Earlier, I wrote on a new technet article that details migration to Office 365 groups from on prem public folders. Actually walking through that I noticed some inconveniences I figured I could improve on with a script. The main one being that the endpoint in Office 365 only supports a single Public Folder, excluding child folders.
So I wrote up a script (with resume support) that will map your Public Folders to O365 Groups and migrate them in as many batches as are required, fully automated.
You’ll end up with a nice csv file with all the details. Note:
this script expects you to know what you’re doing!
only tested with Exchange 2010 as source
everything on prem is left untouched
groups are not mail enabled, and security settings are not copied
contacts are not copied
make sure you read the code/in-script instructions between line 1 and line 48, and then if you’re curious, from line 71720
update 05/01: improved the connection status check + reconnect for remote ExO and fixed report file path auto generation
update 11/01: moved everything to start-job so exchange sessions are always isolated (no prompting after 1-2 days) and added total migration overview display
update 25/01: exported the remote exchange module and added it as inline code with a modification so it won’t prompt for credentials, nothing else seems to otherwise prevent such prompts. This means the module may not match Microsoft’s if they update Exchange Online. Let me know if that causes issues for you or re-create it yourself with export-pssession and replace.
It was mostly a breeze and the interface of Office 365 groups allows users to easily search and administer their old Public Folders. We purposely only use them for archive access, where the IM team manages access to the groups holding PF data. I can really recommend this strategy, especially if you can easily split them up in under 50GB sized groups.
I did have one slight error you may run into:
“MigrationTransientException: Couldn’t find a request that matches the information provided. Reason: No such request exists in the specified index. –> Couldn’t find a request that matches the information provided. Reason: No such request exists in the specified index. “
Reason for this: The source public folder path is incorrect, make sure your CSV is mapped correctly or your batch will spin forever (or at least longer than I had patience), never completing.
At a customer site users were experiencing “:-( Something went wrong” errors in OWA (2013). The RPC endpoint was also broken, blocking a migration to Office 365.
Initial checks showed a few errors on the 2013 frontend server:
[Eas] Marking ClientAccess 2010 server NLEX01.domain.local (https://nlex01.domain.local/Microsoft-Server-ActiveSync) as unhealthy due to exception: System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)
[Autodiscover] Marking ClientAccess 2010 server NLEX01.domain.local (https://nlex01.domain.local/Autodiscover) as unhealthy due to exception: System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)
[RpcHttp] Marking ClientAccess 2010 server NLEX01.domain.local (https://nlex01.domain.local/rpc/rpcproxy.dll) as unhealthy due to exception: System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)
[Owa] Marking ClientAccess 2010 server NLEX01.domain.local (https://nlex01.domain.local/owa) as unhealthy due to exception: System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)
The issue ended up being twofold;
somehow the SCCM client on the Exchange backend had replaced the local server certificate that IIS uses, this certificate wasn’t accepted by the frontend server
for some reason NTLM (Windows) Authentication was switched off on the Virtual Directories on the backend machine.
We wanted an overview of which domains our users were using in a certain country (Netherlands in this case). So, a simple Powershell snippet that counts all unique domains it encounters in the ProxyAddresses field of all users under a certain OU.
Note that if you have set contacts / forwarders, some domains that appear may not actually be accepted domains in your exchange organization.
#Author: Jos Lieben (OGD)
#Date: 13-06-2016
#Script help: www.liebensraum.nl
#Purpose: retrieve all unique domains in use under a specific OU and count them
#Requirements:
#active directory PS module
########
ipmo activedirectory
$users = get-aduser -Filter * -Properties * -SearchBase "OU=Netherlands,OU=Countries,DC=lieben,DC=nu" -SearchScope SubTree
$domains = @{}
foreach($user in $users){
$emails = $user.ProxyAddresses
foreach($email in $emails){
$domain = $email.Split("@")[1]
if($domain){
$domains[$domain] += 1
}
}
}
Write-Output $domains
A demonstration of one way to get shared mailbox permissions exported to a CSV file. We needed both users, groups and users in groups (so, a recursive search). Only Shared mailboxes had to be included, we could identity these by a simple rule:
the first portion of the primary email address does not contain a dot
See line 126 and 127 for this rule if you need a different method.
Edit: make sure you replace CED\ with your own domain! Sorry bout that…
This export excludes Deny permissions and looks for users in groups up to 2 levels deep. Credits to Piotrek for his Get-ADNestedGroupMember function.
