Category Archives: Migration

Adding External Contacts to Exchange Online

This topic seems to creep up all the time and it’s rather simple to accomplish. All you need is some basic information on the contact, add it to Exchange Online and then it will be available to all users.

Login to the Office 365 Admin Center

Click the App Launcher (top left corner)

Click Admin


Open Exchange Admin Center


Click Recipients (1)

Click Contacts (2)

Click + (3)

Click Mail Contact (4) (a new window will pop open)


Enter First Name (5)

Enter Last Name (6)

Enter Display Name (7) (this is how it will be displayed in the GAL)

Enter an Alias (8)

Enter the Email Address (9)

Click Save (10)


The external contact is now added to Office 365 and viewable by all users of the GAL




Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Publishing ADFS 2.0 using Threat Management Gateway 2010

Another option for publishing ADFS 2.0 to the internet is to use TMG 2010 as a proxy. This method will replace an ADFS 2.0 Proxy server.

ADFS Proxy services are used for external users to authenticate with their domain credentials and are essential for user access to Office 365 while not having access to the local domain controller.

The process below guides you through setting up TMG 2010 to publish/proxy ADFS traffic from the internet to the local ADFS 2.0 server. This assumes that you have your internal ADFS infrastructure setup and connected to Office 365 already.

  1. Open TMG Management Console

     

  2. Expand Forefront TMG

     

  3. Right Click Firewall Policy

     

  4. Click New

     

  5. Click Web Site Publishing Rule…


     

  6. Add a descriptive name for your rule

     

  7. Click Next

     

  8. Select Allow, on Actions to take when rule conditions are met

     

  9. Click Next

     

  10. Select Publish a single Web site or load balancer

    This option will work for a single ADFS server and an ADFS Farm that is load balanced

     

  11. Click Next

     

  12. Select User SSL to connect to the published Web server or server farm

     

  13. Click Next

     

  14. Enter your internal ADFS Server Farm name.


     

  15. Click Next

     

  16. Enter the path for ADFS

    /adfs/*

     

  17. Check Forward the original host header instead…


     

  18. Click Next

     

  19. Enter your publicly resolvable name for the ADFS site.


     

  20. Click Next

     

  21. Select Web Listener, click New…

     

  22. Add a descriptive name for your web listener


     

  23. Click Next

     

  24. Select Require SSL secured connections with clients


     

  25. Click Next

     

  26. Select your External Network, or Select the IP address on which you want to listen for the ADFS traffic.


     

  27. Click Next

     

  28. Click Select Certificate


     

  29. Select the public certificate

    This is the same certificate that we used on the internal ADFS servers. I exported the certificate and imported it onto the TMG server

     

  30. Click Select


     

  31. Click Next

     

  32. Select HTML Form Authentication

     

  33. Select Windows (Active Directory) to validate client credentials


     

  34. Click Next

     

  35. Uncheck Enable SSO for Web sites published with this Web listener


     

  36. Click Next

     

  37. Click Finish

     

  38. Now that the Web listener is setup, Click Next

     

  39. Select NTLM authentication


     

  40. Click Next

     

  41. Remove All Authenticated Users

     

  42. Add All Users


     

  43. Click Next

     

  44. Click Finish

     

Now that the Rule and Web Listener are setup, we need to make some modifications.

  1. Right click the ADFS rule and select Configure HTTP

     

  2. Uncheck Verify normalization

     

  3. Uncheck Block high bit characters


     

  4. Click OK

     

  5. One handy option that we can use with TMG is password changes and password expiry notifications. To enable this we need to edit the web listener

     

  6. Right click the ADFS rule and select properties

     

  7. Click the Listener tab

     

  8. Click Properties

     

  9. Click Forms Tab

     

  10. Check Allow users to change their passwords

     

  11. Check Remind users that their passwords will expire…


     

  12. Click OK

     

  13. Click OK

     

  14. Apply the changes to TMG and allow some time for the configuration to update


 

Test the logon process

  1.  

  2. Enter your credentials

     

  3. Click sign in at….


     

  4. Enter the UPN account name and password


     

  5. Click Log On

 

This is how the users will see a password change notification

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Advanced Email Migration to Office 365 from a POP3 Service Provider – Part 5

 

Client Setup and Data Migration

Now that we have email flowing into Office 365 for userid@contoso.com, we need to import all the old email, contacts and calendar items to Office 365.

Set up and Configure Office Desktop Apps

This setup will install the Microsoft Online Services Sign-in Assistant and help configure Outlook, SharePoint and Lync 2010. It will also install any updates critical for these applications to function with Office 365.

  1. Open Internet Explorer to https://portal.microsoftonline.com

  2. Login with your federated user account (userid@contoso.com)
  3. Click Downloads
  4. Right side of the page, located under Resources
  5. Browse to ‘Set up and configure your Office desktop apps’
  6. Click Setup button
    • Located under “Set up and configure your Office desktop apps”
    • Run the installer and it will guide you through the installation

Setup Outlook to Connect to Office 365

 

  1. In order to move email from the current POP3 solution to Exchange Online (Office 365) we need to import your current email for the POP3 PST within Outlook. All the steps are completed within Outlook 2010.
  2. Setup Outlook Profile for Office 365
  3. Click Start
  4. Open Control Panel
  5. Click Mail
  6. Click Show Profiles
  7. Click Add…
  8. Enter a new profile name
  9. Click OK
  10. Enter your Name
  11. Enter your Email Address
  12. Enter your password
  13. Click Next
  14. Verify you get three green check marks and click Finish
  15. The Mail Control Panel will open
  16. Verify that ‘Always use this profile’ is checked
  17. Verify that the new profile you just created is selected. If not, use the drop down menu and select it.
  18. Click OK

Login to Office 365 with Outlook and Import Email

  1. Open Outlook 2010
  2. Enter your username and password, click OK
    1. userid@contoso.com
    2. Domain Password
  3. Click the File menu
  4. Navigate to Open

  5. Click Import (as shown in the screenshot below)
  6. Select Import from another program or file click Next.
  7. Select Outlook Data File (.pst) and click Next.
  8. Browse to and select the exported file, click Next.
  9. Enter the password. Click OK
  10. Select the folder to import from (don’t change any settings)
  11. Verify Include subfolders is checked

  12. Click Finished

Note – This process will import all the contents from your PST file into Office 365. After this you can remove the PST file and forget about them. Office 365 has 25GB mailboxes.

Series of Posts

  1. Advanced Email Migration to Office 365 from a POP3 Service Provider – Part 1
  2. Office 365 and DNS Setup for the Transition Email Domain – Part 2
  3. Adding an Email Alias to an AD Account and Syncing Changes to Office 365 – Part 3
  4. POP3 Email Forwarding to Office 365 – Part 4
  5. Client Setup and Data Migration – Part 5

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Advanced Email Migration to Office 365 from a POP3 Service Provider – Part 4

 

POP3 Email Forwarding to Office 365

Now that we have the user active in Office 365 with both the primary and transition (vanity) domain setup, we can now setup the POP3 Provider to forward all incoming email for userid@contoso.com to userid@mail.contoso.com.

This step is done many different ways, because there are many different POP3 providers. Below is instructions for my POP3 provider (Shaw Communications)

  1. Login to Shaw Webmail with the user account you want to migrate

     

  2. Click Settings

     

  3. Click Mail Settings

     

  4. Enable Mail Forwarding

     

  5. Enable ‘Do not leave copy on server’

     

  6. Enter userid@mail.contoso.com, click Add

     

  7. Click Save

     


 

We are now at the point where we can test.

  1. Send an email to userid@mail.contoso.com (preferably from an external email account – Hotmail works great)
    1. Verify delivery in Office 365 – Outlook Web Access

       

  2. Send an email to userid@contoso.com (preferably from an external email account – Hotmail works great)
    1. Verify delivery in Office 365 – Outlook Web Access

       

  3. Have another POP3 user, from the current provider, send an email to the migrated user (userid@contoso.com)
    1. Verify delivery in Office 365 – Outlook Web Access

       

  4. Reply from Office 365 to the user that just sent the test message from the current POP3 provider

     

  5. Send an email from Office 365 to another user on the current POP3 provider

 

 

Series of Posts

  1. Advanced Email Migration to Office 365 from a POP3 Service Provider – Part 1
  2. Office 365 and DNS Setup for the Transition Email Domain – Part 2
  3. Adding an Email Alias to an AD Account and Syncing Changes to Office 365 – Part 3
  4. POP3 Email Forwarding to Office 365 – Part 4
  5. Client Setup and Data Migration – Part 5

 

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Advanced Email Migration to Office 365 from a POP3 Service Provider – Part 3


Adding an Email Alias to an AD Account and Syncing Changes to Office 365

In the previous post, we setup configured the primary and transition domains in Office 365.

In this post we are going to make the changes to the AD account, Sync the changes to Office 365 and activate the user in Office 365.

Because Office 365 limits us from adding email aliases, for vanity domains, to users; we need to make the changes on the AD account and sync them to Office 365. These changes are done with ADSI Edit and modifying the proxyAddresses field on the AD user account.

  1. Select a user account to migrate to Office 365
  2. Open ADSI Edit
  3. Connect to the domain and navigate to the User OU
  4. Navigate to the User Account
  5. Right Click, Properties
  6. Find and Click the proxyAddresses field
  7. Click Edit
  8. Add SMTP aliases (both contoso.com and mail.contoso.com)
  • When you add new email aliases, you want to make sure that you primary address will start with UPPERCASE SMTP. Your additional addesses will start with lower case smtp. The uppercase SMTP denotes it as the primary address.
  • Examples:
  • SMTP:userid@contoso.com
  • smtp:user@mail.contoso.com
  • Assuming that userid is the same as the current email address.
  1. Click OK
  2. Click Apply
  3. Click OK

Now that we have the user account email aliases are setup we need to sync those changes to the user account in Office 365. Once the account is synced, then activate and license the account in Office 365.

  1. Login to the Directory Sync Server and sync the changes (Start-OnlineCoexistenceSync)

    WAIT 5 minutes for the changes to Sync to Office 365

  • Open IE and navigate to Office 365 Portal and login with the admin account
  • Click Users
  • Check mark the user that you want to activate
  • Click Activate Synced Users
  • Select a location
  • Assign a License
  • Click Next
  • Click Activate
  • Click Finish

WAIT 5 minutes for Microsoft Office 365 to process the account activation and provision the licensed services to the user

If you navigate to the user account in the Exchange Online Control Panel and view the properties of the user account, the SMTP aliases should be listed (both contoso.com and mail.contoso.com)

Now that the user is activated and has both SMTP aliases we can continue to the next step and forward the email from the legacy provider to Office 365

Series of Posts

  1. Advanced Email Migration to Office 365 from a POP3 Service Provider – Part 1
  2. Office 365 and DNS Setup for the Transition Email Domain – Part 2
  3. Adding an Email Alias to an AD Account and Syncing Changes to Office 365 – Part 3
  4. POP3 Email Forwarding to Office 365 – Part 4
  5. Client Setup and Data Migration – Part 5

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Advanced Email Migration to Office 365 from a POP3 Service Provider – Part 2

 

Office 365 and DNS Setup for the Transition Email Domain

Because we are taking email for contoso.com (legacy) and need to have users in Office 365 receive email for that domain as well. We have to do some background forwarding that is transparent to the client and email sender. This is done with email forwarding from the legacy system to Office 365. In order to do this we need a transition (vanity) SMTP domain. For this example I will use mail.contoso.com.

  1. Primary Domain (contoso.com)
    1. Before we can migrate any users to Office 365, we need to have our domain setup and verified in Office 365. For this example I will use contoso.com. Since the email services are still at the legacy provider, do not switch the MX record. This domain will need to be designated as a Shared Exchange domain; this is very important. If this is not done, then the users that are migrated to Office 365 will not be able to send email back to the legacy email users.

     

  2. Configure the domain as a shared domain. To do this, follow these steps:
    1. Sign in to the Office 365 portal (https://portal.microsoftonline.com) as a global administrator or a service administrator.
    2. Click Admin, and then under Exchange Online, click Manage.
    3. In the Exchange Control Panel (ECP), click Mail Control, and then click Domains & Protection.
    4. Select the domain that is configured for mail coexistence, and then click Details.
    5. Select Shared, and then click Save.

     

  3. Transition Domain (mail.contoso.com)
    1. We will also need a transition domain (vanity domain) setup so that we can forward email from the legacy provider to Office 365. For this example I used mail.contoso.com. This domain will need to be setup in Office 365 for Exchange services only. Make sure that all the DNS records are added and verified so that this is a fully functional Office 365 email domain.

Now that we have the primary and transition domain setup correctly, this will now allow us to continue to the next steps.

Series of Posts

  1. Advanced Email Migration to Office 365 from a POP3 Service Provider – Part 1
  2. Office 365 and DNS Setup for the Transition Email Domain – Part 2
  3. Adding an Email Alias to an AD Account and Syncing Changes to Office 365 – Part 3
  4. POP3 Email Forwarding to Office 365 – Part 4
  5. Client Setup and Data Migration – Part 5

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Advanced Email Migration to Office 365 from a POP3 Service Provider – Part 1

In this series of posts I will show you the changes needed to migrate email services from a POP3 provider to Office 365. The client that I did this for had a number of issues that required us to migrate slowly; having both services up and running at the same time. This posed a number of issues as the MX record could not be changed until the end of the migration and all email had to flow into the POP3 provider first.

The technical issues occur when you have users on the legacy email sending and replying to email to the Office 365 users and vice versa. I have created a flow chart to show you the email flow between internal users and external email sources. There are a number of steps that need to be followed in order for this setup to work. It relies on the POP3 service to be able to forward email without intervention and modifications on the AD account to add an additional email alias on the user account.


For this client they had the full Enterprise Deployment. (ADFS Servers, ADFS Proxy Servers and a Directory Synchronization Server)

 

Series of Posts

  1. Advanced Email Migration to Office 365 from a POP3 Service Provider – Part 1
  2. Office 365 and DNS Setup for the Transition Email Domain – Part 2
  3. Adding an Email Alias to an AD Account and Syncing Changes to Office 365 – Part 3
  4. POP3 Email Forwarding to Office 365 – Part 4
  5. Client Setup and Data Migration – Part 5

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me