On-Premises Exchange (version 2007+) to G Suite (IMAP) Migration Guide

This article will guide you through the steps for migrating mailboxes from On-Premises Exchange servers (version 2007+) to G Suite. On-Premises Exchange 2003 will not work with this guide. 

There are some tools and resources that will make the migration easier.

First migration?

We’ve created a guide on scoping, planning, and managing the migration process for your use. If this is your first migration, we recommend reading this guide carefully.

MigrationWiz

MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.

MigrationWiz supports sharing migration projects across a Workgroup. When the Project Sharing feature is turned on, all Agents, besides those who are Inactive, can view all migration projects. 

Prerequisites

Licensing

Purchase and apply User Migration Bundle licenses for all the users being migrated. For this migration type, we suggest the User Migration Bundle. For questions on licensing, visit MigrationWiz Licenses.

  • User Migration Bundle Licenses have unlimited data available per license.
  • User Migration Bundle Licenses are applied to the customer's users and expire 12 months after their purchase date. 
  • Document, Personal Archive, and DeploymentPro projects are all included when using User Migration Bundle Licenses.
  • This license type must be applied manually.

To use your license by following the next steps:

  1. Purchase Licenses.
  2. Create a Customer.
  3. Apply Licenses.
  4. Review Considerations.
Purchase Licenses Create a Customer Apply Licenses Considerations Deploy DMA to Users

Purchase licenses by following the steps below:

  1. Sign in to your BitTitan account. 
  2. In the top navigation bar, click Purchase.
  3. Click the Select button and choose User Migration Bundle licenses.
  4. Enter the number of licenses you want to purchase. Click Buy Now.
  5. Enter a Billing address if applicable.
  6. Click Next.
  7. Review the Order Summary and enter a payment method.
  8. Click Place Your Order.

Limitations

Please review the following information before performing this type of migration.

  • We are not able to support migrations with two-factor or multifactor authentication. 
  • The maximum file size for migration through MigrationWiz varies by migration type and environment, but may never exceed 60GB.

DeploymentPro & DMA

Currently, DeploymentPro can only be officially used with migration projects where Office 365 is the destination.

Exchange questions and troubleshooting

Our Exchange Mailbox FAQExchange Migration Setup and Planning, and Exchange Mailbox Migration Troubleshooting guides contain a number of common questions and concerns, along with more information, guidance, and steps to resolve issues such as throttling.

Migrated Items

Please click the bars below to check the migrated and non-migrated items. We are constantly working to create a better migration experience for you so these items may change over time.

Which items are migrated?

Migrated items vary by version of Exchange. The following list is for Exchange Server 2010 SP1+. If you are using an alternate version of Exchange, please refer to the Migrated and Not Migrated Items list and check for your version of Exchange.

Exchange Server 2007+

  • Inbox
  • Folders
  • Email
  • Contacts
  • Calendars
  • BCC Recipients
  • Server-Side mailbox rules
  • Client-Side mailbox rules for Outlook (Exchange 2013 and 2016 only)
  • Automatic Replies (Out of Office Messages for Exchange 2013 and 2016 only)
  • Personal Folder and Calendar Permissions (Exchange 2013 and 2016 only)
Which items are not migrated?

Not migrated items vary by version of Exchange. The following list is for Exchange Server 2010 SP1+. If you are using an alternate version of Exchange, please refer to the Migrated and Not Migrated Items list and check for your version of Exchange.

Exchange Server 2007+

  • Tasks
  • Journals
  • Notes
  • Inactive Mailboxes
  • Email templates
  • Email flags (if the destination is G Suite)
  • Safe Sender/Block Lists
  • Mail Settings
  • Standalone documents stored in Mailbox Folders or Public Folders (Example: IPM.Document item types)
  • System Public Folders
  • StickyNote folders
  • Public Folder Permissions
  • Personal Folder and Calendar Permissions

For additional features and limitations, please visit MigrationWiz: Migrated and Not Migrated Items.

Important

When Exchange is the source, keep in mind the following points:

  • Calendar Permissions will be migrated (except for Resource Calendars) but the Resource Calendars permissions are not migrated when an account exists in the destination and matches the UPN prefix of an account with Calendar Permissions in the Source before submitting a migration.
  • If an account does not exist in the destination that matches the UPN prefix of an account with Calendar Permissions in the Source before submitting a migration, Calendar Permissions are not migrated.

Prepare the Source Exchange Environment

Admin Account

Set up an admin account for migration on the Source Exchange mailbox server.

