Finally Ready to Migrate to Exchange Online? Here Are Three Issues to Avoid

In today’s cloud-based world, chances are your current IT department is working on integrating a cloud-based service into your current email infrastructure. With the low cost, low maintenance, and highly scalable cloud offerings available, it makes technical and financial sense to offload the burden of maintaining an on-premise email solution. One of those cloud offerings is Microsoft Exchange Online.

Exchange Online provides IT administrators the same powerful tools of an on-premise Exchange server with the additional benefits of a cloud-based email service. This helps explain why when Bitglass, a next-gen cloud access security broker (CASB), analyzed the email domains of over 135,000 organizations, Office 365 adoption was over 56% in 2018, up from 34% in 2016, while G Suite remained steady at 25%. A main selling point of Exchange Online is its ability to integrate with the on-premise Microsoft Exchange servers creating a hybrid environment.

Exchange hybrid deployments allow for a staged migration, giving you the option to take your time migrating mailboxes in a seamless manner. You can also choose to move heavier workloads off the on-premise servers freeing up resources, while maintaining specific mailboxes on the on-premise servers for security concerns and greater control. So far so good, right? Unfortunately, no matter how many shooting stars we wish upon, there are no perfect solutions, and Exchange hybrid deployments are not immune to several “gotchas” that can make or break a successful hybrid deployment. Below we will discuss some of the more common hybrid deployment considerations and issues.

Hybrid Deployment Planning

Given that no two IT infrastructures are the same, it makes sense to assume that no two exchange hybrid deployments will be the same either. It is fundamental to make design decisions that are tailored for your environment while still taking advantage of the cloud benefits. Microsoft’s Exchange Deployment Assistant is an invaluable tool that allows you to choose a scenario that works for your organization. Based on your answers to a few questions, Exchange Deployment Assistant furnishes the steps needed to deploy a successful hybrid environment. The steps produced by the Assistant cover AD synchronization, single sign-on, and more.

Now that the steps for your environment-specific, hybrid deployment are ready, you must make sure the environment itself is ready. Microsoft provides an extensive list of the prerequisites that must be in place before deploying a hybrid environment. You must also consider Exchange Online limitations when planning your deployment. The combination of these three considerations will create a solid plan for your hybrid deployment, and cover some of the more common issues that face administrators.

Exchange Free/Busy

Free/busy issues are common among hybrid deployments and are a huge headache for Exchange administrators and end users alike. The first step in troubleshooting free/busy issues is to utilize the Microsoft troubleshooting guide, which covers multiple different issues, the possible causes, and the recommended solutions.

Recently I ran into an issue where users could not view free/busy information unless they were assigned specific rights to the calendar. In an environment of 2,500 users, this was an unsustainable solution. After researching the issue further, I found that “TargetAutodiscoverEpr” and the “TargetApplicationUri” attributes were different between the “Federation Information” settings and the “Organization Relationship” settings.

The important point here is to make sure the domain in both the attributes matches the first domain to have been configured for the Office 365 tenant. For example, while an organization might use abc.com as their main domain, if the first domain set up within the Office 365 tenant was xyz.com, then the attributes must also reference xyz.com and not abc.com. From an on-premise Exchange server run the command “Get-FederationInformation -domainname <Office 365 Domain>” to view the Federation Information settings and the command “Get-OrganizationRelationship | FL” to view the Organization Relationship settings. Comparing the results of those two commands will highlight any mismatches between the attributes mentioned earlier.

Dynamic Distribution Groups

Dynamic distribution groups cannot be migrated to Exchange Online for a very simple reason. Dynamic distribution groups are essentially a stored query. In other words, members of the group are determined via a query that is run at the time the email is sent to the group. To continue using dynamic distribution groups in a hybrid deployment, there are two possible solutions.

The first solution is to simply recreate the distribution groups in Exchange Online. Depending on how many distribution groups exist, this solution might not be feasible and will come with administrative overhead. The second solution is to keep the dynamic distribution groups on-premise. To achieve this, you need to do the following:

• Set your email domain from “authoritative” to “internal relay” to make sure that if Exchange Online does not know what to do with a message, it will forward the message to the on-premise server.

• Create contacts in Exchange Online that correspond to the on-premise dynamic distribution groups.

Both of those steps will ensure emails sent to the dynamic distribution group will reach all the users, whether received by the on-premise servers or Exchange Online.

Shared Mailboxes

Shared mailboxes do not need a license if the mailbox size is under 50 GB. This makes shared mailboxes very useful for service accounts being migrated to the cloud. The important point here is to convert mailboxes to shared mailboxes prior to migrating them to Exchange Online. This way you make sure that all the on-premise attributes related to the mailbox sync correctly to the Exchange Online. Now if the mailbox has already been migrated to the cloud, you can still convert the mailboxes to shared mailboxes, but you need to add a couple of additional steps. Once the mailbox is converted to a shared mailbox in Exchange Online, you need to change the following two mailbox-related AD attributes in the on-premise Active Directory:

• The “msExchRemoteRecipientType” attribute needs to be set to 100.

• The “msExchRecipientTypeDetails” needs to be set to 34359738368.

Once these attributes are modified the conversion of the mailbox to a shared mailbox is completed successfully.

Control Without the Burden

To summarize, Exchange hybrid deployments provide you with the granular control provided by an on-premise environment while relieving you of the burden of managing extensive on-premise server infrastructure. Hybrid environments also provide built-in backup and disaster recovery for the cloud-based mailboxes and configurations. Spending the time upfront to research, design, and deploy a hybrid environment will alleviate most of the pain points you face and paying attention to the “gotchas” will make your deployment as painless as possible.

If your business is ready to migrate to Exchange Online, then we would be happy to help you through the process. Reach out to us at findoutmore@credera.com to start a conversation.

• Exchange Online
• Hybrid Deployment
• Cloud-Based Service