Let me first start off by explaining our environment.
We have one AD domain – de***.co.uk
Regardless of which department a user is in, every user authenticates with all systems (inc exchange) using their domain account (user@de***.co.uk) or (de***\user), even if their email address is user@somethingelse.com (this is common, i know)
We are planning on gradually moving to Office 365 E3, one department at a time
We have ~300 employees, 47 accepted email domains and >600 mailboxes (some of which may just be archived to pst locally).
We in IT have tested 365 E3 with a domain that we own de***s****.co.uk and set up users/mailboxes manually
We are now ready to move one department to trial 365 (20 users) however we'd like to link in with our on premise AD.
This subset of users will have an email address domain @le***********.com
From what i have gathered, I believe that these are the steps I will have to perform (please correct me if i'm wrong)
- Set up ADFS
- Add @le***********.com domain to our 365 account ********(not sure how it would get the users )********
- Change DNS records of le***********.com to point to Office 365
- Import each users pst to their 365 account or any other method?
It's the ADFS part that is causing confusion,
So far I have read several tutorials go about things differently (one says to install ADFS on a DC, another says set up 3 new servers – one ADFS proxy, one ADFS server and one DirSync Server) – which is best?
During the setup of ADFS, it is said that an SSL certificate is needed to be installed on IIS – would this certificate be hostname.de***.co.uk or hostname@le*********.com and each other accepted email domain needing their own SSL?
Would the other users residing on the on premise exchange be affected by this process ?
Regards
Best Answer
Based on the information you have provided, here's the best scenarios to proceed to proceed with.
User Authentication: there are 3 models that you can work with in here, which are:
You have tons of information to read here for further referencing: https://blogs.office.com/2014/05/13/choosing-a-sign-in-model-for-office-365/
Email migration: since you have Exchange 2010 in the network, here are the supported way to migrate your emails:
You can find further information for the email migration here: https://support.office.com/en-us/article/Ways-to-migrate-multiple-email-accounts-to-Office-365-0a4913fe-60fb-498f-9155-a86516418842
If you select option 2 for the authentication and option 1 for the emails, you won't need ADFS or a certificate to complete the migration, end users will only be effected during the final stages of the cutover migration.
Hope this helps.
EDIT:
Your migration steps should be easy, follow these tips: