Cut opentechtips.com dirsync (can take up to 72 hours to complete), or…
In this step we convert accounts to purely cloud account while keeping their original password
Before:
Set-MsolDirSyncEnabled -EnableDirSync:$false
Check if the process has run:
(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled
Note, if the process takes very long there’s another way: simply move the user accounts to an OU that is not synced to the cloud, and wait for or force a sync cycle. That will soft delete the cloud accounts, after which they can be restored using the following command (the cloud system will restore them as cloud accounts, preserving the original passwords, permission settings as well):
Get-MsolUser -ReturnDeletedUsers | Restore-MsolUser
After which:
Now we check the permissions on the shared mailboxes to make sure they are not lost just like after a license unassign-reassign scenario. As seen below the permission structure is preserved post-cloudization 🙂
Create jd0e.com users in the agzsolt.com local AD in a non-synced OU
First, we add the opentechtips.com domain using the Active Directory Domains and Trusts applet temporarily to make the transition simpler for the users. This way they will be able to log in with the help of the underlying kerberos ticketing system – meaning no password prompts (at least while the mailboxes are sitting on the on-prem server) 🙂
We run the following script to create the users, which will be created from users.csv
users.csv
| FirstName | LastName |
| Ross | Geller |
| Joey | Tribbiani |
| Monica | Geller |
| Rachel | Green |
| Chandler | Bing |
| Phoebe | Buffay |
| Janice | Hosenstein |
| CentralPerk |
Script:
New-ADOrganizationalUnit -Name "jd0e.com" -Path "OU=My Business,DC=agzsolt,DC=com" -Verbose
import-csv users.csv | foreach {
$fn=$_.FirstName
$ln=$_.LastName
New-ADUser -Name "$fn $ln" -DisplayName "$fn $ln" -GivenName "$fn" -Surname "$ln" -UserPrincipalName $fn@jd0e.com -Path "OU=jd0e,OU=My Business,DC=agzsolt,DC=com" -Enabled:$true -EmailAddress "$fn@opentechtips.com" -AccountPassword(ConvertTo-SecureString "Password12345!" -AsPlainText -Force)
Enable-RemoteMailbox -Identity $fn@opentechtips.com -RemoteRoutingAddress $fn@jd0e.onmicrosoft.com
Set-RemoteMailbox -Identity $fn@jd0e.com -EmailAddressPolicyEnabled:$false
}
After the commands being run we check the results on the agzsolt.com server:
Configure the cross-forest hybrid environment
To make the servers able to move jd0e.com mailboxes to the agzsolt.com server we need to create a migration endpoint in the jd0e.com cloud server. It is done in recipients/migration/migration endpoints, as the new endpoint’s type we use is “exchange remote"
It will fail because the server tries to determine the destination FQDN using autodiscover which points to the wrong location of course. We put the right server manually:
In our example we will call the connector “agzsolt”