+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 24
Cloud Services Thread, Exchange 2007 to Office 365 for a poor confused idiot in Technical; I am genuinely sorry for creating a thread just to ask daft questions, but between live@edu, Office 365 for Business, ...
  1. #1

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,820
    Thank Post
    840
    Thanked 1,393 Times in 959 Posts
    Blog Entries
    47
    Rep Power
    602

    Unhappy Exchange 2007 to Office 365 for a poor confused idiot

    I am genuinely sorry for creating a thread just to ask daft questions, but between live@edu, Office 365 for Business, Office 365 for education and two versions of DirSync, I've gotten completely lost in Google tabsplosion hell.

    At the moment I have an onsite Exchange 2007 server. I want to either a) move to Office 365 or b) upgrade to Exchange 2010/3 on Server 2012. I'm investigating a) first.

    All our users have their own mailbox - about 1400 people total. These would need to be migrated over fully - mail, calendar, contacts - and automatically - I'm not talking 1400 people through PST files. From what I can see about cutover migrations, these are one single migration limited to 1000 users; I want to do it in chunks and for 1400 people.

    Ideally I want to do it bit by bit so I can test, but I don't see how I can do this without changing the MX records and breaking Exchange. If I can at least test with my spare domain (more below) that will do, then I can upgrade everyone else in the summer.

    Users must still be able to use Outlook seamlessly - on-site SSO and everything.

    I'll still need full control over transport rules and the ability to grant access to view mailboxes and - ideally - run PowerShell scripts to forcibly remove messages etc. I like the control Exchange gives me, I just hate the administrative burden of the damn thing.

    Ideally I'd also like to set up alternate email addresses for everyone, based on the Office field of AD (where I store their code e.g. JBL for Joe Bloggs) and another (shorter) domain we own. This alternate domain isn't currently used for mail, so if it can be used for testing, say so.

    Can all the above be done, and if so, has anyone got a handy deployment guide for me to follow? I've found about 4 and I don't know which one to follow whilst I test

    (on a related note, is the Exchange Online Protection free to use against onsite Exchange, thus rendering the CAL included in the more-expensive version of EES unnecessary?)
    Last edited by sonofsanta; 19th June 2013 at 02:01 PM.

  2. #2
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    499
    Thank Post
    25
    Thanked 222 Times in 153 Posts
    Rep Power
    83
    I don't have time right now to address your post fully, but check out:

    Office 365 Education Deployment Resources - UK Education Cloud Blog - Site Home - MSDN Blogs

    There's a whole bunch of useful links to get you started.

    You need to look at the staged migration option, or depending on your longer term plans, Exchange Hybrid.

    Also, SSO is a big deal and not usually what most people actually require (even if they think they need it). I'd take some time to look at DirSync & Password Sync as I think it is a far simpler approach and ticks most boxes for people.

    Best advice: keep it as simple as you can, as long as you can.

  3. Thanks to jamesbmarshall from:

    sonofsanta (19th June 2013)

  4. #3

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,820
    Thank Post
    840
    Thanked 1,393 Times in 959 Posts
    Blog Entries
    47
    Rep Power
    602
    Thanks James. If I was going to switch, I'd switch fully - no hybrid deployment. You're preaching to the choir with advice on simplicity as well.

    Regarding SSO: I need it to be as seamless as possible for users. If they suddenly have to start logging in again everytime they open Outlook they will all complain and ask why we cant go back to the old system, regardless of any other benefits. Sort of a corollary to KISS, I suppose: Keep It Even Simpler For Users (KIESFU sounds rubbish, though)

  5. #4

    Join Date
    Mar 2012
    Location
    Devon
    Posts
    215
    Thank Post
    0
    Thanked 14 Times in 13 Posts
    Rep Power
    10
    I'm in exactly the same boat. I shall watch this thread with interest.

  6. #5
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,736
    Thank Post
    893
    Thanked 414 Times in 348 Posts
    Blog Entries
    12
    Rep Power
    85
    Quote Originally Posted by sonofsanta View Post
    Thanks James. If I was going to switch, I'd switch fully - no hybrid deployment. You're preaching to the choir with advice on simplicity as well.

