Migrate two different Exchange forest with the same netbios name to Office 365 with dirsync.

Our customer has two forests. And they have the same netbios name. So no forest trust then. One of them with users and computers and the other with different usernames and their mailboxes.

The dilemma is to migrate them to Office 365 and using computer forest ast point of authority.

Yesterday I found a site that had the same problem.


This was the thing I needed. The blog even mentioned the attributes you need to extract. But it didn’t cover all the parts. So here’s an updated version.

Step 1

Take necessary steps on Office 365 to validate domain needed by Exchange hybrid.

Here is an excellent article to do it.


Step 2

Before this you have to upgrade same service pack level Exchange schema to destination domain. Using this link (if you have Exchange 2010 sp3 on source domain)


As Enterprise admin and from schema master run

Step 3

Add upn-suffic for the same name as in source domain.

Before you import attributes make sure that in destination domain
userprincipalnames are exactly the same as in source domain. **

$a =
Get-MailBox -ResultSize
Unlimited |
select-object SAMAccountName,ExchangeGuid,Alias,Emailaddresses
foreach ($mbx
in $a){$mbx.emailaddresses
= [string]($mbx.emailaddresses)}

$a | export-csv
mailboxes.csv -notype

And here is the import script:

Import-Module -name
“C:Program FilesQuest SoftwareManagement
Shell for ADQuest.ActiveRoles.ArsPowerShellSnapIn.dll”
Import-Csv C:csvexported-attributes.csv
foreach {
$sams =
$nickname =
-ObjectAttributes @{
proxyaddresses=($SMTP -split ” “)
Get-QADUser $sams
-IncludeAllProperties |
select displayname,mailnickname,msexchmailboxguid,proxyaddresses,CanonicalName
| Ft -AutoSize | out-file C:csvoutfile.txt

the split ” ” <- Yes, it is a space. I guess that there’s a bug
because atleast i didn’t get any ; -sign in the middle of the
emailaddresses ๐Ÿ™‚

Step 4

Configure dirsync from destination domain to Office 365 using the logon names you should use after the migration.

Here an excellent article for dirsync filtering.


Step 5

Setup ADFS for SSO or just use Dirsync.

ADFS -setup http://goodworkaround.com/node/53

Comparision of Dirsync only and Dirsync + ADFS http://office365evangelist.com/?p=1144

ADFS and SSO. Get it working with Non-IE Browsers (Chrome, Firefox, Safari)


Step 6

Migrate Mailboxes from source domain. It’s preferred to use Online EAC to do it.

And then select Remove move migration


Add user from the next screen or use csv file. Here is the point when ExchangeGuid takes place. It will match the On-Premises user to Dirsynce’d user that has the same imported guid.


If it doesnt show anything the the guid’s dont match.

When the migration batch is completed you will have On-Premise mailboxes in Exchange Online.

Tip. If you want to make a different kind of mailbox (Room, Equipment etc) You alter two of the Dirsync authority user’s attributes:

Recipient Display Type = msExchRecipientDisplayType
Recipient Type Details = msExchRecipientTypeDetails

Here are the tables for attribute’s

So let’s say you a normal user the be room mailbox and then transfer that user with dirsync to office365.

Change msExchRecipientDisplayType to 7
Change msExchRecipientTypeDetails to 16

When you dirsync this user to Office 365 and start mailbox migration batch for room mailboxes they will connect together and you will have room mailbox with old room mailbox content synced.

Step 7

Migrate Public Folders to Exchange Online.


See if it is completed:  

Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatistics

Step 8

Extract On-Premise Exchange mailboxes LegacyDN attribute also known as X500 address.

String looks like this:


Then you have to add this (AFTER MAILBOX SUCCESFULl MOVE) to Dirsync Authority domain and to the corresponding user’s proxyaddress attribute as primary X500 address (Primary is always the UPPERCASE version)

Remember the onpremise mailboxes are disconnected at this point and they will be there for 30 days by default!

And here is the oneliner:

Get-MailboxStatistics -Server
‘ExchangeServersFQDN’ | select displayname,legacydn | sort displayname
legacydn.csv -notype

Then you will get all users LegacyDN attribute that will be the new PRIMARY X500 address.

If all the LegacyDN’s are in LEGACY.USERDN mode you can use ADModify to change add a primary X500 address.


But the users that have different X500 address. Let’s say user has a number behind username. Then you cant use ADModify and use must write a script or do it manually.

It didn’t have that much of them so I added them manually.

Dont Use LegacyExchangeDN -attribute in ad-user. Always use the proxyaddress -attribute.

Step 9

Remove Exchange Hybrid configuration.


I made it work like this. Hopefully you can also!

And remember that this is also a working scenario for Hosted Exchange to Office 365. Because then you propably cant do a forest trust either ๐Ÿ™‚

Author: Harri Jaakkonen

Leave a Reply

Your email address will not be published. Required fields are marked *