Moving users from Skype for Business Online to Skype for Business Server 2015

Recently I migrated approximately 4000 users from Skype for Business Online to Skype for Business Server on-premises (in a hybrid configuration).

The main driver for this was to improve internal audio & video conferencing performance, and in preparation for Enterprise Voice being rolled out across the enterprise.

Before moving test users, I verified the Access Edge Configuration & Hosting Provider settings.

Get-CsAccessEdgeConfiguration

Identity: Global
AllowAnonymousUsers: True
AllowFederatedUsers: True
AllowOutsideUsers: True
BeClearingHouse: False
EnablePartnerDiscovery: True
DiscoveredPartnerVerificationLevel: UseSourceVerification
EnableArchivingDisclaimer: False
EnableUserReplicator: False
KeepCrlsUpToDateForPeers: True
MarkSourceVerifiableOnOutgoingMessages: True
OutgoingTlsCountForFederatedPartners: 4
DnsSrvCacheRecordCount: 131072
DiscoveredPartnerStandardRate: 20
EnableDiscoveredPartnerContactsLimit: True
MaxContactsPerDiscoveredPartner: 1000
DiscoveredPartnerReportPeriodMinutes: 60
MaxAcceptedCertificatesStored: 1000
MaxRejectedCertificatesStored: 500
CertificatesDeletedPercentage: 20
SkypeSearchUrl: https://skypegraph.skype.com/search/v1.0
RoutingMethod: UseDnsSrvRouting

Get-CsHostingProvider

Identity: SkypeforBusinessOnline
Name: SkypeforBusinessOnline
ProxyFqdn: sipfed.online.lync.com
VerificationLevel: AlwaysVerifiable
Enabled: True
EnabledSharedAddressSpace: True
HostsOCSUsers: True
IsLocal: False
AutodiscoverUrl: https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root
Identity: Exchange Online
Name: Exchange Online
ProxyFqdn: exap.um.outlook.com
VerificationLevel: AlwaysVerifiable
Enabled: True
EnabledSharedAddressSpace: True
HostsOCSUsers: False
IsLocal: False
AutodiscoverUrl :

To move a single user:

$cred = Get-Credential

Move-CsUser –Identity steve.bush@x500.co.uk -Target [Front End Pool]
-HostedMigrationOverrideUrl https://admin0e.online.lync.com/HostedMigration/hostedmigrationservice.svc
-Credential $cred -DomainController [Domain Controller FQDN]

Note this will fail if you don’t specify a Domain Controller!

Moving bulk users:

The customer provided me with a migration schedule based on Source OUs.

Enumerate SfB Users based on OU:

$ou = “Domain/OU”

$cred = Get-Credential

$users = Get-CSUser -OU $ou -ResultSize Unlimited | where {$_.Enabled -eq $true -and $_.HostingProvider -eq “sipfed.online.lync.com”} | Select SipAddress

We’ve got the SIP Address of the relevant users, now we move them on-prem.

Move users:

$users | ForEach {

Write-Host “Moving User:” $_.SipAddress -foregroundcolor red
Write-Host $ou -foregroundcolor blue

Move-CsUser -Identity $_.SipAddress -Target [Front End Pool] -HostedMigrationOverrideUrl https://admin0e.online.lync.com/HostedMigration/hostedmigrationservice.svc -Credential $cred -DomainController [Domain Controller FQDN] -confirm:$false

}

Assign SfB Policies:

I then needed to apply a conferencing policy to the same users:

$users | ForEach {
Write-Host “Assigning Conferencing Policy:” $_.SipAddress -foregroundcolor yellow
Grant-CsConferencingPolicy -PolicyName “Policy Name” -Identity $_.SipAddress

}

Moving a user took on average 0.6 seconds.  I did hit the following error a couple of times preventing any further user moves for around 45 minutes.  I logged an incident with Microsoft, who claim such a limit doesn’t exist, although I’m sure it must!

“The server is unable to handle your request at the moment. Please wait a few minutes and try again. If this error persists please contact Microsoft Support”.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s