Create an administrator account in Exchange to be used for migration or use the global admin account for the tenant. The administrator account must have either full access to the user mailboxes or be granted impersonation rights. We recommend using impersonation as it will help reduce the likelihood of the migration being throttled by Microsoft. 

  1. Open the Exchange Management Console.
  2. Expand the Recipient Configuration.
  3. Right-click on the Mailbox.
  4. Click on New Mailbox.
  5. Click on Next.
  6. Click on Next.
  7. Enter "MigrationWiz" as the first name.
  8. Enter "MigrationWiz" as the user logon name, and optionally select a user principal name (UPN) domain.
  9. Enter a password and confirm the password.
  10. Click on Next.
  11. Click on Browse to select a Mailbox database.
  12. Click on Next.
  13. Click on New.
  14. Click on Finish.

To grant the account access, perform the following from the Exchange Server machine:

  1. Open the Exchange Management Shell.
  2. Enter the following command:
    Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -User MigrationWiz

The above command needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.

In the above script, the username "MigrationWiz" should be replaced with the name of the administrative account that was set up, by following the earlier instructions in this article.

This username is the Administrative Username that needs to be entered under project source or destination settings, within MigrationWiz, when check marking the box labeled: Use Administrative Login.

Test OWA Access

OWA must be working on the Source Exchange server.

There are some instances in which the login page for OWA is different than the actual OWA URL for the mailbox, as you may get redirected to a different server after logging in. To determine the true OWA URL, perform the following:

  1. Close all browser instances. This ensures that all session state browser cache is flushed.
  2. Open a new browser instance.
  3. Navigate to your OWA login page.
  4. Log in to OWA.
  5. Once you see the inbox, copy the URL from the navigation bar of the browser. This is the exact OWA URL that should be entered into MigrationWiz.

Another method for determining the OWA URL is to use the "whatismyipaddress" website to determine the company's public IP address, and then add /owa to the end of it.

Now that your OWA URL has been determined, we must ensure that the username and password combination works. The username and password to log in to OWA are the same username and password for MigrationWiz. To determine if your username and password are working, perform the following:

  1. Close all browser instances. This ensures that all session state browser cache is flushed.
  2. Open a new browser instance.
  3. Navigate to the same OWA login page as determined by Step 5 above.
  4. Log in to OWA. Pay special attention to the login name, in other words:
    • Email address means "user@example.com" format.
    • Domain\user name means "example\user" format.
    • User name means "user" format.
  5. Once you see the inbox, you have successfully logged into OWA.  Enter the exact same username and password used into MigrationWiz.

Test Mailbox Access

  1. Go to https://testconnectivity.microsoft.com. This is a Microsoft-owned tool.
  2. If using Office 365, click on the Office 365
  3. Select Service Account Access (Developers)and click on Next.
  4. Specify the target mailbox email address.
  5. Specify the service account user name (if using admin credentials on the connector, enter the exact same user name).
  6. Specify the service account password (if using admin credentials on the connector, enter the exact same password).
  7. Check Specify Exchange Web Services URL and specify the URL (example: https://server/EWS/Exchange.asmx).
  8. If using Exchange Server, do not check Use Exchange Impersonation. If you are using Office 365, and using impersonation, do check the box.
  9. Check Ignore Trust for SSL.
  10. Click on Perform Test.
  11. Once results are displayed, check the overall result, and click on Expand All.

It may be necessary to first grant permissions.

Disable Throttling

Disable throttling against only the migrating account (if not using impersonation). This way, the admin account can migrate at a faster rate because it is not subjected to any throttling.

Use this option if using impersonation during the migration. If migrating using admin credentials, it is only necessary to disable throttling against the admin account, rather than all users.

If migrating mailboxes using administrative credentials at the Source, but not using impersonation, we recommend disabling throttling limits on this administrative account to improve the speed of migration.

We recommend the creation of a migration administrative account and disabling policy enforcement for this account.

