Migration from on premises to Azure AD and Office 365 – Part 1

So client this week, wants to look at Office 365 Sharepoint and eventually email. We have been pushing for a while as they are a charity and entitled to have it all for free.

With 175 users they are a perfect candidate to use the Azure AD Sync tool to manage the online logins.

So, the problems, as with any project there are always problems, its really a case of how they should be tackled.

First is the fact the customer is still using a non-routable domain name ending .local for login. These will not sync with Azure on-line as it must use verified rotatable domains. So after a little research we found out that as long as we have routable domains added as ‘Alternative UPN Suffixes’ for the domain then the ADSync Tool will take care of the rest. So we opened the Active Directory Domains and Trusts tool, Right clicked the root node and selected properties. This brings up the window to add new UPN Suffixes, We made sure that all routable domains that had been set up on the Azure AD/365 Platform were set up as suffixes for the domain. The next challenge was that every user required the suffix changed in their Active Directory Account. A long a laborious task if done manually, But if your running 2012 R2 or greater then you have the power of powershell and specifically the get-aduser commandlet.

function ChangeUPN {Get-ADUser -Filter {userprincipalname -like “*domain.local”} -Properties userPrincipalName | foreach { write-host “Setting “$_.UserPrincipalName; Set-ADUser $_ -UserPrincipalName (“{0}@{1}” -f $_.SamAccountName,”newdomain.co.uk”) } }

 Run the function and you should be good to go.


Next problem was with email addresses, our users have had on-site exchange and by default this means they had email addresses on each account with the .local extension,  These needed to be removed, again PowerShell (or Exchange Management Shell) is your friend, for both finding and removing these.

foreach ($i in Get-mailbox -ResultSize Unlimited) {$i.EmailAddresses |  where-object {$_.AddressString -like “*@domain.local”} | foreach-object { Set-Mailbox $i -EmailAddresses @{remove=$_} } }

And don’t forget the groups

foreach ($i in Get-group -ResultSize Unlimited) {$i.EmailAddresses |  where-object {$_.AddressString -like “*@domain.local”} | foreach-object { Set-group $i -EmailAddresses @{remove=$_} } }

Be sure that you have removed the correct part of your exchange Recipient policy first, else your just going to re-provision these emails again.

You can identify if you have these problems with the handy IDFix tool from Microsoft Available Here. Its great at highlighting these and other potential issues on your domain, although interpreting the output can be a little daunting, just focus on the error column!


More to come….