G Suite (IMAP) to On-Premises Exchange Migration Guide

This is the migration guide for the G Suite (IMAP) to On-Premises Exchange Migration scenario. This migration uses the IMAP endpoint and migrates emails and user information from G Suite to an On-Premises Exchange instance. There are some tools and resources that will make the migration easier.

First migration?

We’ve created a guide on scoping, planning, and managing the migration process for your use. If this is your first migration, we recommend reading this guide carefully.

MigrationWiz

MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.

MigrationWiz supports the capability to share migration projects across a Workgroup. When the Project Sharing feature is turned on, all Agents besides those who are Inactive can view all migrations projects. 

Prerequisites

Please consider and meet the following prerequisites for a smooth migration project.

  • Migrating from a G Suite/Gmail endpoint requires an administrator email address that matches the end user domain.
  • All accounts being migrated must have an Active status at the tenant. Users with an Inactive status will not be able to fully migrate and will fail in the project.

Licensing

Purchase and apply User Migration Bundle licenses for all the users being migrated. For this migration type, we suggest the User Migration Bundle. For questions on licensing, visit MigrationWiz Licenses.

  • User Migration Bundle Licenses have unlimited data available per license.
  • User Migration Bundle Licenses are applied to the customer's users and expire 12 months after their purchase date. 
  • Document, Personal Archive, and DeploymentPro projects are all included when using User Migration Bundle Licenses.
  • This license type must be applied manually.

To use your license by following the next steps:

  1. Purchase Licenses.
  2. Create a Customer.
  3. Apply Licenses.
  4. Review Considerations.
Purchase Licenses Create a Customer Apply Licenses Considerations

Purchase licenses by following the steps below:

  1. Sign in to your BitTitan account. 
  2. In the top navigation bar, click Purchase.
  3. Click the Select button and choose User Migration Bundle licenses.
  4. Enter the number of licenses you want to purchase. Click Buy Now.
  5. Enter a Billing address if applicable.
  6. Click Next.
  7. Review the Order Summary and enter a payment method.
  8. Click Place Your Order.

Limitations

Consider the following limitations regarding this type of migration:

  • We are not able to support migrations with two-factor or multifactor authentication. 
  • The maximum file size for migration through MigrationWiz varies by migration type and environment, but may never exceed 60GB.
  • When migrating from G Suite as a source, contacts in Contact Groups (which look like subfolders of the Contacts folder) will migrate to the top-level contacts folder on the destination. Folders will be created for each group but the contacts will not be sorted into those folders.
  • Calendars can have multiple Owners. An Owner is anyone with "Make changes and manage sharing" permissions, so shared calendars will be migrated to users with these permissions by default.

Google questions and troubleshooting

Our G Suite Migration FAQ covers questions and expands on some of the information found in this guide. To learn more about OAuth 2.0, check out the OAuth 2.0 FAQ and OAuth 2.0 set up guides.

Exchange questions and troubleshooting

Our Exchange Mailbox FAQExchange Migration Setup and Planning, and Exchange Mailbox Migration Troubleshooting guides contain a number of common questions and concerns, along with more information, guidance, and steps to resolve issues such as throttling.

Migrated Items

Please click the bars below to check the migrated and non-migrated items. We are constantly working to create a better migration experience for you so these items may change over time.

Which items are migrated?

Always Migrated

  • Inbox
  • Folders/Labels
  • Email
  • Muted Email (as regular email)
  • Contacts
  • Calendars (including links for Google Hangouts within calendar meetings)
  • Calendar Notifications 

Links for Google Hangouts are a new default feature added to Google Meetings. Microsoft 365 doesn't have the corresponding property to map. Therefore, when migrating to Microsoft 365, the links for Google Hangouts are added to the beginning of the meeting description body text on Microsoft 365.

With Google API Endpoint at Source

With this endpoint, all items listed above migrate as before. However, utilizing the API endpoint enables migration of the following items as well. The following items are not migrated via the IMAP endpoint.

  • Google Categories (Category flags, i.e. Social, Promotions, Updates, Forums)
  • Snoozed and Scheduled emails - these are migrated like regular emails to custom destination labels. Their properties are not migrated.
Which items are not migrated?

Not Migrated in Any Instance

  • Calendar Reminders
  • Google Spaces
  • Google Spaces Chats
  • Appointments
  • Chat message attachments
  • Google Groups for Business (including forums and collaborative inboxes)

Not Migrated As Source

  • Calendar Attachments
  • Calendar Reminders
  • Tasks
  • Chats and chat history
  • Google Categories (i.e., the Google category flags: Social, Promotions, Updates, Forums)
  • Email attachments that are links to Google Drive
  • Some calendar colors
  • Automatic Replies (Out of Office Messages)
  • Mailbox Rules
  • Personal Folder and Calendar Permissions

Important

All color category meta tags are transferred over, but Microsoft 365 does not have direct color mappings from Google G Suite, so certain colors do not get mapped over, thus the colors are not displayed in Microsoft 365 for the calendar entries.

Not Migrated As Destination

  • Calendar Attachments.
  • Exceptions of recurring appointments.
  • Google Groups for Business (including forums and collaborative inboxes).

For additional features and limitations, please visit MigrationWiz: Migrated and Not Migrated Items.

Prepare the Source Environment

Please review the following prerequisites before preparing your environment.

  • Enabling access is required for both G Suite mailbox and Google Drive document migration projects.
  • Mailbox migration projects require a G Suite administrator to grant access to the BitTitan client ID and scopes listed in this article.
  • Document migration projects require that a G Suite Super administrator grant access to the BitTitan client ID and scopes listed in this article and enable the API access. The steps to do this are included at the bottom of this article.

Grant MigrationWiz OAuth 2.0 access to G Suite

BitTitan products use OAuth 2.0 to authenticate to G Suite and utilize the G Suite (IMAP) endpoint in MigrationWiz. This applies to both mailbox and document migration projects. To configure the OAuth access within your G Suite environment, follow the directions in this article.

Enabling access is required for both G Suite mailbox and Google Drive document migration projects. In order to access your G Suite data, it is necessary to add specifically allowed API scopes to the MigrationWiz project. 

Steps in the G Suite Admin Console

Complete these steps to grant BitTitan client ID access to the appropriate scopes:

  1. Go to https://admin.google.com and authenticate as a Super Administrator.
  2. In the admin console, go to Menu Google_Menu.png > Click Security > Access and data control > API controls> Manage Domain Wide Delegation.

    Warning

    If you do not see the security icon on your admin console home page, your account does not have the necessary rights to make these changes. 
    Google limits settings access and configuration to only G Suite Super Administrator accounts.
  3. Enter 113321175602709078332 into the Client ID field. 
  4. Enter the following groups of scopes into the OAuth Scopes (comma-delimited) field:
    • G Suite as the Source (read-only scopes):
      https://mail.google.com/
      https://www.google.com/m8/feeds
      https://www.googleapis.com/auth/contacts.readonly
      https://www.googleapis.com/auth/calendar.readonly
      https://www.googleapis.com/auth/calendar
      https://www.googleapis.com/auth/admin.directory.group.readonly
      https://www.googleapis.com/auth/admin.directory.user.readonly
      https://www.googleapis.com/auth/drive
      https://sites.google.com/feeds/
      https://www.googleapis.com/auth/gmail.settings.sharing
      https://www.googleapis.com/auth/gmail.settings.basic
      https://www.googleapis.com/auth/contacts.other.readonly
  5. Click Authorize.

The client's name is 113321175602709078332. This will grant BitTitan products access to the appropriate scopes.

Multiple Domain Migrations

If you are migrating from multiple domains, repeat these steps for each domain.

Enable IMAP access

Follow the steps outlined by Google to verify that all users have access to IMAP.

Folder size limits

Verify that the size limits on IMAP folders have been removed for all users. This is an end-user setting that must be manually verified for each user. We recommend sending the following directions to each user to have them check the settings. 

For each user:

  1. Navigate to your Gmail account.
  2. Click on the gear icon.
  3. Click Settings.
  4. Select the Forwarding and Pop/IMAP tab.
  5. Click Folder Size Limits.
  6. Select Do not limit the number of messages in an IMAP folder (default).

Export mailboxes to CSV files

From the Google Admin portal:

  1. Click Users.
  2. Click ⁝ (3 vertical dots)
  3. Select Download Users.
  4. Select Download All Users.
  5. Click OK.
  6. Click Save.

Prepare the Destination Environment

First, set up user accounts, then complete the following steps.

Create Admin Account

Create an administrator account in Exchange to be used for migration or use the global admin account for the tenant. The administrator account must have either full access to the user mailboxes or be granted impersonation rights. We recommend using impersonation as it will help reduce the likelihood of the migration being throttled by Microsoft. 

  1. Open the Exchange Management Console.
  2. Expand the Recipient Configuration
  3. Right-click on the Mailbox
  4. Click on New Mailbox.
  5. Click on Next.
  6. Click on Next.
  7. Enter "MigrationWiz" as the first name.
  8. Enter "MigrationWiz" as the user logon name, and optionally select a user principal name (UPN) domain.
  9. Enter a password and confirm the password.
  10. Click on Next.
  11. Click on Browse to select a Mailbox database.
  12. Click on Next.
  13. Click on New.
  14. Click on Finish.

