Cross-forest migration from Office 365 to Exchange 2010/2013/2016

I. Pre-migration activities

Before you install and configure CodeTwo Exchange Migration make sure that your environment (both the source and the target server) is prepared for migration.

Below you will find a list of key points to be considered:

Step 1: Prepare a clean target Exchange environment in a new Active Directory forest

The following points need to be revised:

Step 2: Prepare domain accounts on the target server

  • Create appropriate mailbox-enabled accounts manually in the target forest.
  • During the mailboxes matching step, you can also set the program to create the mailboxes and the corresponding users automatically.


    If you choose either to manually create the mailboxes or allow the program to prepare them for you, be advised that the account data (such as permissions) will not be migrated. However, if you set the program to automatically create new mailbox-enabled user in the target environment, there is an option to copy main AD attributes from the source user account. Learn more

Step 3: Make sure that the target server's administrator belongs to an appropriate AD group, has permissions to users' mailboxes and has his mailbox correctly configured

  • Check if the administrator belongs to the Organization Management group:
    • Open  Exchange Management Shell on the target server and enter Import-Module ActiveDirectory script
    • Then execute Get-ADPrincipalGroupMembership
  • Check the administrator's impersonation rights to users mailboxes
    Learn more on how to configure the impersonation rights
  • Make sure that the administrator's mailbox is configured and activated

Step 4: Verify permissions of the software user and of the target server admin's account

Make sure that the administrator who runs the migration has appropriate permissions on the source server. Furthermore, make sure that the target server admin whose credentials are used has proper access rights to the target server's EWS service and that his mailbox is not hidden from the Exchange address lists.

Verify the following:

  • Domain Admins membership
  • Organization management membership of the target server administrator
  • Access to the target server's EWS service using IP or a Domain Name, e.g. https://[Exchange_IP]/EWS/Exchange.asmx or https://[Exchange_Name]/EWS/Exchange.asmx
  • If you connect to EWS from a machine outside of the local network, you need to have the external EWS URL correctly configured:
    • Open Exchange Management Shell on the target server and check if ExternalUrl is defined: Get-WebServicesVirtualDirectory | fl
    • If there's no address in the ExternalUrl line, it needs to be defined. Execute the following script: Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl https://[Target server's internet name]/EWS/Exchange.asmx

Step 5: Adjust the EWS throttling settings and change the maximum size limit of sent mail to decrease the time of migration processing

Step 6: Install components required by CodeTwo Exchange Migration (the installation wizard will guide you through this process)

We recommend that you install the software and required components on the target server to maximize the upload speed, but you can perform installation on any machine with a connection to both the source and the target Exchange Server environment.

The following components have to be installed on the Exchange server of your choice:

Step 7: Install CodeTwo Exchange Migration

You can install CodeTwo Exchange Migration on any machine with a connection to both the source and the target Exchange Server environment.


We recommend installing on a target server, to maximize the upload speed.


Make sure you meet the system requirements prior to installing the software.

II. Migration process

The steps below will guide you through correct configuration of CodeTwo Exchange Migration:

Step 1: Connect to the source server

Once the program's installation is completed, you will see the Dashboard tab. Click Create a new migration job link on the How to start card. Select the source server type: Office 365. The Create Office 365 migration job wizard will open. Set the name of the job and hit Next to proceed to the Source mailboxes step. If this is your first migration job, you will need to configure connection to the Office 365 tenant that will be used as the source of your migration. Click Add new source connection and a wizard will open. You need to complete two steps:

  • Admin credentials - provide your source Office 365 global administrator's email address and password. Learn more about the account requirements
  • Configuration - the program configures your Office 365 connection: it checks server connection, grants impersonation rights (if necessary) and accesses user mailboxes.

If the configuration is successful, click Finish.

Troubleshooting Office 365 connection

Step 2: Select mailboxes you want to migrate and define target connection

After successfully configuring the source connection, you will get back to the migration job wizard.

The Source mailboxes step now allows you to include or exclude mailboxes by using multiple filters. By default, the program includes all users along with Public Folders, because it is the most common scenario. Choose the mailboxes you want to migrate and proceed to the next step (Target mailboxes).

Now set up a new target server connection by choosing Add new target connection from the Target server drop-down menu. A simple wizard will open.

  • On the Server connection step, choose either Autodiscover Exchange Server (default option) to automatically find a proper target server or configure the connection manually.


    If you decided to configure the target connection manually, be aware that using an IP address will make granting impersonation rights and creating mailboxes impossible, unless you configure PowerShell Virtual Directory in IIS to allow basic authentication.

  • Admin's credentials - specify the UPN and password of the target Exchange server administrator (see this article for requirements). Enter the admin's credentials and move on to Configuration.


    UPN (User Principal Name) is an Internal account name of a user in an e-mail address format.

  • Configuration - this step configures the target Exchange server connection.
    • Once the configuration ends successfully, you will see green check marks. If any errors appear, see Troubleshooting.
    • Before you finish, you can test connection to your target server. Use the Test link, provide or select an email address of any target AD user and click Test. The program will check if the administrator has impersonation access permissions to the chosen target mailbox. If these rights are successfully granted, you will be notified about that.

After your connection is established, click Finish and proceed to the next step (Match mailboxes).

Step 3: Match target and source mailboxes

Matching the source mailboxes with the target mailboxes can be done in two ways: automatically, via the built-in Automatch feature, or manually. Either way, click the Match mailboxes button.

To manually match a single mailbox, click on the Click to match target link in the Target user mailbox column and choose the most appropriate option for this user. You can:

  • Create a new user - to create both a new Active Directory user and a corresponding mailbox. You can use the default values or change them.
  • Choose an existing user from the list - to select an existing user in the target environment that does not have a mailbox created yet.
  • Manually specify the mailbox address - this option should be used when you are unable to list the target environment.

For some of these options you may be asked to provide further details (e.g. passwords for the newly created users).

However, when it comes to matching hundreds of mailboxes, the process may be extremely time-consuming. To automatically apply common matching options for multiple users, simply select your users (you can use the Ctrl+A shortcut to choose all entries) and click Automatch on the menu bar. Configure the matching options and start the process by clicking Automatch. Learn more

When you have matched all your mailboxes, you can close the matching window and continue with the migration job wizard. The next steps will allow you to configure additional options.

Step 4: Customize all necessary aspects of the migration job

You may configure the following additional options:

  • Scheduler - allows you to set the job to be automatically started in desired period of times, so you do not have to control it manually.
  • Time filter - is used to exclude items that are older or newer than a particular date.
  • Folder filter - may completely exclude specific folders from the migration process.
  • Advanced settings - this step lets you define how many mailboxes should be migrated at same time and set the maximum size of items to be migrated.

Step 5: Start the migration

Review your migration job in the Job summary step. Click Finish to close the wizard.

Move on to the JOBS tab and click Start on the toolbar to begin the migration. Once you start the migration, all items from the source mailboxes will be migrated to their corresponding target mailboxes.


The migration processing time depends on several different factors, e.g. the number of mailboxes and items, the speed of internet connection, EWS throttling settings. See this article for details.

Step 6: Check if the number of items migrated in the target mailboxes matches the number of items in the source server mailboxes

If you notice any missing items in the target mailbox, restart the migration by using the Rescan feature.


Please be aware that the program does not migrate some specific folders at all. Those are e.g. Sync Issues or ones created while putting a mailbox on a litigation hold.


If any problems appear during the migration process, they will be visible on the JOBS tab in the Migration status column or on the Job bad news card. Details of the problems can be checked in the diagnostic files.

Step 7: Check if there are any new items in the source mailbox after migration

Once the migration is finished and you have noticed that some new items appeared (in the meantime) in the migrated source mailbox, just restart the migration by using the Rescan feature.


Please keep in mind that the Rescan feature uploads only new items, not the changed ones.

III. Post-migration cleanup

Once the migration is completed please follow the points below:

Step 1: MX records

Change the MX records in your domain registrar to enable mail flow to the new server(s). Please note that this process may take several hours.


If any new items appear in a source mailbox while the MX records are being changed, it is possible to migrate them after the records setup process is completed. This can be done via the Rescan feature available in the Administration Panel of the program..

Step 2: The previous domain

Disconnect the previous domain and Exchange servers.


If you have any problems with disconnecting your domain please consult your domain provider.

IV. Troubleshooting

For troubleshooting information, refer to our Knowledge Base.

For additional resources, refer to Frequently Asked Questions or contact us.

Was this information useful?