Migrating to Microsoft BPOS – Part I

By now, you've probably heard of Microsoft's latest foray into the PaaS arena - Office 365 - but you might not know that Microsoft's BPOS offering is going to be a component of this latest incarnation. If you're considering either of these platforms, Johan Veldhuis' clear and comprehensive guide to Migrating from Exchange to BPOS is essential reading.

There’s currently a lot of hype around the various Software As A Service (SaaS) solutions which are currently available, including solutions for CRM software, Antivirus/Antispam and, of course, e-mail. When looking at the SaaS solutions for e-mail, there are really two big players in the market at the moment: Microsoft and Google. Naturally, each option has its own benefits and drawbacks, and here are just two examples of the many sites that I’ve found comparing both vendors’ offerings:

Google Apps vs BPOS – You decide – Day 1, stage 1 – THE FACTS [link deprecated]
Google Apps vs Microsoft BPOS [link deprecated]

Hopefully you’ve started to think about whether these SaaS solutions might be appropriate for your organization, and what steps you’ll need to take to actually get your email running from the cloud. These two articles will help you through that process and, although Google is offering ways to move your email service away from Exchange into their cloud, I will focus on how you can migrate your on-premise Exchange environment to Microsoft’s BPOS (short for Business Productivity Online Suite).

In this first article, we’ll look at what you should consider when migrating your Exchange environment into BPOS, as well as what steps you need to take to get your basic environment up and running.

Introduction

A few weeks ago, Microsoft actually announced that Office 365 is the successor to BPOS and, as such, contains a variety of improvements. At this moment, not a huge amount of information is available regarding the new platform, but some significant facts are already known to the public. Office 365 will provide Exchange 2010 Online as the mail platform, and Lync Server (the replacement for Office Communications Server) Online as the IM Platform. In addition to this, Office Web Apps is included in the Office 365 suite, which will give you the ability to open your documents on a wide variety of devices.

However, for now let’s have a look at the current version of BPOS, as this will be immediately useful, and may give us some insight into how Office365 will ultimately behave. Below, you will find an overview of the environment which we will migrate to BPOS:

1203-Johan1.jpg

Figure 1. BPOS and Exchange On-premise environment

On the one hand, we have our own environment, called Exchange On-premise, which contains a Domain Controller and an Exchange 2007 SP3 server. On the other, we have BPOS, which contains the multiple Domain Controllers, Exchange Servers, SharePoint Servers and OCS Servers , though for the purpose of this article only a Domain Controller and Exchange Server are displayed.

What Do You Get?

First of all, let’s have a look at what BPOS actually offers us. BPOS is an abbreviation for Business Productivity Online Suite (as mentioned a moment ago), and includes the following online products / platforms:

  • Exchange Online
  • Live Meeting
  • Office Communications Online
  • SharePoint Online

As you can see, not only messaging products are included in the suite, although we will only be considering the Exchange Online part of BPOS in this article. Of course, if you’re not going to be using the other products, then you might want to consider opting for just Exchange Online, instead of the complete BPOS suite.

So we know what platforms are available in the suite, but what are the features that you will get and, maybe more importantly, what are the features that you won’t get? Excellent question, and the table below contains an overview of all the major mail-related features, together with their availability in BPOS (or lack thereof):

1203-Table1.jpg

*there is a workaround for this issue but it is a little bit complicated compared to Exchange on-premise
**disabled by default, and a service request is needed to enable this per user
***only supported for Windows Mobile 6.0 and above, iPhone 2.0 and above, and some Nokia phones
****only secure SMTP is supported and requires authentication, so passwords will need to be changed every 90 days

Why Do You Want to Migrate to BPOS?

Of course, you should ask yourself why you want to migrate to BPOS in the first place, and this is a question which comes up a lot whenever SysAdmins congregate (particularly when they’re in the same room as executives).

Just as with every other solution, BPOS has its advantages and disadvantages. For example, consider the licensing situation: you won’t need an Exchange Server license, Exchange Client Access (CAL) licenses, or Windows Server licenses anymore. However, on the other hand, think about the control you typically have over your Exchange environment: using BPOS may mean that you can’t control as much as you can when your Exchange Server is on-premises.

So, to try and offer some guidance in this murky discussion, I did some thinking about the advantages and disadvantages of BPOS, and collated the major points into the table below:

1203-Table2.jpg

*only applicable if the local Exchange server was installed on bare metal (i.e., a physical server)

Inventory Your Current Environment

Now that we have some idea of what BPOS can offer us, let’s make an inventory of our environment to see how well everything matches up with these offering. This step is even more important in this migration situation than when implementing an on-premise Exchange environment because, due to the current limitations of BPOS, there might be some devices, programs or even users which may not be able to send/receive e-mail after a migration to the Cloud. To prevent this kind of issue, an inventory of your existing environment has to be made, and here are some examples of the sort of things we should be looking at:

  • Are there any clients other than Outlook in use?
  • Which protocols are supported by these clients?
  • Which method is currently used to retrieve mailbox content?
  • What is the current message size limit?
  • Which devices are using the on-premise Exchange environment?
  • Do these devices support authenticated SMTP?
  • Which (custom) applications are using the on-premise Exchange environment?
  • Which kinds of authentication can be used by these applications?
  • Which mobile devices are used for synchronization?

These are just a few examples which came to mind, but hopefully they give you a good sense of the kinds of things you should be checking.

Preparing BPOS

Now that you’ve made your inventory, in the following sections we’ll see how to configure our BPOS Environment, and make the preparations needed before we can migrate the mailbox content to BPOS.

Setup Your BPOS Environment

First we need to create an account for our BPOS environment, and the simplest way to do this is by browsing to the Microsoft Online Services page and choosing the option for a 30 day trial, making sure you have a Windows Live ID beforehand. After signing in with your Windows Live ID, you’ll need to provide some additional information, such as a name for the initial domain. This domain will not (in most cases) be used for receiving e-mails, because it’s in the format name.microsoftonline.com. In my case, I’ve used JohanVeldhuis.

Once you’ve submitted the form and received an e-mail with your credentials, you can logon to the BPOS, where you can configure your BPOS environment: create and enable domains, create users, enable specific services, etc. Your first step will be to add the domain which is used for receiving/sending mail to BPOS, which can be done by performing the following steps:

  • Select the Users tab;
  • Select the Domains option;
  • Click the New button;
  • Provide the desired domain name;
  • Select either the authoritative or external relay option. Which option you choose depends on your situation; if BPOS will be your only mail solution, then BPOS will be authoritative. If you’re running both Exchange and BPOS at the same time, then you’ll have to choose external relay. In our case, we’ll select external relay, although this will be changed at the end of the article to authoritative (and we’ll see why later);
  • Submit the form;
  • Enable the Start the verification wizard when this window is closed option, and click Finish;
  • In the Who is the registrar for this domain dropdown menu, choose the option Other;
  • To confirm you’re the owner of the domain, you’ll need to create a CNAME record in your public DNS which matches the values displayed on the page:

1203-Johan6.jpg

Figure 2. CNAME record details (minus the host value, because this is unique & used for authentication)

  • Once the CNAME is added, click the Verify button to check whether the ownership of the domain can be verified; depending on your registrar, this may take 15 minutes or longer.

To ensure that mail will not be bounced when being sent from BPOS, you might need to adjust your SPF record (if you are using one). If you have a SPF record, you will need to change it so it contains the include parameter. The include parameter is used to add FQDN’s of servers which do not belong to your domain. In the case of our example, this is exchange-blog.nl.

Now that we have completed all of these steps, the new domain (exchange-blog.nl, in our case) has been added to the all domains list, which displays all of the configured domains currently associated with your BPOS environment:

1203-Johan2.jpg

Figure 3. Overview of all domains configured for BPOS

By default, the domain created earlier (when we first subscribed to BPOS) will be the default domain for all users, so, in my case, all users will get an e-mail address similar to user@johanveldhuis.microsoftonline.com, which is clearly not what we want. To change this, we will need to make the exchange-blog.nl domain the default domain, which can be done by clicking on the domain (located on the all domains tab) and selecting the default user account domain option. This will ensure that all users get an e-mail address and username which ends with exchange-blog.nl as the primary address.

On a brief side note, which will make sense in a moment, those of us who have experience with multiple on-premises mail servers which host the same domain will probably be familiar with various mail delivery issues. In these situations, the domains on the mail servers are configured as external relays, except for the last server in the chain, which is authoritative. By configuring your multiple servers like this, they will forward a message to another mail server if the intended recipient can’t be found on the local server. However, this mix of authoritative and external relay settings will have implications while your Exchange environment is in a coexistence state between on-premises and Online, which we will have a look at in the next article.

Creating Users/Mailboxes

Now that we’ve got our basic environment set up, we can create some users and their associated mailboxes. There are three main ways to do this:

  • Manually create each user;
  • Import a CSV file containing all of the information for each user;
  • Dirsync.

Creating Users by Importing a CSV File

As the first method is too much work when creating multiple users, let’s go straight to how we can do this the easy way. The CSV file you want to use for this process needs to contain the following column headings:

  • User Name
  • First Name
  • Last Name
  • Display Name
  • Job Title
  • Department
  • Office Number
  • Office Phone
  • Mobile Phone
  • Fax
  • Address
  • City
  • State or Province
  • ZIP or Postal Code
  • Country or Region

Once we’ve created and populated the CSV, we can upload it to the BPOS admin console by navigating to the Users > User List page, and choosing the Import users from a file option.

The first step in this process will give you the option to e-mail all the passwords for the accounts you create to a specific e-mail address, or to just display them all at the end of the wizard.

The next step in the import is to select the CSV file we just created and populated; once you’ve done that and pressed Next, the wizard will verify the file and will prompt you if values are missing or incorrect. If an error was found, correct the error, go to the previous step, and select the file again.

Once all errors have been corrected, you’ll need to select a geographic location where the users are to be created; this is used by BPOS to determine which services are available to these users, as not all services are available everywhere in the world.. In our case, we’ll give each user a mailbox maximum size of 256 MB, although this can be changed at a later stage, if necessary.

1203-Johan3.jpg

Figure 4. Assigning services and mailbox size to a user

Once everything is OK, press the Next button to create the users, after which a summary will be displayed, as seen below:

1203-Johan4.jpg

Figure 5. Overview of imported users

As you can see, all users have been imported successfully, and if you would like to see the details of the users which are imported, you can just click the view log file option. When looking at the properties of one of the new users, you will see there are two e-mail addresses listed. In the case of the hypothetical user named Bill:

bill@johanveldhuis.emea.microsoftonline.com
bill@exchange-blog.nl (default)

Creating Users by Using Dirsync

The other easy method is to use dirsync, which is a free utility provided by Microsoft. The tool can only be used when installed on a Windows 2003 SP2 or Windows 2008 32-bit Operating System, and then can only be used to synchronize users from the following functional Forest levels:

  • Windows 2000
  • Windows 2003
  • Windows 2008

Before you can install the tool, you need to make sure that you have, at the very least, .NET Framework 2.0 with SP1 or above and Windows PowerShell 1.0 installed on the system. Keep in mind that PowerShell 2.0 is not supported at this moment. Once you’ve got the tool installed, but before you can use it, you will need to enable the directory configuration using the BPOS administration center. This option can be found by selecting the migration option, followed by the Directory Synchronization option.

1203-Johan5.jpg

Figure 6. Enable Directory Synchronization

Once Directory Synchronization is enabled, it’s time to start the dirsync utility, which will launch a wizard to guide you through the whole process. Thankfully, “the whole process” is actually really easy, and in fact consists of just two steps:

  • Provide the administrator credentials for BPOS
  • Provide the administrator credentials for the local Active Directory

When these steps have been completed, a one-way synchronization is initiated and mail-enabled users, contacts and groups will be synchronized to BPOS, although all users will remain disabled in BPOS until they are manually activated in the administration center. As easy as this sounds, one thing you must bear in mind is that, if you want to make any changes to an object, you will need to make the changes in the local Active Directory, not in the BPOS administration center. Otherwise the changes in BPOS will be overwritten when the synchronization runs again. This becomes a problem because, by default, the synchronization process will run every three hours. This default value can be changed by modifying the Microsoft.Online.DirSync.Scheduler.exe.Config file, which can be found in the installation directory of dirsync, which is c:\Program Files\Microsoft Online Directory Sync by default.

If you do not want to change this value, but just want to force the synchronization process to run only once, then there are two options available to you:

  • Use the Start directory synchronization now option, which will be offered by the Directory Sync Configuration program
  • Run the Start-OnlineCoexistenceSync PowerShell cmdlet. This requires you to manually load the PowerShell extension for BPOS as a prerequisite, by running the DirSyncConfigShell.psc1 script, which can be found in the c:\Program Files\Microsoft Online Directory Sync directory

One of the advantages of this method of user uploading / synchronization is that you will have a Global Address List ready to go in BPOS, which will contain the same objects as the GAL from your local Exchange server, and will be kept up-to-date automatically.

As mentioned at the start of this section, after the users have been synchronized into BPOS, you will need to activate them before they can start using their mailbox and other Exchange Online services. When performing this final step, a random password will be generated, which can either be sent by e-mail to the administrator, or will be displayed at the end of the wizard.

What Next?

At this stage, we’ve successfully checked the compatibility between our on-premises environment and our new BPOS environment, and then gone on to create that online environment. We then made sure that the basic configurations of BPOS we correct, and considered various ways to initially import (or indeed, continuously synchronize) our users from our local organization into the online environment. This covers the basic initial setup process.

In the next article, we’ll look at how to migrate the rest of our content into BPOS, as well as how to reconfigure Outlook to work seamlessly with the new environment, and finally, how to remove the local mailboxes with a minimum of fuss.

This article was commissioned by Red Gate Software, engineers of ingeniously simple tools for optimizing your Exchange email environment. Find out more.