To grant the account access, perform the following from the Exchange Server machine:

  1. Open the Exchange Management Shell.
  2. Enter the following command:
    Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -User MigrationWiz

The above command needs to be applied each time a new mailbox is created since permissions are set directly on each mailbox. The administrative account will not have access until the permissions are applied.

In the above script, the username "MigrationWiz" should be replaced with the name of the administrative account that was set up, by following the earlier instructions in this article.

This username is the Administrative Username that needs to be entered under project source or destination settings, within MigrationWiz, when check marking the box labeled: Use Administrative Login.

Set up a PowerShell session

Set up a remote PowerShell session with Exchange 2010+

To manually grant administrative access for migration, execute the following PowerShell command in the Exchange PowerShell Console:

Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -Automapping $false -User MigrationWiz

In the PowerShell script above, change the -User account to match the name of the admin account that was set up for migration.

Any user account that is a part of the domain administrator, schema administrator, or enterprise administrator groups will not have any administrative rights to mailboxes, no matter how many permissions are granted. A security default of Exchange Server is to explicitly deny any user that is a member of these groups. This is why we recommend creating a new user account specific for migration.

Disable Throttling

Disable throttling against the admin account.

Disable Throttling

Disable throttling against only the migrating account (if not using impersonation). This way, the admin account can migrate at a faster rate because it is not subjected to any throttling.

Use this option if using impersonation during the migration. If migrating using admin credentials, it is only necessary to disable throttling against the admin account, rather than all users.

If migrating mailboxes using administrative credentials at the Source, but not using impersonation, we recommend disabling throttling limits on this administrative account in order to improve the speed of migration.

We recommend the creation of a migration administrative account and disabling policy enforcement for this account.

Exchange Server 2013+

To disable all throttling parameters for an admin account called "MigrationWiz":

  1. Open the Exchange Management Shell.
  2. Type the following command and press Enter.

    New-ThrottlingPolicy MigrationWizPolicy

  3. Type the following command and press Enter.

    Set-ThrottlingPolicy MigrationWizPolicy -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited

  4. Type the following command and press Enter.

    Set-Mailbox "MigrationWiz" -ThrottlingPolicy MigrationWizPolicy

Verify Mailbox Accessibility Using EWS

 You can verify independently if a mailbox is accessible using EWS with the following steps:

  1. Go to https://testconnectivity.microsoft.com
  2. If using Office 365, click the Office 365 tab.
  3. Select Service Account Access (Developers) and click Next.
  4. Specify the target mailbox email address.
  5. Specify the service account user name. If using admin credentials on the connector, enter the same user name.
  6. Specify the service account password. If using admin credentials on the connector, enter the exact same password.
  7. Check the Specify Exchange Web Services URL and specify the URL (example: https://server/EWS/Exchange.asmx).
  8. If using Exchange Server, do not check Use Exchange Impersonation. If you are using Office 365, and using impersonation, do check the box.
  9. Check Ignore Trust for SSL.
  10. Click Perform Test.
  11. Once results are displayed, check the overall result, and click Expand All.

It may be necessary to first manage permissions.

If you want to be able to migrate messages with attachments larger than 10MB, the following limits need to be increased:

Increase Message Size Limits

This is a two-step process. The reason for this is that if the message size limits of Exchange are increased, the IIS limits will also have to be increased to allow increased payloads. Other non-standard settings can also cause size restrictions for the IIS or EWS connections, but we are unable to troubleshoot or identify specific environment restrictions outside of these settings.

To display current message size limits:

  1. Open the Exchange Management Shell.
  2. Enter the following commands:

Get-TransportConfig | Format-List -Property MaxReceiveSize, MaxSendSize
Get-SendConnector | Format-List -Property Identity, MaxMessageSize
Get-ReceiveConnector | Format-List -Property Identity, MaxMessageSize
Get-MailBox | Format-List -Property PrimarySmtpAddress, MaxSendSize, MaxReceiveSize

To increase message size limits on the Exchange Server:

  1. Open the Exchange Management Shell.
  2. Enter the following commands:

Set-TransportConfig -MaxReceiveSize 150MB -MaxSendSize 150MB
Get-SendConnector | Set-SendConnector -MaxMessageSize 150MB
Get-ReceiveConnector | Set-ReceiveConnector -MaxMessageSize 150MB
Get-Mailbox | Set-Mailbox -MaxSendSize 150MB -MaxReceiveSize 150MB

 

