As more organizations move to Office 365, the chance that two merging organizations will both have Office 365 greatly increases. After an acquisition, companies often want to consolidate infrastructure and reduce duplication while using a single vendor.
In a traditional on-premises scenario, this typically involves a cross-forest Active Directory migration to the acquiring company forest. If it's a merger, this might require a completely fresh infrastructure. For Exchange, admins would typically upgrade the mailboxes' final home where necessary and build it out to ensure it can handle new mailboxes.
The traditional cross-forest migration for Active Directory doesn't necessarily change with Office 365 tenants -- but the Exchange cross-forest migration challenge changes. Rather than solve the problem of redesigning the infrastructure with reasonably straightforward moves, the challenge becomes the migration strategy itself. This is because it isn't possible to directly migrate mailboxes from one tenant to another.
Our example scenario
We'll look at a straightforward scenario to illustrate the technical approaches available.
Goodman Industries and Lisa Jane Designs both use Office 365 for email. Goodman Industries acquired Lisa Jane Designs and must migrate mailboxes from the Lisa Jane Designs tenant to the Goodman Industries Office 365 tenant without interrupting mail flow.
To avoid complicating our example with an Active Directory migration, we'll say that only Goodman Industries has an on-premises Active Directory and DirSync in place. Take a look at how the two organizations look side by side (Figure 1). We'll look for an end state after the migration (Figure 2).
All end users will be within the single tenant in the end state, and we'll change their primary email addresses to be the same as other Goodman Enterprises end users. However, they'll also retain their Lisa Jane Designs email address for the foreseeable future.
Five issues with Office 365 tenants
Before we begin, let's look at some of the key challenges we need to overcome when performing this migration.
1. We can't configure a tenant-to-tenant migration directly in Office 365 because that capability doesn't exist. We also can't ask Microsoft to reassign mailboxes to a different tenant even if they're in the same region. The mailboxes in two different tenants could be on the same Office 365 mailbox database in the service, but we can't get them reassigned. We need something in the middle.
2. We can't have a custom domain in two Office 365 tenants at the same time. We must remove a domain from one tenant before adding it to the second tenant. If you're allowed to break email flow for a period of time, this might not be an issue. It takes minutes to remove the domain from one tenant and add it to the second tenant in most cases, but it has also been known to take a long time. In rare circumstances, you might have to raise a service request with Microsoft to complete the removal or addition.
3. We don't have the ability to migrate passwords from tenant-to-tenant for cloud-only end users. If you use DirSync and local AD accounts, the answer is in your Active Directory migration. Bear in mind that cloud-only end users might need a password reset. If they're changing their email addresses and Microsoft Online Services IDs during the switch, they'll need to update credentials on devices.
4. In addition to potential temporary or permanent user name changes, Outlook and other clients can balk under the hood as mailbox identities change. This could potentially be mitigated by performing a slow move between tenants, but Outlook will need to be reconfigured in most cases.
5. We aren't looking at migration options for other services. You may also need to migrate Lync Online contacts, SharePoint sites, OneDrive for Business and Yammer contents and merge them across. You'll need a third-party tool to handle this. Assume that policies (for example, ActiveSync policies) won't move; instead, end users who have migrated across will use the destination tenant policies.
Two migration approaches for Office 365 tenants
There are two different migration approaches for Office 365 tenants. The first approach is to migrate using the hybrid Exchange Server. We'll move mailboxes down from the Lisa Jane Designs tenant and then back up into the Goodman Enterprises Office 365 tenant (Figure 3).
The second approach involves using a third-party tool called MigrationWiz to copy mailboxes directly from one tenant to another, enabling a faster migration (Figure 4).
Next, create local Active Directory accounts for each Lisa Jane Designs end user in the Goodman Enterprises domain for both approaches. But the way we do this is slightly different in that we'll also configure inbound mail for Lisa Jane Designs to flow through the Goodman Enterprises Hybrid Server before migrating mailboxes across. This allows mail for one domain to split into two Office 365 tenants, and we can use the tenant service domains to handle mail routing to either tenant (Figure 5). We'll move the mail flow back to the single tenant after the migration.
About the author:
Steve Goodman is an Exchange MVP and works as a technical architect for one of the U.K.'s leading Microsoft Gold partners. Goodman has worked extensively with Microsoft Exchange since version 5.5 and with Office 365 since its origins in Exchange Labs and Live@EDU.