G Suite to On-Premises Microsoft Exchange Migration Guide
- This is the complete onboarding task flow for migrating mailboxes from G Suite to On-Premises Microsoft Exchange, versions 2007, 2010, 2013, or 2016.
- Complete each step in order. Links to corresponding Knowledge Base articles are provided.
- The MSPComplete section includes steps to deploy the Device Management Agent (DMA) to end users. Deploying DMA to end users is a prerequisite if you will be using DeploymentPro.
- We recommend that you use DeploymentPro to reconfigure the Outlook profiles in this migration scenario. Note: DeploymentPro requires licenses to be purchased before it can be used. Refer to Scenario 2 in KB004875 to read why it is recommended (but not mandatory).
Prepare the Source Environment
- Grant MigrationWiz OAuth 2.0 access to G Suite. For guidance, see Enable access to G Suite using OAuth 2.0.
- If you are migrating from multiple domains, repeat these steps for each domain.
- G Suite as the Source (read-only scopes):
https://mail.google.com/, https://www.google.com/m8/feeds, https://www.googleapis.com/auth/contacts.readonly, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/drive, https://sites.google.com/feeds/
Note: OAuth administrative credentials will not function properly with G Suite for Business Legacy free accounts. If a G Suite tenant is a G Suite for Business Legacy free account, end user credentials must be used. Refer to KB005124 for more information on migrating with end user credentials.
- Ensure IMAP access is enabled for all users. For details on how to check this, refer to the Google support article here.
- Ensure the folder size limits on IMAP folders have been removed for all users. For each user, click on the gear icon > Settings > Forwarding and POP/IMAP tab > Folder Size Limits > Select the radio button for Do not limit the number of messages in an IMAP folder (default). Note: this is an end user setting, which can only be set on a per user basis. Therefore, we recommend that you send instructions to your end users to check this setting. KB005104
- Export mailboxes to CSV file(s). From Google Admin portal > Click Users > Click on ⁝ (3 vertical dots) > Download Users > Download All Users > Click OK > Save.
Prepare the Destination Environment
- Set up the user accounts
- Create an admin account for migration that has full access permissions to all mailboxes. KB004725
- Set up a remote PowerShell session with Exchange 2010+. KB005111
- To manually grant administrative access for migration, execute the following PowerShell command in the Exchange PowerShell Console:
- Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -Automapping $false -User MigrationWiz
- In the PowerScript script above, change the -User account to match the name of the admin account that was set up for migration.
- Any user account that is a part of the domain administrator, schema administrator, or enterprise administrator groups will not have any administrative rights to mailboxes, no matter how many permissions are granted. A security default of Exchange Server is to explicitly deny any user that is a member of these groups. This is why we recommend creating a new user account specific for migration.
- Increase message size limits. KB004613
- Increase maximum accepted content length. KB004609
- Increase maximum receive message size. KB004532
- Increase maximum accepted request length. This is only valid if your Destination server is running Exchange 2007. KB004610
- For the Source endpoint:
- Click on EndPoints > Add Endpoint > Enter endpoint name > For endpoint type, select G Suite/Gmail.
- It is necessary to add ALL domains that will be migrated from. This means that if there are users in one project with domain names Sourcedomain.com and Destinationdomain.com, it is important to ensure that both of these are added under Your Domains, when creating the endpoints. When you add a domain, you need to click on the "+" button.
- Enter Administrative email address. Note: This is the account that has admin access level to the Google admin portal.
- For the Destination endpoint:
- Click on EndPoints > Add Endpoint > Enter endpoint name > For endpoint type, select Exchange Server 2003+
- Enter the OWA URL KB004392
- Click on the Provide Credentials radio button, and enter the admin account credentials for the account that was set up under the Prepare The Destination Environment of this guide.
- Via Group Policy Object (GPO). Note: This is the recommended methodology, because no end user interaction is required. KB005412 video
- Via email. KB005411
- Launch DeploymentPro.
- Go to All Products > DeploymentPro and follow the prompts to launch.
- Select a customer from the list by clicking on the customer name. Note: The status column will show enabled when a customer account has had DMA deployed.
- Configure customer DeploymentPro module:
- Enter the Domain.
- Select the Destination endpoint.
- Checkmark the Auto-populate box.
- In the Client Interface Configurations section, upload your company logo and add supporting text. Note: We strongly recommend doing this, because this is the logo and text that end users will see in a desktop pop-up when they are prompted to reconfigure their Outlook profiles. If you do not upload your own logo, the default BitTitan logo will be included instead.
- Save and continue.
- Either select all users (by putting a checkmark in the box to the left of the Primary Email column heading), or select the individual users (by putting a checkmark in the boxes to the left of the user email addresses). Note: You will need to purchase DeploymentPro licenses for each user that will be using DeploymentPro. KB004647
- Click on the Run Module button.
- Set the date and time for the Outlook profile configuration to occur, and click on the Run Module button.
- The DeploymentPro module will install on user devices immediately, and then run silently until this date.
- The profile cutover date should be set to a date and time that is shortly after MX record cutover.
Watch this video to see a walk-through of the steps below.
- Create the Mailbox Migration project. KB004380
- Create the Mailbox Migration project > Select the customer > Select the Source endpoint > Select the Destination endpoint.
- The following options are the most valuable for this migration scenario:
- Under Filtering, add: (^All Mail$|^All Mail/) KB005626
- This will filter out the All Mail label from your migration passes. It will speed up your migration passes.
- You will remove this folder filter before performing your final migration pass. These steps are included later in this section.
- Under Support/Support options, add: StoreOverflowGooglePropertiesInNotes=1 KB005056
- Under Support/Support options, add: StoreOverflowGooglePropertiesInNotesPrefix="enter your text here" KB005056
- Under Support/Support options, add: SuppressReminderDays=N KB004203
- If you are migrating in batches, you will not be cutting over the MX records until your final batch of users has been migrated.
- If mail coexistence is required, you must set up mail forwards against those user accounts that are in the migration batches. Options:
- Manually set forwards during a migration on a per-user basis, from the individual users' portal. Note: This is only a valid option if there are a small number of users. KB004316
- Manually set forwards during a migration on a per-user basis, from the admin portal. Note: This is a suitable option for small- to medium-sized projects. KB004374
- Automate the setup of mail coexistence (forwards) for G Suite through the MigrationWiz management console tool. Note: This is the best option for large projects. KB005168
- If calendar free/busy coexistence is required, you must enable Google coexistence to support free/busy information. Google Coexistence Setup Guide
- Under Project Advanced Options > Filtering section, delete: (^All Mail$|^All Mail/) KB005626
- Select the users > Click on the Start button from the top, select Full Migration > Click on Start Migration. KB004938