Exchange 2007 to Exchange Online Staged Migration


I recently performed a staged migration from Exchange Server 2007 to Exchange Online.  Even though Exchange Server 2007 extended support ended just over one year ago (on 11th April 2017), I am still aware of many customers running Exchange 2007.

I’m sure there will be plenty more Exchange Server 2007 to Exchange Online migrations coming along soon.  This article covers how I performed the migration, considerations, and issues I ran into.

Legacy Environment

  • Exchange Server 2007 SP3 (single server).
  • Approx 300 mailboxes, and 2TB of mailbox data to be migrated.
  • No Public Folders (thankfully).
  • No existing local AD directory synchronisation with Azure AD.


  • An Office 365 Tenant, with domains added and verified.
  • Azure AD Connect installed and configured (click here for how I did this).
  • Data is copied from mailboxes using Outlook Anywhere.  A correctly functioning Outlook Anywhere is critical to a successful staged migration.  Check it, you can use the Microsoft Remote Connectivity Analyzer to confirm.


Before establishing a migration endpoint and moving mailboxes, here are some considerations.


Exchange Mailboxes need to be licensed within 30 days of being migrated (the clock starts ticking at initial sync).  If you don’t license them, they will be deleted after 30 days.

Licenses can be applied in bulk from an input CSV file as follows (I’ve saved the CSV file as userstolicense.csv).


  • UsageLocation: the location of the user (two character country-code).
  • AccountSkuID: you can get this from Get-MsolAccountSku.

Run the following PowerShell commands to set the usage location and apply the license.

$UsersToLicense = Import-CSV userstolicense.csv
$UsersToLicense | ForEach { Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $_.UsageLocation
Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses $_.AccountSkuID }

Mail Flow

In a staged migration, mail flow between Exchange Server 2007 and Exchange Online is based on MX records and internet (default *) send connectors.

In my setup, this wasn’t desirable, the main reason being we wouldn’t have end-to-end TLS between mailboxes on Exchange 2007 and mailboxes migrated to Exchange Online.

  • In Exchange 2007, I configured a send connector for the (targetAddress) with DNS delivery.
  • In Exchange Online, I configured a send connector to “your organization’s email server” and specified the accepted domain.

Maximum Message Size Limit (25MB)

Messages exceeding the maximum message size won’t be migrated to Exchange Online, they’ll be skipped.

The default maximum message size for Exchange Online is 25MB.

This can be lowered to 1MB, or increased to 150MB globally, or on a per-user basis.

If you change the global setting, any new mailboxes will automatically inherit the maximum message size value.  To apply the value to exiting mailboxes, you need to set it on a per-mailbox basis.

Full Mailbox & Send As Permissions

Azure AD Connect copies folder & delegate permissions that exist on on-premises mailboxes to Exchange Online.  Full Mailbox & Send-As permissions aren’t copied.  They need to be audited and re-applied if necessary once mailboxes are migrated.

The following PowerShell command will list Full Access & Send As Permissions applied to a mailbox:

$EmailAddress = “”

Get-Mailbox $EmailAddress | Get-MailboxPermission | where {$_.AccessRights -eq “FullAccess” -and $_.IsInherited -eq $False} | select User | sort User



Get-Mailbox $EmailAddress | Get-ADPermission | Where-Object {$_.ExtendRights -like “*send*”}

When applying Send As permissions in Exchange Online I hit this problem:

You can’t use the domain because it’s not an accepted domain for your organization.

Scheduling Logic

In a Staged Migration, there will be co-existence issues when users need to access mailboxes across boundaries.  For example, a team heavily use a shared mailbox, and it is migrated before the users are to Exchange Online.  Access is lost.

The key is to move users in groups to ensure access is maintained.

Shared Mailboxes

In a staged migration, Shared Mailboxes do not get created in Exchange Online as Shared Mailboxes.  They are created as regular mailboxes and need to be converted in Exchange Online as detailed here.

PST File Imports

If you have PST files that need to be imported into Exchange Online, you can perform a network upload to Azure blob storage, and then import them into Exchange Online mailboxes as detailed here.

Migration Endpoint

A migration endpoint against Exchange Server 2007 needs to be defined.

I did this by creating a migration batch and running through an initial migration with a test user.

In the Exchange admin center, select recipients from the left pane, and then migration.


Click on the plus (+) symbol, click on Migrate to Exchange Online.


Check Staged migration.  Click Next.


A CSV file needs to be created containing the Email Addresses of users to be migrated.  The file can be as simple as below but must contain the header EmailAddress.


Note: in a staged migration with password synchronisation you do not need to include Password, and ForceChangePassword columns.

Click Choose File, browse to the file.


The CSV will be checked (1 mailboxes to migrate).  Click Next.


I get the following warning as autodiscover isn’t available externally:

“We couldn’t detect your server settings.  Please enter the.  The migration service failed to detect the migration endpoint using the Autodiscover service”.

I could fix this by purchasing a SAN Certificate (to contain the current mail name, plus the addition of autodiscover), however as Exchange 2007 will be decommissioned soon I will live with the error and enter the details manually.

I’m prompted to manually enter endpoint details.  Click More options…


  • Exchange server: enter the internal FQDN of the Mailbox Server, e.g. ex2007.x500.local.
  • RPC proxy server: enter the Outlook Anywhere name.  This is the external name that Outlook Anywhere is accessible on, e.g.
  • Authentication: Basic
  • Mailbox Permission: Domain Admin

Click Next.


Enter domain admin credentials when prompted.  Click Next.


Enter a name for the migration batch.  Click Next.


You must specify a report recipient, click Browse and select a recipient.  A report is emailed on completion of the migration batch, or after 24 hours of running, whichever comes the soonest.  

Check Automatically start the batch.  Click new.

Note: in a staged migration this is the only option, you cannot select to start the batch later or schedule it to run at a specified time.


The migration will start.


Click View details to view detailed migration batch and user information.


When the mailbox migration is complete, the status will be Synched.


Convert to MEU

On successful migration, the source Exchange 2007 Mailbox needs to be converted to a Mail Enabled User.  Why this needs to be done, and how to do it is detailed here.

Mailbox Migration Issues

I ran into the following issues with a couple of mailboxes:

Mailbox migration failure: the provided email address was not unique on the source side.

Mailbox migration failure: the source email address couldn’t be found in the on-premises domain.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s