Cutover Migration from Exchange 2016 to Office 365 (Part 1)

Spread the love




Cutover migration is the most easiest and straight forward migration type of Office 365. Other migration options are, Hybrid, Staged and IMAP. If your organization have less than 2000 mailboxes, you want Office 365 to manage mailbxes, then you can use Cutover migration to move mailboxes from on-premise Exchange server to Office 365. In this post, I will talk about pre-requisites for Cutover migration from Exchange 2016 to Office 365 (Part 1).

Here are some advantages and disadvantages of Cutover migration,

  • Advantages
    1. Easiest migration type.
    2. Can be done in weekend in single migration batch.
    3. Can be used to migrate mailboxes from Exchange 2003, 2007, 2010, 2013 and 2016 to Office 365.
    4. On-premise Active Directory users will be automatically created in Office 365 but password will not be synchronized.
    5. On-premise mailboxes, distribution group and contacts are migrated to Office 365.
    6. Optionally, Active Directory Federation Service (ADFS) can be configured to setup single sign-on after migration.
  • Disadvantages
    1. Does not migrate dynamic distribution groups and public folders.
    2. Does not provide option to migrate on-premise Exchange objects selectively. Cutover migration migrates all Exchange object in single batch.
    3. Each Outlook application needs to be re-configured with new mailbox. This might be a a reason you don’t want to use this migration method if you have more than 50 mailboxes.
    4. Passwords will not be synchronized between on-premise Active Directory and Office 365 user accounts. So users will have to remember two password if on-premise Active Directory exists after migration.

Cutover Migration from Exchange 2016 to Office 365 (Part 1)

Cutover migration uses Outlook Anywhere (RPC over HTTPS) protocol to grab mailboxes from on-premise Exchange organization and replicate to Office 365 tenant. In Cutover migration, you can’t use directory synchronization before migrating mailboxes. If you have already setup DirSync then you need to deactivate the DirSyc in Office 365. Because you can not pre-create on-premise user accounts in Office 365 before migration as this might cause the migration to fail. User accounts will be created automatically by Office 365 during Cutover migration.

Prerequisites for Cutover Migration

  1. Create Office 365 account and add domain name to Office 365 account. For example, if your email address is bgiri@mustbegeek.com then you must add mustbegeek.com domain in Office 365 account.
  2. Make sure on-premise Exchange organization’s Outlook Anywhere is working. You can use Microsoft Connectivity Analyzer tool to test RPC over HTTPS connection from Internet.
    Cutover Migration from Exchange 2016 to Office 365 (Part 1)
  3. When you create a migration batch or connection point in Office 365, you need to enter credential that have permission to access mailboxes in on-premise Exchange organization. Create a user account (migration administrator) in on-premise Active Directory. This user account must have necessary permission to access all mailboxes that you want to migrate to Office 365. Open Active Directory Users and Computers snap-in and create a user account. Set a strong password and also set the password to never expire. Here, O365-Cutover user account is created.
    O365 User The migration admin must be member of Domain Admin group. Similarly, the migration admin must be assigned permission to access on-premise mailboxes. The permission can be applied to each user mailbox or mailbox database. If you apply permission to database, all the mailboxes within the database will inherit the permission. But if you apply permission to each mailbox then new mailbox created will not inherit the permission and you need to apply the permission to the new mailbox manually. To assign permission to each mailbox, you can assign Full Access permission to O365-Cutover user account for each on-premise mailbox. To assign Full Access permission for each on-premise mailbox, log on to on-premise Exchange server and type following cmdlet in Exchange Management Shell,

    [PS] C:\Windows\system32>Get-Mailbox | Add-MailboxPermission -User mustbegeek\O365-Cutover -AccessRights FullAccess

    Similarly, to assign permission per database you can assign Receive-AS permission to O365-Cutover user. Type following cmdlet in Exchange Management Shell,

    [PS] C:\Windows\system32>Get-MailboxDatabase | Add-ADPermission -User mustbegeek\O365-Cutover -ExtendedRights Receive-As
  4. If the on-premise mailboxes that you are about to migrate have Unified Messaging (UM) feature enabled, then you have to disable it. If you can not disable it then you should go with Hybrid migration option. You can use following cmdlet in on-premise Exchange server to disable UM.
    Get-UMMailbox | Disable-UMMailbox
  5. Mail-enabled security groups can not be migrated to Office 365 in Cutover migration. If you want to have security group in Office 365 then you have to create the security groups manually in Office 365 before migration. To view the list of mail-enabled security group in on-premise Exchange, type following cmdlet in EMS.
    [PS] C:\> Get-DistributionGroup | Where {$_.GroupType -like "*SecurityEnabled*"}
  6. During migration, one of the most common reason of skipped items is the size of email items. Office 365 can support up to 150MB size of mailbox item.
  7. Shared mailbox can be used to read and reply emails of a mailbox by multiple user. Shared mailbox do not require Office 365 license and you can’t login to shared mailbox directly. If you have a on-premise user mailbox that’s being used as shared mailbox then you can convert the user mailbox to shared mailbox and perform the migration. To view the list of shared mailbox, type following cmdlet in on-premise EMS.
    [PS] C:\>Get-Mailbox -RecipientTypeDetails Shared

Make sure your on-premise organization meets the pre-requisites. You can now go ahead and migrate mailboxes from on-premise Exchange 2016 to Office 365 using Cutover migration.






The following two tabs change content below.
Bipin is a freelance Network and System Engineer with expertise on Cisco, Juniper, Microsoft, VMware, and other technologies. You can hire him on UpWork. Bipin enjoys writing articles and tutorials related to Network technologies. Some of his certifications are, MCSE:Messaging, JNCIP-SEC, JNCIS-ENT, and others.

Latest posts by Bipin (see all)

scroll to top