In this environment, the on premise Active Directory DNS name is different from the email address public DNS name. An alternate UPN Suffix that matches the public email address DNS name has already been configured for the on premise AD environment for the purpose of facilitating the Office 365 onboarding process. The first step in this process is to update the UserPrincipalName attribute for this batch of AD users. My On Premise AD DNS name is “myadlab.com”. The public DNS name is “myadpublicdns.com”:

1) Update Users’ UserPrincipalName attribute :
I’ll start by verifying the Organizational Unit name for the group I plan to migrate:

PS C:\Scripts> Get-ADOrganizationalUnit -Filter "Name -like '*Manufactur*'"

City :
Country :
DistinguishedName : OU=Manufacturing_OU,OU=Users-All,DC=myadlab,DC=com
LinkedGroupPolicyObjects : {}
ManagedBy :
Name : Manufacturing_OU
ObjectClass : organizationalUnit
ObjectGUID : c510706a-1174-4e64-aa2a-6fc02917a3de
PostalCode :
State :
StreetAddress :

Verify current users’ UserPrincipalName property:

PS C:\Scripts> Get-ADUser -Filter * -Properties * -SearchBase "OU=Manufacturing_OU,OU=Users-All,DC=myadlab,DC=com"| ft UserP
rincipalName

UserPrincipalName
-----------------
PeterJo@myadlab.com
ClarkKent@myadlab.com
LoisLane@myadlab.com

Verify already configured On Premise AD alternate UPNSuffixes and update the users’ UserPrincipalName:

PS C:\scripts> Get-ADForest | Select-Object -ExpandProperty UPNSuffixes
aadlab.com
myadpublicdns.com


Select the required UPNSuffix and assign it to a PowerShell variable:

PS C:\scripts> $newupn= (Get-ADForest).UPNSuffixes[1]
PS C:\scripts> $newupn
myadpublicdns.com


Bulk Update the UserPrincipalName by piping the users collection object to a “ForEach-Object” script:

PS C:\scripts> Get-ADUser -Filter * -Properties * -SearchBase "OU=Manufacturing_OU,OU=Users-All,DC=myadlab,DC=com"| ForEach-Object { Set-ADUser -Identity $_ -UserPrincipalName (($_.GivenName) + '.' + ($_.Surname) +
'@' + ($newupn)) }


Confirm that the UserPrincipalName attribute for these users has been updated :

PS C:\scripts> Get-ADUser -Filter * -Properties * -SearchBase "OU=Manufacturing_OU,OU=Users-All,DC=myadlab,DC=com"| ft UserPrincipalName

UserPrincipalName
-----------------
Clark.Kent@myadpublicdns.com
Lois.Lane@myadpublicdns.com
Peter.Jo@myadpublicdns.com

2) Run the .\DirectorySyncClientCmd.exe command on the Azure AD Connect Synchronization server to manually update the UserPrincipalName attribute of the users in Office 365 Azure AD:

The next screen shot shows the Connector Space Object Properties, which confirms that the UserPrincipalName property was modified for the user:

3) Create a csv file of the users based on the required format for Office 365 Batch migrations. The UserPrincipalName value for the users also matches the external email address. A screen shot of the csv file follows:

PS C:\scripts> Get-ADUser -Filter * -Properties * -SearchBase "OU=Manufacturing_OU,OU=Users-All,DC=myadlab,DC=com"| Sort-Object | Select-Object -Property @{Label='EmailAddress';e={$_.UserPrincipalName}} | Export-Csv
-Path c:\Manufacturing.csv -NoTypeInformation


4) Verify the current license status of the users, confirm also that the users mailboxes have not been migrated yet and assign licenses:

Connect to Windows Azure:
Connect-MsolService — Login with the crendentials.

PS C:\Scripts> Import-Csv -Path "c:\Manufacturing.csv" | %{Get-MsolUser -UserPrincipalName $_.EmailAddress} | ft UserPrincipalName, IsLicensed, MSExchRecipientTypeDetails


UserPrincipalName            IsLicensed MSExchRecipientTypeDetails
-----------------            ---------- --------------------------
Clark.Kent@myadpublicdns.com False 1
Lois.Lane@myadpublicdns.com  False 1
Peter.Jo@myadpublicdns.com   False 1


The IsLicensed property indicates that no licenses for O365 Enterprise or any other has been assigned to the users. The MSExchRecipientTypeDetails property value of 1 indicates that the user mailbox has not been migrated to Office 365 and still resides on the on premise Exchange Server.

Assign Usage Location and licenses to the users:

PS C:\Scripts> Import-Csv -Path "c:\Manufacturing.csv" | %{Set-MsolUser -UserPrincipalName $_.EmailAddress -UsageLocation "US"}

PS C:\Scripts> Import-Csv -Path "c:\Manufacturing.csv" | %{Set-MsolUserLicense -UserPrincipalName $_.EmailAddress -AddLicenses "adexample:Enterprisepack"}

Confirm that licenses were assigned correctly:

PS C:\Scripts> Import-Csv -Path "c:\Manufacturing.csv" | %{Get-MsolUser -UserPrincipalName $_.EmailAddress}| ft UserPrincipalName, IsLIcensed, @{Label='License';e={$_.Licenses.AccountSkuId}}, UsageLocation


UserPrincipalName            IsLicensed License                      UsageLocation
-----------------            ---------- -------                      -------------
Clark.Kent@myadpublicdns.com True       myadpublicdns:ENTERPRISEPACK US
Lois.Lane@myadpublicdns.com  True       myadpublicdns:ENTERPRISEPACK US
Peter.Jo@myadpublicdns.com   True       myadpublicdns:ENTERPRISEPACK US


5) Login to Office 365 portal by starting a remote powershell session to Exchange Online and start the onboarding process:

$sourceendpoint = (Get-MigrationEndpoint).Identity

PS C:\scripts> New-MigrationBatch -SourceEndpoint $sourceendpoint -AutoStart -TargetDeliveryDomain "MyADPublicDNS.mail.onmicrosoft.com" -CSVData ([System.IO.File]::ReadAllBytes("C:\Manufacturing.csv")) -NotificationEmails "infrastructure@myadpublicdns.com" -LargeItemLimit 50 -BadItemLimit 50 -Name ManufacturingTeamOnboarding


Complete the Migration Batch after the initial Sync is done:

Complete-MigrationBatch -Identity ManufacturingTeamOnboarding -NotificationEmails infrastructure@myadpublicdns.com

There are scenarios where it becomes necessary to move a mailbox back to the on premise mailbox server from Office 365 cloud using the GUI (web interface). The offboarding process is straight forward . The following snapshot shows the key field values that need to be entered while moving a mailbox back on premise.