Office 365 – Distribution List Migration Version 2.0 – Part 15

Enabling migration support for non-synchronized groups.

In standard hybrid implementations distribution groups are synchronized from Active Directory to Azure Active Directory / Exchange Online. When performing a distribution list migration, a pre-requisite check existed in previous versions that validated the list was present in Exchange Online and that the directory synchronization flag is set to TRUE.

 

I recently worked with a customer that was performing a multiple Exchange organization consolidation to a single Office 365 tenant. This is not necessarily uncommon and each of these consolidation efforts can have their own unique considerations.

 

In this particular design there was a “main” forest where a full Active Directory synchronization was being performed to Azure Active Directory. In each of there “remote” forests Azure Active Directory Connect was only synchronizing organizational units that contained mailbox and contact objects. Organizational units containing groups were not synchronized as a part of their design and consolidation.

 

Generally, the answer to having distribution groups represented in Exchange Online would be to alter the ADConnect installation and include all organizational units where mail enabled objects are stored. In this instance that solution would have met with the goal of satisfying that the distribution list be present in Exchange Online but since the ultimate goal was to remove the “remote” forests this should not block migration.

 

New builds of Distribution List Migration Version 2 now include the ability to override the pre-requisite that the group be present in Exchange Online. There are, however, other pre-requisites. For example:

• All recipients referenced by the group must be present in Exchange Online.
• The group must be fully mail enabled and have all the standard attributes of a mail enabled group. Partially mail enabled groups cannot be migrated.
• There can be no other mail enabled object in Office 365 sharing the same proxy address.

 

Here is an example of how this could be utilized to move groups that are not synchronized from Active Directory.

 

The distribution group is a mail enabled security group in Active Directory.

PS] C:\>Get-DistributionGroup aNoSyncGroup

 

Name DisplayName GroupType PrimarySmtpAddress

—- ———– ——— ——————

aNoSyncGroup aNoSyncGroup Universal, SecurityEnabled aNoSyncGroup@domain.com

 

The group does not exist in Exchange Online.

 

Get-EXORecipient aNoSyncGroup

Get-EXORecipient : Error while querying REST service. HttpStatusCode=404

ErrorMessage={“error”:{“code”:”NotFound”,”message”:”Error executing request. “,”details”:[{“code”:”Context”,”target”:””

,”message”:”Ex6F9304|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException|The operation couldn’t

be performed because object ‘aNoSyncGroup’ couldn’t be found on

‘DM6PR04A04DC002.NAMPR04A004.prod.outlook.com’.”}],”innererror”:{“message”:”Error executing request.

“,”type”:”Microsoft.Exchange.Admin.OData.Core.ODataServiceException”}}}}

At line:1 char:1

+ Get-EXORecipient aNoSyncGroup

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : ProtocolError: (:) [Get-EXORecipient], RestClientException

+ FullyQualifiedErrorId : An error occurred while processing this request.,Microsoft.Exchange.Management.RestApiCl

ient.GetExoRecipient

 

 

If an attempt was made to migrate the distribution list without the skip option, the following error would occur.

 

 

out-logFile : The operation couldn’t be performed because object ‘anosyncgroup@domain.com’ couldn’t be found on ‘BY5PR04A04DC002.NAMPR04A004.prod.outlook.com’.

At C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.5.12\DLConversionV2.psm1:1248 char:13

+ out-logFile -string $_ -isError:$TRUE

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException

+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Out-LogFile

 

 

To migrate a group that is not synchronized the same process is utilized with the addition of the allowNonSyncedGroups switch. Here is an example:

 

 

Start-DistributionListMigration -groupSMTPAddress anosyncgroup@e-mcmichael.com -globalCatalogServer azure-dc-0.domain.domain.com -activeDirectoryCredential $cred -logFolderPath c:\temp -exchangeServer webmail.domain.com -exchangeCredential $cred -exchangeOnlineCredential $cred -useCollectedFullMailboxAccessOnPrem:$TRUE -useCollectedFullMailboxAccessOffice365:$TRUE -useCollectedSendAsOnPrem:$TRUE -useCollectedFolderPermissionsOnPrem:$TRUE -useCollectedFolderPermissionsOffice365:$TRUE -enableHybridMailflow:$TRUE -dnNoSyncOU “OU=DoNotSync,OU=MigrationTest,OU=DLConversion,DC=home,DC=e-mcmichael,DC=com” –allowNonSyncedGroup:$TRUE

 

 

Using this switch bypasses a check for the group in Office 365 and performs the migration. The same rules for standard migration apply and all dependencies will be validated and health checked prior to re-creating the group in Office 365.

 

 

[3/8/2022 5:04:32 PM] – Success – renaming directory.

[3/8/2022 5:04:32 PM] – 20220308T1704323903-anosyncgroup-Success

[3/8/2022 5:04:32 PM] – c:\temp\DLMigration\

 

 

The addition of this feature should allow for adoption in more scenarios where organization consolidations are occurring.