Increase IIS Limits to Allow Accepting Payloads

There are three limits that should be increased in IIS:

  • maxRequestLength
  • maxAllowedContentLength
  • maxReceivedMessageSize

Follow these steps to increase the Exchange message size limits on your client access server:

  1. OpenWindows Explorer.
  2. Navigate to %ExchangeInstallPath%FrontEnd\HttpProxy\ews\
  3. Open the file Web.Config in a text editor, such as Notepad.
  4. Find the XML tag starting with each change.
  5. Change the existing value to maxRequestLength="200000" -- this occurs in one place on the Web.Config file.
  6. Change the existing values to maxAllowedContentLength="200000000" -- this occurs in one place on the Web.Config file.
  7. Change the existing values to maxReceivedMessageSize="200000000" -- this entry occurs up to 12 times. This needs to be changed for each Authentication method.
    For example:
    <httpsTransport maxReceivedMessageSize="200000000" authenticationScheme="Anonymous" maxBufferSize="81920" transferMode="Streamed" />
    <httpsTransport maxReceivedMessageSize="200000000" authenticationScheme="Basic" maxBufferSize="81920" transferMode="Streamed" />
    etc.
  8. If you are running IIS7 and Windows 2008, it may be necessary to increase WCF settings.
  9. Save the file.
  10. IIS Reset is not needed, web.config changes are picked up by the next connection.

Follow these steps to increase the Exchange message size limits on your mailbox server:

  1. OpenWindows Explorer.
  2. Navigate to %ExchangeInstallPath%ClientAccess\exchweb\ews\
  3. Open the file Web.Config in a text editor, such as Notepad.
  4. Find the XML tag starting with for each change.
  5. Change the existing value to maxRequestLength="200000" -- this occurs in one place in the Web.Config file.
  6. Change the existing values to maxAllowedContentLength="200000000" -- this occurs one place in the Web.Config file.
  7. Change the existing values to maxReceivedMessageSize="200000000" -- this entry occurs up to 12 times. This needs to be changed for each Authentication method.
  8. If you are running IIS7 and Windows 2008, it may be necessary to increase WCF settings.
  9. Save the file.
  10. IIS Reset is not needed, web.config changes are picked up by the next connection.
Increase Maximum Accepted Content Length

You may increase the maximum accepted content length by following these directions:

  1. Open Windows Explorer.
  2. Navigate to C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\ews
  3. Open the file Web.Config in a text editor such as Notepad.
  4. Go to the end of the file.
  5. Insert or edit the following XML code before the </configuration> tag:
    <system.webServer>
    <security>
    <requestFiltering>
    <requestLimits maxAllowedContentLength="104857600" />
    </requestFiltering>
    </security>
    </system.webServer>

If XML code is already present in the Web.Config file, and edit it to match what is shown above.

Sample Web.Config before changes Sample Web.Config after changes
<configuration>
<system.web>
...
...
</system.web>
</configuration>
Increase Maximum Received Message Size

If you are running IIS7 and Windows 2008, you may need to increase WCF settings:

  1. Open Windows Explorer.
  2. Navigate to C:\Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\ews
  3. Open the file Web.Config in a text editor like Notepad.
  4. Find all XML tags starting with maxReceivedMessageSize=
  5. Change existing values to maxReceivedMessageSize="104857600"
  6. Save the file.
  7. Open a Command Prompt (cmd.exe).
  8. Type: cd %windir%\system32\inetsrv
  9. Type: appcmd.exe set config "Default Web Site/ews" -section:requestFiltering -requestLimits.maxAllowedContentLength:104857600
  10. Run: iisreset

MigrationWiz Steps

Create a Mailbox Migration Project

  1. Click Go to My Projects.
  2. Click Create Project.
  3. Create a Mailbox Migration.

    Important

    For mailbox migrations, use administrative credentials to access mailboxes. In most migration scenarios, the admin account needs to have full access rights to the Source mailboxes.
  4. Click Next Step.
  5. Enter a Project name and select a Customer.
  6. Click Next Step.
  7. Select G Suite (IMAP) from the Endpoint dropdown menu. 
  8. Provide requested credentials.
  9. Select Exchange Server 2003+ from the Endpoint dropdown menu.
  10. Enter the OWA URL. 
  11. Click the Provide Credentials radio button and enter the admin account credentials for the account that was set up under the "Prepare the Destination Environment" section of this guide.
  12. Click Save and Go to Summary.

Endpoints

Endpoints are now created through MigrationWiz, rather than through MSPComplete. The steps for this section outline how to create the endpoints in MigrationWiz.

