CodeTwo Base.title

Prepare AD sync tools for migration to Office 365 via CodeTwo software

Problem:

If you are working with AD synchronization tools (e.g. Azure Active Directory Connect) in your environment (e.g. a hybrid Exchange one), there is a high probability that you applied a default configuration for the synchronization process. If so, among various synced AD attributes there is also msExchMailboxGuid.

In such a case, assigning an Office 365 license to synced on-premises users will not result in creating mailboxes. You will be able to create an Office 365 mailbox only with Microsoft migration tools, which excludes any possibility of using third-party migration tools like CodeTwo Office 365 Migration.

Solution:

If you would like to migrate via a third-party migration tool (such as CodeTwo Office 365 Migration), you need to rebuild the synchronization service for on-premises users from scratch, removing the msExchMailboxGuid attribute from AD synchronization.

If the synchronization process is finished, and the synced users have msExchMailboxGuid attribute values in Office 365, the only way to remove this attribute is to permanently remove (hard-delete) all of the synced users from Office 365, reconfigure the synchronization (to exclude msExchMailboxGuid) and perform it all over again. Use the links below to learn more.

How to remove synced users from Office 365

To permanently remove the synced accounts from Office 365, follow the steps below:

This example shows a solution for Azure AD Connect, but the general idea is similar for all other AD syncing tools.

  1. Open Synchronization Service Manager.
  2. Go to the Connectors tab.
  3. Select the connection type which allows for connection to your local AD: Active Directory Domain Services.
  4. Right-click the selection and choose Properties from the shortcut menu.
  5. In the Properties window, go to the Configure Directory Partitions section and click the Containers button.
  6. Provide the password for the user you used to connect to your local AD and click OK.
  7. A new window will open. Clear (uncheck) the selection for the users (OUs) that are already synced (e.g. HybridUsers, as in the example shown in Fig. 1.) and click OK.

509-1
Fig. 1. Clearing the containers for the synced users (in this example: HybridUsers).

  1. Close the Properties window by clicking OK.
  2. Now you need to perform a full AD synchronization. To do that, open  Windows PowerShell and use the following cmdlet:
  3. Start-ADSyncSyncCycle -PolicyType Initial

Alternatively, you can also perform the synchronization process manually, by running it separately for each of your connectors.

  1. Ensure that the synchronization process has been performed successfully: open Synchronization Service Manager and verify the status of connectors (Fig. 2.).

509-2
Fig. 2. Verifying the status of connectors.

  1. Now all synced user accounts should be visible on the Deleted users page in your Office 365 admin center.
  2. You need to permanently remove those users from your environment. To do that, open Windows Azure AD Module for Windows PowerShell.
  3. Connect to your Office 365 service as a global admin account, by using the following cmdlet:

    To be able to connect to Office 365 as a part of Windows Azure service, you need to install an appropriate module for Windows PowerShell.

    $cred = Get-Credential
    provide the administrator's password and then continue via the cmdlet below:
    Connect-MsolService –Credential $cred
  4. Retrieve the list of deleted users with another cmdlet:
    Get-MsolUser -ReturnDeletedUsers | Select UserPrincipalName, ObjectId
    

    To remove your users, you will have to provide the values of their ObjectId parameter. These values will be displayed when you execute the above cmdlet.

  5. Remove all users from the list by executing the cmdlet below. Supply appropriate ObjectId values.
    Remove-MsolUser –RemoveFromRecycleBin

    Please note that this operation is not reversible.

When you complete all of the above steps, there should be no synchronized accounts in your Office 365 (you can verify that in the Office 365 admin center).

How to (re)configure AD synchronization tools for migration to Office 365

To (re)configure your AD synchronization for migration to Office 365 via third-party software, you need to exclude the msExchMailboxGuid attribute from the syncing process. Follow the steps below.

This example shows a solution for Azure AD Connect, but the general idea is similar for all other AD syncing tools.

  1. Open Azure AD Connect.
  2. Click the Configure button to proceed to the next section (Tasks/Additional tasks).
  3. Choose Customize synchronization options from the list and click Next.
  4. In the Connect to Azure AD section, provide your Azure credentials.
  5. In the Domain/OU Filtering step, choose Organizational Units (e.g. HybridUsers, as shown in Fig. 3.) that you want to synchronize and click Next.

509-3
Fig. 3. Selecting Organizational Units to be synchronized.

  1. Proceed to the Azure AD Attributes step. Select I want to further limit the attributes exported to Azure AD and clear (uncheck) the msExchMailboxGuid check box, as shown in Fig. 4.

509-4
Fig. 4. Excluding msExchMailboxGuid from synchronization.

  1. Click Next to proceed to the last section (Configure). Ensure that the Start the synchronization process when configuration completes check box is selected.
  2. Click Configure to start full synchronization.

After the synchronization is finished, all the synced accounts will not have their msExchMailboxGuid attributes synced anymore.

Our Clients: