G Suite to On-Premises Exchange Migration Guide

This is the complete onboarding task flow for migrating folders and documents from G Suite to On-Premises Exchange.

This migration guide contains the necessary steps to perform the actual migration, but there are many steps to preparing for migration. If this is your first time performing a migration, we have created a Migration Planning & Strategy Guide to walk you through planning, set-up, and general migration best practices. If you have never performed a migration before, we suggest reading that before beginning the steps outlined in this scenario.

Some item types are not migrated. Click the bar below to expand the full list of what item types are and are not migrated. We are constantly working to create a better migration experience for you, so these items may change.

MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.

Items and folders in "Shared with Me" will not be migrated. Only items in "My Drive" will be migrated. To migrate "Shared with Me" items, they must be added to "My Drive".

We are not able to support migrations with two-factor or multifactor authentication. 

Migrated Items

G Suite

Migrated - IMAP or G Suite (Gmail API) endpoints

  • Inbox
  • Folders/Labels
  • Email
  • Muted Email (as regular email)
  • Contacts
  • Calendars (including links for Google Hangouts within calendar meetings)
  • Calendar Notifications 

Links for Google Hangouts are a new default feature added to Google Meeting. Microsoft Office 365 doesn't have the corresponding property to map. Therefore, when migrating to Office 365, the links for Google Hangouts are added to the beginning of the meeting description body text on Office 365.

Not Migrated in Any Instance

  • Calendar Reminders
  • Appointments
  • Chat message attachments

Not Migrated As Source

  • Calendar Attachments
  • Calendar Reminders
  • Tasks
  • Chats and chat history
  • Google Groups for Business (including forums and collaborative inboxes)
  • Google Categories (i.e., the Google category flags: Social, Promotions, Updates, Forums)
  • Email attachments that are links to Google Drive
  • Some calendar colors

All color category meta tags are transferred over, but Office 365 does not have direct color mappings from Google G Suite, and so certain colors do not get mapped over, thus the colors are not displayed in Office 365 for the calendar entries.

 

With Google API Endpoint at Source

With this endpoint, all items listed above migrate as before. However, utilizing the API endpoint enables migration of the following items as well. The following items are not migrated via the IMAP endpoint.

Migrated

  • Google Categories (Category flags, i.e. Social, Promotions, Updates, Forums)
  • Snoozed and Scheduled emails - these are migrated like regular emails to custom destination labels. Their properties are not migrated.
  • Chat history - Chat messages are migrated to the destination as an email message (without subject) by using the support option MigrateChats=1

Exchange

Not Migrated in Any Instance

  • Inactive mailboxes

Exchange Server 2010 SP1+

Migrated

  • Inbox
  • Folders
  • Email
  • Contacts
  • Calendars
  • Tasks
  • Journals
  • Notes
  • Post (when the destination is Exchange or Office 365)
  • Server-Side Rules
  • Folder Permissions

Not Migrated in any Exchange Instance

  • Email templates
  • Email flags (if the destination is G Suite)
  • Safe Sender/Block Lists
  • Mail Settings
  • Standalone documents stored in Public Folders (Example: IPM.Document item types)
  • System Public Folders
  • Sticky Note folders

 

Step 1: Source & Destination Preparation

Grant MigrationWiz OAuth 2.0 access to G Suite. 

Enable access to G Suite using OAuth 2.0

BitTitan products use OAuth 2.0 to authenticate to G Suite  and utilize the G Suite (IMAP) endpoint in MigrationWiz. This is applicable to both mailbox and document migration projects. In order to obtain access to your G Suite data, it is necessary to add specifically allowed API scopes to the MigrationWiz project.

  • These steps must be followed whenever there is a migration project either to or from G Suite that will utilize the G Suite (IMAP) endpoint. For instructions on using the Gmail API endpoint, see  MigrationWiz - Mailbox Migration - Set up Google API for migrating mailboxes.
  • Enabling access is required for both G Suite mailbox and Google Drive document migration projects.
  • Mailbox migration projects require that a G Suite administrator grant access to the BitTitan client ID and scopes listed in this article.
  • Document migration projects require that a G Suite Super administrator grant access to the BitTitan client ID and scopes listed in this article and enable the API access. The steps to do this are included at the bottom of this article.

Steps in the G Suite Admin Console

Complete these steps to grant BitTitan client ID access to the appropriate scopes:

  1. Go to https://admin.google.com and authenticate as a Super Administrator.
  2. Click Security. If you do not see the security icon on your admin console home page, you do not have the necessary rights on your account to make these changes. Request Super Administrator access from the customer to implement these changes.
  3. Click Advanced settings. Google limits accessing and changing this setting to only G Suite Super Administrator accounts.
  4. You will now have one of two options, depending on whether your tenant has been updated to the new Google API or not. 
  5. Old Google Tenant:

    • Go to the G Suite admin page at google.com
    • Click on Security
    • Click on Advanced Settings
    • Click Manage API Client Access or if your account shows the latest UI updates from Google, as shown below:

    New_Google_Admin_APP_Access_Control.JPG

    • Go to the G Suite admin page at google.com
    • Click on Security
    • Click Advanced Settings
    • Under ‘Domain-wide delegation’, click Manage domain-wide delegation
    • On the Manage domain-wide delegation page, click Add new
  6. Click MANAGE DOMAIN WIDE DELEGATION.
  7. Click Add New.
  8. Enter 113321175602709078332 into the Client ID field. 
  9. Enter one of the following groups of scopes into the OAuth Scopes (comma-delimited) field, depending on whether G Suite is the Source or Destination.
    • G Suite as the Source (read-only scopes):
      https://mail.google.com/, https://www.google.com/m8/feeds, https://www.googleapis.com/auth/contacts.readonly, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive, https://sites.google.com/feeds/, https://www.googleapis.com/auth/gmail.settings.sharing, https://www.googleapis.com/auth/gmail.settings.basic
  10. Click Authorize. The client name is 113321175602709078332 (make sure there are no leading or trailing spaces, as this may cause the error "URL ends with an invalid top-level domain name."). This will grant BitTitan products access to the appropriate scopes.
    • If you are migrating from multiple domains, repeat these steps for each domain.
    • OAuth administrative credentials will not function properly with G Suite for Business Legacy free accounts, G Suite Legacy free accounts, or Google Apps Legacy free accounts. Migrating any Google Legacy free accounts is not supported.

Enable IMAP Access

Ensure IMAP access is enabled for all users. For details on how to check this, refer to the Google support article here.

Remove Folder Limits

Ensure the folder size limits on IMAP folders have been removed for all users.

For each user:

  1. Click the gear icon
  2. Click Settings
  3. Click Forwarding and POP/IMAP tab
  4. Click Folder Size Limits
  5. Select the radio button for Do not limit the number of messages in an IMAP folder (default)

This is an end user setting, which can only be set on a per user basis. Therefore, we recommend that you send instructions to your end users to check this setting. 

How do I ensure G Suite folders containing more than 1000 messages will be migrated?

Removing folder size limits on IMAP folders

G Suite has a setting that can limit the number of messages in an IMAP folder. If this is configured, this will restrict MigrationWiz so that it can only retrieve and migrate that number of messages from each folder.

Follow these steps to see if this has been set by a user, and how to change it so that there is no limit set:

  1. Log in to the account.
  2. Click on the gear icon in the upper right-hand side of the window, and choose Settings.
  3. Click on the Forwarding and POP/IMAP tab.
  4. Under the IMAP Access heading, look for Folder Size Limits.
  5. Ensure that Do not limit the number of messages in an IMAP folder (default) is selected.

To further clarify the implications of this setting: If the limit has been set (e.g., to 1,000 as per the default suggestion), then if folders contain more than 1000 items, they will be truncated at 1000 items. This means that MigrationWiz will only be able to migrate 1000 emails from each folder.

 

Export mailboxes to CSV file(s)

  1. Navigate to the Google Admin portal
  2. Click Users
  3. Click ⁝ (3 vertical dots)
  4. Download Users
  5. Download All Users
  6. Click OK
  7. Save

Prepare the Destination Environment

Set up the user accounts

Set up MigrationWiz

The following steps will guide you through setting up your migration project in MigrationWiz. For all endpoints in this process, select or create the G Suite (Own Service Account) endpoint.

Create New Project

  1. To create a new migration project:

      1. Click the Go To My Projects button.
      2. Click the Create Project button.
      3. Under Project Type, select MailboxProject. 
      4. Enter a Project name and select a Customer. If you have not already added the customer into MSPComplete, you will need to click New to create the Customer.
      5. Click Next Step.
      6. Select the source endpoint from the Endpoint dropdown list, or create a new source G Suite (Own Service Account) endpoint.
      7. Click Next Step.
      8. Select the destination On-Premises Exchange endpoint from the Endpoint dropdown list, or create a new On-Premises Exchange endpoint.
      9. Click Save and Go to Summary.
      10. On the Authorization page, click the Request Access Token button to open the On-Premises Exchange authorization page.
      11. Enter the email address and password for the On-Premises Exchange admin account and click the Sign In button. This generates the access token required by MigrationWiz for the MigrationWiz project and redirects back to the Authorization page of the MigrationWiz project.
      12. Click the Save Project button.

Add Items

Add the accounts (also referred to as "items") that will be migrated to the project. There are several ways to do this. 

Quick Add
This option allows you to add items one at a time. You have to enter an email address, login name, and password for each user if you didn't enter administrative credentials when setting up the project. You only have to provide an email address if you entered administrative credentials when setting up the project.
Bulk Add

MigrationWiz allows you to bulk import mailboxes into the system.

To import one or more mailboxes:

  1. Sign in to your MigrationWiz account.
  2. Select the Project for which you want to perform the bulk import.
  3. Click Add.
  4. Click Bulk Add
  5. Follow the instructions on the page.
Autodiscover

The Autodiscover process within MigrationWiz can be used to discover items from the Source environment, so that they can be imported into your projects.

There are few requirements in order for this to work:

  • The Source has to be Exchange 2007 or later, or Office 365, or G Suite. If you are using Autodiscover from G Suite, all G Suite domains must be added to the list of domains in the Endpoint.
  • The endpoint on the Source needs to use admin credentials.
  • For mailbox migration projects, the admin account that is specified within the Source endpoint needs to have a mailbox associated with it.
  • The admin mailbox must be listed in the public Global Address List (GAL).
  • The migration project type needs to be a Mailbox migration. For the exact steps to be followed during your migration, refer to the relevant Migration Guide. All Migration Guides can be found on the Help Center site.

One additional item to note here is that there is not a way to restrict the IP addresses that the connection will come from.  This means that the steps outlined in our IP Lockdown guide will not apply here.  If your environment requires that any IP addresses be whitelisted, it is recommended that items be added to your project using on of the other available options.

Autodiscover of items will not work while using Modern Authentication

For mailbox migration, autodiscovery will list all mailboxes at the Source.

Run Autodiscover

  1. Navigate to the project you want to import users into.

  2. Ensure that you have created an endpoint for the source project.

  3. Once in the project, on the top navigation bar, click on the Add drop-down, then select Autodiscover Items. This will begin the Autodiscover process.

  4. Once discovered, click on the Import button, to import the items into your MigrationWiz project.

 

Set Advanced Options

Set the Project Advanced Options. These are customization options which help MigrationWiz perform within specific environments. 

Under Support/Support Options add:

  • InitializationTimeout=8 - This increases the initialization timeout window to eight hours. 
  • RemoveExistingPermissionsWhenUnspecified=1 There are no spaces on either side of the "=" sign, and the entries are case-sensitive, so pay special attention to the capital letters in the commands above.

Set the Advanced Option to send a notification to end users after the migration pass completes:

  • Notifications > Send successful migration and notification to: > Source email address (if users are still using G suite Gmail) or Destination email address (if users have already migrated from the G Suite gmail platform).
  • Customize the notification email. Checkmark the Customize "successful migration" email box. Add your own customization text and company name to this email.
  • Notifications should only be set up before the final pass. If performing a single, Full pass, set this up now. If you are following a Pre-stage migration strategy, only set this up prior to the final Full (Delta) pass.

Run Verify Credentials

You may verify the credentials of items in MigrationWiz without migrating data or consuming any licenses.

  1. Open the Project containing items you wish to validate​.
  2. Select the items you wish to validate.
  3. Click on the Start button in your dashboard.
  4. Select Verify Credentials from the drop-down list.

Once complete, the results of the verification will be shown in the Status section.​ 

Notify Users

Notify users that a migration is occurring. Send an email to all users telling them the time and date of the migration. During this time, they should not modify any documents in their G Suite (IMAP) accounts, because any modifications will not be included in the migration.

 

Run Migration

Perform the migration, using one of the following strategies. More information on each strategy is included in the Migration Planning and Strategy Guide linked in the beginning of this guide. 

  • Full Migration strategy. For small migration projects that are less than 50 users, we recommend a Full Migration strategy. This is a single, full-pass migration, and requires licenses. This migration selection will migrate all identified and supported items.  
  • Pre-Stage Migration Strategy: This strategy includes a Pre-Stage pass and a Full (Delta) pass. This migration selection will migrate all identified and supported items before the selected date. This migration option requires a license of the appropriate type.

Additional Migration Types

  • Trial - Free migration pass. This migration selection is used to test the migration server.  It will migrate up to 10 items per folder or up to 5 MB of data per mailbox. A full migration with a license will pick up where the trial left off. 
  • Verify Credentials - Free migration pass. This migration selection will test to make sure that the credentials being used for migration are correct and will allow a successful connection. No data is migrated.
  • Retry Errors - Free migration pass. Once a Full or Pre-Stage migration has completed successfully, Retry Errors can be run to retry only failed items.

For large migration projects that are more than 50 users, we recommend a Pre-Stage Migration strategy. This is a multiple-pass migration.

Once you have chosen your migration strategy: 

  1. Click on the name of the Project you want to run.
  2. Select one or more items to migrate by checking the box next to the item name. If you want to select all the items, click the checkbox to the left of Source Email.
  3. Click on the Start button and select the type of migration to run.
  4. If you want to delay your migration, then select the checkbox marked "Automatically start the migration at", and enter the date and time to have the migration start. To start a migration immediately, you do not need to select the scheduling option.
  5. Click Start Migration.

 

Request Statistics

Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics. 

Post-Migration Steps

  1. To prevent users from inadvertently logging in and using their G Suite accounts, decommission the G suite user accounts, or change their passwords.
  2. Notify users once the migration has completed. If you set the MigrationWiz Advanced Option for Notifications, they will receive an email upon completion of the migration. Assist them with setting up access to their On-Premises Exchange accounts.
  3. Provide training to end users on On-Premises Exchange.

 

 

Was this article helpful?
0 out of 0 found this helpful