, we now have a contact for UserThree@bpostutorial.microsoftonline.com. The contact is only for back-end use, so it will be hidden from the GAL.
Open up the new contact for one of your users. As you can see in the screenshot below for User Three, the “Email:” field uses the smtp domain for your BPOS domain – in this case the mail address is firstname.lastname@example.org. This contact is created simply so that Exchange has somewhere to forward mail that arrives in the email@example.com mailbox.
Next, open up the User object for your migrated user, and open up Delivery Options from the Exchange General tab. In our User Three example below, you can see that the migration tool has configured Exchange to forward all mail to the User Three (MSOL) contact object that we just looked at in the previous step.
Finally, back in the BPOS admin console, you can see that User Three has been activated with a user name of UserThree@bpostutorials.com.
At this point, User Three can log on to BPOS using the password provided earlier. They will be able to send and receive email from the bpostutorials.com domain. Once migration is complete, migrated users should only use BPOS to avoid problems with mailboxes becoming out of sync. They can access BPOS using Outlook Web Access, or reconfure their mail client to point to BPOS.
Step 6: Optional steps: Configure SPF and secure the mail flow
Microsoft recommends a couple of additional steps to complete your coexistence setup.
First, consider enable Autodiscover and adding Sender Policy Framework records. SPF records are still not very common, but are probably worth adding anyway. More information on both of those settings can be found here: http://www.microsoft.com/online/help/en-us/helphowto/6a984970-1606-480f-92e2-585ff1ddae84.htm
Second, since intra-organization mail is now going to be passed over the internet, they recommend that you secure the flow of traffic between your on-premise Exchange and BPOS. This involves obtaining a certificate and configuring TLS – for more information see this detailed guide from Microsoft: http://www.microsoft.com/online/help/en-us/helphowto/ad854daa-75aa-4fc7-bb1d-86e7bc8cfcf1.htm
But, these steps are optional and may not be necessary depending on your organization’s security requirements.
Once you’ve completed these steps, send a few test messages to confirm that things are working. If so, congratulations! You’ve successfully configured email coexistence with BPOS.