Active Directory, Exchange, Windows, Lync, Skype for Business and Office 365 how-to's and tips and tricks as we pick them up. Feel free to pass on anything you see here, and PLEASE subscribe to our RSS feed, and leave comments if you find our posts helpful!
Friday, October 10, 2014
Multi Organization O365 migrations - SMTP routing and Criteria Based Routing
When migrating three
disparate email organizations into a single Office 365 tenant, one of the major
hurdles in this was ensuring that once we have the first organization
(CompanyA.com) migrated, the tenant is essentially in production, and while we
are planning on turning up and licensing users for the next organization
(CompanyB.com), we realized the problems this would cause.
organization is large.Very large.So we need to pre-stage data into mailboxes
that could take days or even weeks.
The SMTP routing issue presented
If users from
CompanyA.com were to attempt to email CompanyB.com, the messages would deliver
to their mailbox in the tenant.The
same will be true when CompanyA.com and CompanyB.com are in production and
CompanyC.com is pre-staging
blanking out the mail attribute in AD to avoid this and just pre-stage to their
tenant email address (companyABC.onmicrosoft.com) but too many other AD
integrated applications relied on that field so that was not an option.
We began looking
around in DirSync filtering for ways to blank the mail attribute by pairing it
to an unused AD attribute in Active Directory.This is NOT AT ALL recommended.
Microsoft does not support modification or operation
of the Directory Sync tool outside of those actions formally documented.
The actions documented below in this article are supported.
Unsupported actions include:
Opening the underlying FIM Sync Engine to modify Connector
Manually controlling the frequency and/or ordering of
Synchronization Run Profiles or changing the attributes that are
synchronized to the cloud.
Any of these actions may result in an inconsistent or
unsupported state of the Directory Sync tool and as a result, Microsoft cannot
provide technical support for such deployments / usage of the tool.
Filtering configurations applied to your directory
synchronization instance aren’t saved when you install or upgrade to a newer
version. If you are upgrading to a newer version of directory synchronization,
you must re-apply filtering configurations after you upgrade, but before you
run the first synchronization cycle.
That seems like very
clear and strong language.It's not
supported, and if you change anything it might also break if and when you patch
So without putting
the customer in an unsupported space, how can we address the presenting mail
Create an Outbound Connector
for the CompanyB.com domain
On the Delivery
section, specify "Route mail through smart hosts" and manually
enter the existing MX records for the CompanyB.com domain
On the "Scope"
section, select "Use for Criteria Based Routing (CBR)"
Create a Transport Rule
Apply this rule
if: The recipient is.. located inside the organization
And: A recipient's domain
Use the following outbound
connector.. Select the connector created in Step 1
That's it.Now you can license mailboxes with their
correct SMTP addresses, pre-stage data, and they will NOT receive any SMTP
traffic until you disable or remove the connector and the rule.Which in addition is a much easier cutover
day task than to be changing users or DirSync configurations en masse.
Hope this helps you,
please post if it does!
This procedure only works if the domain name you are configuring the rule for is in the mailbox's PRIMARY SMTP address. If it is a secondary SMTP address, the rule won't fire, as when someone checks names, it will default to their primary.