    Regarding SSO: I need it to be as seamless as possible for users. If they suddenly have to start logging in again everytime they open Outlook they will all complain and ask why we cant go back to the old system, regardless of any other benefits. Sort of a corollary to KISS, I suppose: Keep It Even Simpler For Users (KIESFU sounds rubbish, though)
    I had exactly the same questions when we moved, but in hindsight....

    We moved to logging in via webmail again and nobody had a problem with it at all, its quite normal now. They don't have to login when using outlook 2010, just the webmail.

    Setting up SSO is HUGELY complicated requiring extra servers, software, and all sorts. It also introduces a single point of failure to your login systems that may bring webmail down in the future. One of the biggest advantages of cloud email is its independent, run by microsoft not us I really wouldn't recommend going SSO at first, do it in steps.

    Saying all that, the migration is very easy and your joining at a time when dirsync has been updated to make it much more useful.

    I personally wouldn't go anywhere near a local exchange server, the idea seems ridiculous to me now
    Last edited by zag; 19th June 2013 at 03:35 PM.

  7. Thanks to zag from:

    sonofsanta (19th June 2013)

  8. #6

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,820
    Thank Post
    840
    Thanked 1,393 Times in 959 Posts
    Blog Entries
    47
    Rep Power
    602
    Quote Originally Posted by zag View Post
    I had exactly the same questions when we moved, but in hindsight....

    We moved to logging in via webmail again and nobody had a problem with it at all, its quite normal now. They don't have to login when using outlook, just the webmail.

    Setting up SSO is HUGELY complicated requiring extra servers, software, and all sorts. I really wouldn't recommend going that way at first, do it in steps.
    It's only Outlook I'm concerned with, so if I don't need SSO for that then I am happy to drop it students are already used to logging in via webmail.

    Another question I forgot to ask - can I disable students from logging in via Webmail? It's the easiest way of blocking them from email when they've broken the AUP and earnt themselves a ban from the relevant system.

  9. #7
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    499
    Thank Post
    25
    Thanked 222 Times in 153 Posts
    Rep Power
    83
    Quote Originally Posted by sonofsanta View Post
    It's only Outlook I'm concerned with, so if I don't need SSO for that then I am happy to drop it students are already used to logging in via webmail.

    Another question I forgot to ask - can I disable students from logging in via Webmail? It's the easiest way of blocking them from email when they've broken the AUP and earnt themselves a ban from the relevant system.
    Don't forget, people can always tick the box to remember credentials in Outlook. So they might have to enter them once, but they can just tick the box. Obviously, if your students are using OWA that's even better.

    You don't have to disable OWA - in fact, just disabling OWA doesn't block access. Instead you can use the Office 365 admin portal to disable their logon capabilities altogether. Also, if you did go down the AD FS route then you could just lock the account in AD.

  10. #8

    Join Date
    Dec 2012
    Posts
    43
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    4
    Quote Originally Posted by sonofsanta View Post
    Thanks James. If I was going to switch, I'd switch fully - no hybrid deployment. You're preaching to the choir with advice on simplicity as well.

    Regarding SSO: I need it to be as seamless as possible for users. If they suddenly have to start logging in again everytime they open Outlook they will all complain and ask why we cant go back to the old system, regardless of any other benefits. Sort of a corollary to KISS, I suppose: Keep It Even Simpler For Users (KIESFU sounds rubbish, though)
    If your going to do a full migration to the cloud (365) you need to set up a hybrid deployment if you want a smooth translation.

    I have just completed ours and you literally connect to 365 through the exchange console and migrate mail boxes at will.

    We had to upgraded to exchange 2010 to do it though, it can be done in 2007 but its no where near as slick

  11. #9
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    499
    Thank Post
    25
    Thanked 222 Times in 153 Posts
    Rep Power
    83
    Quote Originally Posted by mattysmith80 View Post
    If your going to do a full migration to the cloud (365) you need to set up a hybrid deployment if you want a smooth translation.
    Respectfully, I have to disagree. Hybrid is not well suited for deployments where the target is to remove the on-premises Exchange server in the short term.

    You're right insofar as hybrid allows silky-smooth mailbox migrations, but it requires a lot of configuration and potential investment in your local infrastructure. For a simple migration, I'd say that this is not best use of resources.

  12. #10

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    877
    Thank Post
    274
    Thanked 139 Times in 112 Posts
    Blog Entries
    26
    Rep Power
    42
    Quote Originally Posted by Tall_Paul View Post
    I'm in exactly the same boat. I shall watch this thread with interest.
    Likewise. I've taken the decision not to replace our Exchange 2007 Server this year and look to migrate to Office365 next summer instead. I'll more than likely just migrate staff mailboxes only but setup new ones for Students. The SSO is going to be the key for this to work effectively.

    Pete

  13. #11
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,736
    Thank Post
    893
    Thanked 414 Times in 348 Posts
    Blog Entries
    12
    Rep Power
    85
    Quote Originally Posted by FragglePete View Post
    Likewise. I've taken the decision not to replace our Exchange 2007 Server this year and look to migrate to Office365 next summer instead. I'll more than likely just migrate staff mailboxes only but setup new ones for Students.
    Thats what we did. Worked well.

  14. Thanks to zag from:

    FragglePete (21st June 2013)

  15. #12

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,820
    Thank Post
    840
    Thanked 1,393 Times in 959 Posts
    Blog Entries
    47
    Rep Power
    602
    Quote Originally Posted by jamesbmarshall View Post
    You don't have to disable OWA - in fact, just disabling OWA doesn't block access. Instead you can use the Office 365 admin portal to disable their logon capabilities altogether. Also, if you did go down the AD FS route then you could just lock the account in AD.
    The problem with locking the account in AD is that it stops them logging in altogether - we tend to use a system of targeted punishment, so we block webmail where a student has abused their email privilege (with timewasting, bullying, spamming etc.) but don't block the account so they can still work in IT lessons etc. This is why we only allow students access to webmail, so that we can block them in this way - if they had Outlook, we couldn't stop it. Could we still do this with O365? (I'm hoping that's disabling logon capabilities in the admin portal)

    I would, I think, agree that hybrid would be complicated if we're removing on-site - there's especially no point in upgrading to Exchange 2010 to do it, as I'm wanting to migrate to avoid the pain of an upgrade to 2010 so what's going to be the best way to migrate mailboxes, if cutover is limited to 1000?

  16. #13
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    553
    Thank Post
    3
    Thanked 125 Times in 116 Posts
    Rep Power
    29
    You can disable OWA via the Exchange admin web console, or via the following powershell Set-CASMailbox -Identity user1@contoso.com -OWAEnabled $false

    When the user trys to log in to OWA they get the following message
    :-(
    something went wrong
    Your account has been disabled.

    It does not stop them logging into the actual Office365 portal, but Outlook, Calendar and people are certainly blocked

  17. Thanks to Boredguy from:

    sonofsanta (21st June 2013)

  18. #14
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    499
    Thank Post
    25
    Thanked 222 Times in 153 Posts
    Rep Power
    83
    Quote Originally Posted by sonofsanta View Post
    I would, I think, agree that hybrid would be complicated if we're removing on-site - there's especially no point in upgrading to Exchange 2010 to do it, as I'm wanting to migrate to avoid the pain of an upgrade to 2010 so what's going to be the best way to migrate mailboxes, if cutover is limited to 1000?
    Staged migration!

    Migrate a Subset of Mailboxes to the Cloud with a Staged Exchange Migration

  19. Thanks to jamesbmarshall from:

    sonofsanta (21st June 2013)

  20. #15

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,820
    Thank Post
    840
    Thanked 1,393 Times in 959 Posts
    Blog Entries
    47
    Rep Power
    602
    Quote Originally Posted by jamesbmarshall View Post
    The Admin Portal didn't show that as an option - cheers muchly!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. How to create a certificate request for an Exchange 2007 UCC
    By Dos_Box in forum How do you do....it?
    Replies: 11
    Last Post: 27th April 2009, 06:42 PM
  2. Rolling out Exchange 2007 to all students
    By steele_uk in forum Windows
    Replies: 4
    Last Post: 5th June 2008, 11:31 AM
  3. Exchange server to cater for 4 networks accross 2 sites!
    By Jimbo in forum How do you do....it?
    Replies: 10
    Last Post: 28th June 2007, 06:17 PM
  4. Adding a Exchange 2007 box to our domain
    By tosca925 in forum How do you do....it?
    Replies: 10
    Last Post: 7th June 2007, 08:15 AM
  5. Exchange 2007 Beta 2 available for download
    By Norphy in forum Windows
    Replies: 3
    Last Post: 25th July 2006, 05:20 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •