AD Connect (DirSync) after Cutover migration

Question

While using a Cutover migration it mentioned that I could not use or need to disable /deactivate the DirSync, but just have a question can I use (DirSync) after that ?

Suppose I need to do the migration using cutover and complete the migration batch from the current hosting provider and then I deploy the AD Connect Server/tool in the on-premise to sync the AD identities with password sync to office 365 ?

Will I able to perform in that manner? Will the all accounts match with the email address in office 365 ?

Answer 1

Hi, That is correct.

Office 365 won't allow a cutover migration in tenants that already have directory synchronizations in place.

When using cutover migration, Office 365 would enumerate all on-premise mailboxes and create equivalent ones on Exchange online (this step is called "provisioning").

Once you complete your migration, you may run a full sync in order to "connect" your users to your on-prem AD, match user attributes and passwords.

I usually recommend:

1. Start the cutover migration batch.
2. Install and configure AD Connecet - DO NOT start sync and make sure to disable the scheduled task.

(This would allow you a quick sync once completed the migration)

3. Complete the migration.
4. Run a full sync and enable the scheduled task to sync deltas in a preset interval.

Maor

Answer 2

Hello Edward & Maor , just a small doubt as you mentioned if before cutover migration we deploy a DirSync /AD connect server then ONLY we need to convert on-premise mailboxes to mail-enabled users, otherwise NOT , Correct ?

Apart from this few doubts if you can help me with that

1. What investment required to deploy AD connect like additional AD licensing etc.
2. Where is the best recommended location to deploy it (on premises/Cloud )
3. What incase we deploy the AD Connect Server and during sync if something goes wrong , will that effect end-users if yes then what would be the impact ?
4. How much duration users need to maintain two set of credentials by the time AD Connect server Deploy ?

Answer 3

Hi Amitbahl4589,

Do you still have any questions? If yes, please let us know.

Generally, if you want to deploy DirSync after a Cutover migration, you need to complete the Cutover migration first, and then you can deploy DirSync. Before you implement DirSync, please convert on-premises mailboxes to mail-enabled users. For more detailed information, please see the article below:

community.office365.com/.../835.cutover-exchange-migration-and-single-sign-on

Thanks,

Edward

Answer 4

Hi again,

Using AD-FS (or not) does not make any difference in a cutover migration, apart from the obvious requirement of installing and configuring the AD-FS servers and federation.

The thing that you would need to keep in mind is when using AD-FS there's no need to sync passwords, so you can leave that check-box unchecked when configuring AD Connect.

You can find more information here:

technet.microsoft.com/.../jj874016(v=exchg.150).aspx

This TechNet article should prove useful, even though lacks some information (for instance how to prepare for a cutover migration involving DirSync\AD-Connect).

In your case, If you're planning to use a DirSync\AD-Connect server to sync and manage users from your on-premise AD- Then yes, you would have to convert your mailboxes to mail enabled users.

Make sure to maintain all existing email addresses, including X500s, in order to prevent NDRs and allow good user experience for your organization.

Regards,

Maor Bracha

Answer 5

Thanks Maor. Just to inform here that we are NOT going to use the ADFS. so there won;t be any issues or do i need to convert the on-premise mailboxes to mail enabled users (MEU) ?? is that necessary ?