Disable Admin Throttling

Exchange Server 2010

To disable all throttling parameters for an admin account called "MigrationWiz":

  1. On a computer that hosts the Microsoft Exchange Management Shell, open the Microsoft Exchange Management Shell.
  2. Type the following command and press Enter.
    New-ThrottlingPolicy MigrationWizPolicy
  3. Type the following command and press Enter.
    Set-ThrottlingPolicy MigrationWizPolicy -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null -CPAMaxConcurrency $null -CPAPercentTimeInCAS $null -CPAPercentTimeInMailboxRPC $null -CPUStartPercent $null
  4. Type the following command and press Enter.
    Set-Mailbox "MigrationWiz" -ThrottlingPolicy MigrationWizPolicy

Exchange Server 2013+

To disable all throttling parameters for an admin account called "MigrationWiz":

  1. Open the Exchange Management Shell.
  2. Type the following command and press Enter.

    New-ThrottlingPolicy MigrationWizPolicy

  3. Type the following command and press Enter.

    Set-ThrottlingPolicy MigrationWizPolicy -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited

  4. Type the following command and press Enter.

    Set-Mailbox "MigrationWiz" -ThrottlingPolicy MigrationWizPolicy

Prepare the Destination Environment

Please review the following prerequisites before preparing your environment.

  • Enabling access is required for both G Suite mailbox and Google Drive document migration projects.
  • Mailbox migration projects require a G Suite administrator to grant access to the BitTitan client ID and scopes listed in this article.
  • Document migration projects require that a G Suite Super administrator grant access to the BitTitan client ID and scopes listed in this article and enable the API access. The steps to do this are included at the bottom of this article.

Grant MigrationWiz OAuth 2.0 Access to G Suite

BitTitan products use OAuth 2.0 to authenticate to G Suite and utilize the G Suite (IMAP) endpoint in MigrationWiz. This applies to both mailbox and document migration projects. To configure the OAuth access within your G Suite environment, follow the directions in this article.

Enabling access is required for both G Suite mailbox and Google Drive document migration projects. In order to access your G Suite data, it is necessary to add specifically allowed API scopes to the MigrationWiz project. 

Steps in the G Suite Admin Console

Complete these steps to grant BitTitan client ID access to the appropriate scopes:

  1. Go to https://admin.google.com and authenticate as a Super Administrator.
  2. In the admin console, go to Menu Google_Menu.png > Click Security > Access and data control > API controls> Manage Domain Wide Delegation.

    Warning

    If you do not see the security icon on your admin console home page, your account does not have the necessary rights to make these changes. 
    Google limits settings access and configuration to only G Suite Super Administrator accounts.
  3. Click Add New.
  4. Enter 113321175602709078332 into the Client ID field. 
  5. Enter the following groups of scopes into the OAuth Scopes (comma-delimited) field:
    • G Suite as the Destination (full scopes):
      https://mail.google.com/, 
      https://www.google.com/m8/feeds,
      https://www.googleapis.com/auth/contacts.readonly,
      https://www.googleapis.com/auth/calendar,
      https://www.googleapis.com/auth/admin.directory.group,
      https://www.googleapis.com/auth/admin.directory.user,
      https://www.googleapis.com/auth/drive,
      https://sites.google.com/feeds/,
      https://www.googleapis.com/auth/gmail.settings.sharing,
      https://www.googleapis.com/auth/gmail.settings.basic,
      https://www.googleapis.com/auth/contacts
  6. Click Authorize.

The client's name is 113321175602709078332. This will grant BitTitan products access to the appropriate scopes. If you are migrating to multiple domains, repeat these steps for each domain.

 

MigrationWiz Steps

Create a Mailbox Migration project

  1. Click the Go to My Projects button.
  2. Click the Create Project button.
  3. Click on the type of project that you wish to create. For this migration:
    • Mailbox: Mailbox projects are used to migrate the contents of the primary user mailbox from the previous environment to the new environment. Most mailbox migrations can migrate email, calendars, and contacts.

For mailbox migrations, use administrative credentials to access mailboxes. In most migration scenarios, the admin account needs to have full access rights to the Source mailboxes. 

  1. Click Next Step.
  2. Enter a Project name and select a Customer.
  3. Click Next Step.

Endpoints

Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.

If you select an existing endpoint, consider that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character-specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created,, along with any unique spellings or capitalization you may have used.

You may either use existing endpoints or create new ones. 

Source Endpoint Destination Endpoint

Create your source endpoint by following the next steps:

  1. Click New.
  2. Select an endpoint name.
  3. Click the down arrow in the Service Provider field, and select the Hosted Exchange Provider (taking care to select the correct version of Exchange that the customer is running). This will auto-populate the Outlook Web Access URL with their verified URL. Otherwise, you can click the + Find My Service Provider button, select the Exchange Server 2003+ button and manually enter the Outlook Web Access URL.

    Important

    It is necessary to add all domains that will be part of the migration on either the Source or the Destination. Remember that if there are users in one project with domain names Sourcedomain.com and Destinationdomain.com, it is important to ensure that both of these are added under “Your Domains” when creating the endpoints. To add a domain, click the "+" button.
  4. Click the Provide Credentials radio button and enter the admin account credentials, the ones you obtained from your Hosted Exchange Provider when following the steps under the "Prepare the Source Environment" section of this guide.

Region of Destination Tenant

The Region of Destination Tenant feature optimizes the migration performance and speed by choosing the region closest to the destination tenant. MigrationWiz displays a dropdown that allows you to select the destination region when configuring your destination endpoint

Tip

You can find the region of your destination tenant directly in the Admin Console by navigating to Data > Compliance > Data Regions.
For more information about the region of your destination tenant review the Choosing the Region of the Destination Tenant article, where you can find the recommended ways to verify it.

Warning

If you do not complete this field you will not be able to save your project and the “This field cannot be left blank.” error will appear

Endpoint Validation

Once the information has been provided for both, the source and destination endpoint, and the customer selects Save and Go to Summary, MigrationWiz performs an endpoint validation check.

This validation tests the administrator credentials entered into the project and the Modern Authentication setup only. If there is an issue, the screen redirects to the endpoint and provides an error message or flyout that can be selected for more information regarding the error.

Add Users

Add the user accounts that will be migrated to the project. This may be done in several ways, depending on the size of the project. Steps for each option are in the accordion below, simply click to show the option you select and follow the guidance there.

Small Migrations

For small migrations, it is easy to add users one at a time using Quick Add. The steps for this are below. 

Larger Migrations

For larger migrations, we recommend either using the Autodiscover or Bulk Add option.

Quick Add
This option allows you to add items one at a time. To do so, you only have to provide an email address if you entered administrative credentials when setting up the project. If you did not, enter the following user information:
  • An email address
  • Login name
  • Password
  • Mailbox status
Bulk Add

Bulk Add uses a CSV containing the source and destination email addresses for the users to add the users to the project. If migrating only a specific group from a tenant, we recommend using the Bulk Add option.

MigrationWiz allows you to bulk import mailboxes into the system. To import one or more mailboxes:

  1. Sign in to your MigrationWiz account.
  2. Select the Project for which you want to perform the bulk import.
  3. Click Add.
  4. Click Bulk Add.
  5. Follow the instructions on the page.
Autodiscover

Autodiscover process within MigrationWiz can be used to discover items from the Source environment so that they can be imported into your projects. This can then be edited in the project to remove users not being migrated. All users are added with the source and destination email addresses set to match the source email.

This can be changed by using the Change Domain Name button at the top of the project page. If the usernames are changing during the migration, we recommend using the Bulk Add option.

There are a few requirements for this to work:

  • The Source has to be Exchange 2007 or later.
  • The endpoint on the Source needs to use admin credentials.
  • For mailbox migration projects, the admin account that is specified within the Source endpoint needs to have a mailbox associated with it.
  • The admin mailbox must be listed in the public Global Address List (GAL).

One additional item to note here is that there is no way to restrict the IP addresses that the connection will come from.  This means that the steps outlined in our IP Lockdown guide will not apply here.  If your environment requires that any IP addresses be whitelisted, it is recommended that items be added to your project using one of the other available options.

Autodiscover of items will not work while using Modern Authentication

Autodiscovery exposes the following items:

  • For mailbox migration, autodiscovery will list all mailboxes at the Source.

Steps to Run Autodiscover

  1. Navigate to the project you want to import users into.

  2. Ensure that you have created an endpoint for the source project.

  3. Once in the project, on the top navigation bar, click on the Add drop-down, then select Autodiscover Items. This will begin the Autodiscover process.

  4. Once discovered, click on the Import button, to import the items into your MigrationWiz project.

Advanced Options

Support Tab

Add the following advanced options in this scenario:

  • FolderMapping="^INBOX/->" This AO maps folders to the root label on the Destination mailboxes, rather than under inbox/labelname. 

Performance Tab

Set the Maximum number of concurrent migrations. If the Source server has enough server resources, set this parameter based on the bandwidth guideline of three (3) mailboxes per 1Mbps of bandwidth. Therefore, for example, if there is a 10Mbps connection, we recommend setting the maximum concurrent migrations parameter to 30.

We recommend setting this value to a lower number to avoid overwhelming the Source server with requests if the Source server has very few available server resources. For example, when it runs low on memory or has a very high CPU utilization.

Run Verify Credentials

  1. Open the Project containing items to validate.
  2. Select the items to validate.
  3. Click on the Start button in your dashboard.
  4. Select Verify Credentials from the drop-down list.

Once complete, the results of the verification will be shown in the Status section.​ 

Notify Users

Notify users that a migration is occurring. Send an email to all users telling them the time and date of the migration.

Run Migration

Pre-Stage pass

  1. Select the users you wish to migrate.
  2. Click the Start button from the top.
  3. Select Pre-Stage Migration.
  4. Under the Migration Scheduling section, from the drop-down list, select 90 days ago.
  5. Click Start Migration.

MX Record Cutover

Change over MX records on the DNS provider's portal.

Also, include the AutoDiscover (CName) setting.

If you are migrating in batches and mail coexistence is required, you will not be cutting over the MX records until your final batch of users has been migrated, and you must set up mail forwarding.

Mail Forwarding

If you are not cutting over an entire domain/organization at once by changing the MX records, you can perform a phased migration and set up coexistence by setting up forwards on the mailboxes you wish to migrate.

This can be done either through the use of PowerShell scripts or your Exchange Management Console. We do not recommend setting up Exchange email contacts and a DNS Internal Relay for this since this will not allow for any Delta Migration passes to be made afterward because the mailbox no longer exists.

By PowerShell

Forward the email to the internal recipient and DON'T save the local copy.

PowerShell command syntax:

Set-Mailbox -Identity <Identity> -ForwardingAddress <Office 365 User Email Address> -DeliverToMailboxAndForward $False

  • Example: Set-Mailbox -Identity John -ForwardingAddress Suzan@o365info.com -DeliverToMailboxAndForward $False
  • The email address specified on the 'ForwardingAddress' parameter should exist as a Mail Contact.

Because you set DeliverToMailboxAndForward to false, a copy of the email will NOT be kept in the on-premises mailbox. When setting up forwards, make sure that you do NOT save a local copy before the forward. If you do save a local copy, then when you perform Delta passes, MigrationWiz will migrate the items that it previously hasn’t migrated (and watermarked). This will cause duplicates at your Destination.

Through Exchange Management Console

The first step is to create the forwarding objects in your local Active Directory. These forwarding objects will be hidden from the address book and will be used purely to forward mail for mailboxes that are migrated. Note that these objects are created but not used until you set the forwarding, so these steps can be done ahead of time.

  1. Download our script to create forwarding objects to a computer that is joined to the domain.
  2. Modify the script in a text editor (like Notepad) and change the forwarding domain in the top of the script to the temporary domain in the new environment, for example, company.onmicrosoft.com.
  3. Run the script. You will know the script is complete when you see a confirmation.

The next step is to set up forwarding for mailboxes prior to migration. Before submitting a mailbox for migration, set the forward by performing the following:

  1. Launch the Exchange Management Console from the Start Menu.
  2. Expand the Recipient Configuration note from the navigation tree.
  3. Click the Mailbox node from the navigation tree.
  4. Right-click on the mailbox to set the forward for and click Properties.
  5. Click the Mailbox Flow Settings tab.
  6. Select Delivery Options and click Properties. Do not select the option "Deliver message to both forwarding address and mailbox". This is important to ensure that Delta passes do not cause duplicates. If you do save a local copy, then when you perform Delta passes, MigrationWiz will migrate the items that it previously hasn't migrated (and watermarked). This will cause duplicates on your Destination.
  7. Click the checkbox Forward to, then click Browse.
  8. Select the name of the user that contains the prefix (External Forward) in the display name. This is the forwarding object created previously.
  9. Click OK.
  10. Click OK​.

Notify users

Send an email to end users to let them know what to expect for their Outlook profile reconfiguration. Samples and screenshots can be found in our DeploymentPro documentation.

Enable AutoDiscover again, so that users can create new profiles via AutoDiscover, or use DeploymentPro to automate the configuration of new Outlook profiles. 

Full (Delta) pass

  1. Select the users.
  2. Click the Start button from the top.
  3. Select Full Migration.
  4. Click Start Migration.

Run Retry Errors

Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.

If problems persist, contact Support.

Outlook Configuration

If users will be using Microsoft Outlook with G Suite, they will need to follow the instructions here, to download and install G Suite Sync for Outlook and create a new Outlook profile that connects to G Suite.

Request Statistics

Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.

Was this article helpful?
0 out of 0 found this helpful