If you are selecting an existing endpoint, keep in mind that only ten endpoints will show in the drop-down. If you have more than ten, you may need to search. Endpoint search is case and character-specific. For example, Cust0mer will not show up if the search is customer. We recommend keeping a list of endpoints you have created, along with any unique spellings or capitalization you may have used.

You may either use existing endpoints or create new ones. 

Create a Source Endpoint

  1. Click Endpoints.
  2. Click Add Endpoint.
  3. Fill in the required information and credentials.

Create a Destination Endpoint

  1. Click Endpoints.
  2. Click Add Endpoint.
  3. Click + Find My Service Provider button.
  4. Click the down arrow in the Service Provider field, and select the Hosted Exchange Provider (taking care to select the correct version of Exchange that the customer is running). This will auto-populate the Outlook Web Access URL with their verified URL.
  5. Or, instead of clicking on the + Find My Service Provider button, click the Exchange Server 2003+ button and manually enter the Outlook Web Access URL.

    Important

    It is necessary to add all domains that will be part of the migration on either the Source or the Destination. This means that, if there are users in one project with domain names Sourcedomain.com and Destinationdomain.com, it is important to ensure that both of these are added under “Your Domains” when creating the endpoints. When adding a domain, you need to click the "+" button.
  6. Click the Provide Credentials radio button and enter the admin account credentials. These are the credentials that you obtained from your Hosted Exchange Provider when following the steps under the "Prepare the Source Environment" section of this guide.

Add Users

Add the user accounts that will be migrated to the project. To import one or more mailboxes:

  1. Sign in to your MigrationWiz account.
  2. Select the Project for which you want to perform the bulk import.
  3. Click Add.
  4. Click Bulk Add.
  5. Follow the instructions on the page.

Advanced Options

The following options are the most valuable for this migration scenario:

Support Tab

Under Support/Support options, add:

  • StoreOverflowGooglePropertiesInNotes=1 This AO stores Google properties that cannot be mapped (ex: extra phone #s) to contact bodies.
  • StoreOverflowGooglePropertiesInNotesPrefix=your custom prefix Prefix to add to contact notes when using StoreOverflowGooglePropertiesInNotes=1. This can be any text you wish to denote the additional information. 
  • SuppressReminderDays=N Suppress reminders for calendars with an end date before the migration date. N equals days to suppress, the max value for this is 365 days.

Filtering Tab

Under Filtering, add: (^All Mail$|^All Mail/)

  • This will filter out the All Mail label from your migration passes. It will speed up your migration passes.
  • You will remove this folder filter before performing your final migration pass. These steps are included later in this section.

Run Verify Credentials

  1. Open the Project containing items to validate.
  2. Select the items to validate.
  3. Click on the Start button in your dashboard.
  4. Select Verify Credentials from the drop-down list.

Once complete, the results of the verification will be shown in the Status section.​ 

Notify Users

Notify users that a migration is occurring. Send an email to all users telling them the time and date of the migration.

Run Migration

Pre-Stage pass

  1. Select the users you wish to migrate.
  2. Click the Start button from the top.
  3. Select Pre-Stage Migration.
  4. Under the Migration Scheduling section, from the drop-down list, select 90 days ago.
  5. Click Start Migration.

MX Record Cutover

Change over MX records on the DNS provider's portal.

Also, include the AutoDiscover (CName) setting.

If you are migrating in batches and mail coexistence is required, you will not be cutting over the MX records until your final batch of users has been migrated, and you must set up mail forwarding.

Mail Forwarding

If you are not cutting over an entire domain/organization at once by changing the MX records, you can perform a phased migration and set up coexistence by setting up forwards on the mailboxes you wish to migrate.

  • Manually set forwards during a migration on a per-user basis, from the individual users' portal. This is only a valid option if there are a small number of users.
  • Manually set forwards during a migration on a per-user basis, from the admin portal. This is a suitable option for small- to medium-sized projects.

Full (Delta) Pass

  1. Select the users.
  2. Click the Start button from the top.
  3. Select Full Migration.
  4. Click Start Migration.

Run Retry Errors

Look through the user list and click any red "failed migration" errors. Review the information and act accordingly.

If problems persist, contact Support.

Remove the All Mail Label

Remove the All Mail filter from the project Advanced Options, and run one final (Full) migration pass.

  1. Under Project Advanced Options: Filtering section, delete: (^All Mail$|^All Mail/).
  2. Select the users.
  3. Click the Start button from the top.
  4. Select Full Migration.
  5. Click Start Migration.

Request Statistics

Click the pie chart icon in the MigrationWiz dashboard to receive an email containing all the project migration statistics.

Was this article helpful?
0 out of 0 found this helpful