Testing a distribution list for pre-migrations…
When migrating distribution lists to Office 365 there is a series of health checks performed to ensure that the migration will be successful. Through the enumeration and normalization process each recipient that appears on the property of the distribution list is tested for presence in Office 365.
Prior to version 2.9.6.6 the only way to predict success or failure of the migration was to attempt and perform the migration. If the group contained a nested distribution list, a member of a property was not present, or the group was not directory synchronized the migration would fail and allow the administrator to review the logs. At the end of each migration is a failure table with exception codes that allow administrators to analyze the failure and take actions.
Version 2.9.6.6 introduces several test functions to offer administrators the opportunity to test pre-requisites before performing a migration. These commands include Test-PreMigration, Test-PreMigrationO365Group, and Test-PreO365GroupConversion. Each of the test commandlets performs the tests based on the type of migration that will be performed.
TEST-PREMIGRATION
This commandlet allows the administrator to test a standard on-premises to Office 365 distribution list migration.
Test-PreMigration -groupSMTPAddress atestgroup178@domain.com -globalCatalogServer azure-dc-0.home.domain.com -activeDirectoryCredential $cred -activeDirectoryAuthenticationMethod kerberos -exchangeOnlineCredential $cred -azureADCredential $cred -logFolderPath c:\temp
In this instance the group failed the test, and the folder was renamed to reflect failure.
[2/21/2023 7:11:46 PM] – FAILED – renaming directory.
[2/21/2023 7:11:46 PM] – PreReqTest-20230221T1911466009-atestgroup178-FAILED
[2/21/2023 7:11:46 PM] – c:\temp\PreReqCheck\
When reviewing the failure table contained at the end of the log file the following is noted.
[2/21/2023 7:11:45 PM] – +++++
[2/21/2023 7:11:45 PM] – Pre-requist checks failed. Please refer to the following list of items that require addressing for migration to proceed.
[2/21/2023 7:11:45 PM] – +++++
[2/21/2023 7:11:45 PM] –
[2/21/2023 7:11:45 PM] – =====
[2/21/2023 7:11:45 PM] – Alias: domainAdmin
[2/21/2023 7:11:45 PM] – Name: domainAdmin
[2/21/2023 7:11:45 PM] – PrimarySMTPAddressOrUPN: domainAdmin@domain.com
[2/21/2023 7:11:45 PM] – RecipientType: user
[2/21/2023 7:11:45 PM] – GroupType:
[2/21/2023 7:11:45 PM] – RecipientOrUser: Recipient
[2/21/2023 7:11:45 PM] – ExternalDirectoryObjectID:
[2/21/2023 7:11:45 PM] – OnPremADAttribute: managedBy
[2/21/2023 7:11:45 PM] – DN: CN=domainAdmin,CN=Users,DC=home,DC=domain,DC=com
[2/21/2023 7:11:45 PM] – ParentGroupSMTPAddress: atestgroup178@domain.com
[2/21/2023 7:11:45 PM] – isAlreadyMigrated: False
[2/21/2023 7:11:45 PM] – isError: True
[2/21/2023 7:11:45 PM] – isErrorMessage: OFFICE_365_DEPENDENCY_NOT_FOUND_EXCEPTION: A group dependency was not found in Office 365. Please either ensure the dependency is present or remove the dependency from the group.
[2/21/2023 7:11:45 PM] – =====
[2/21/2023 7:11:45 PM] – Pre-requiste checks failed. Please refer to the previous list of items that require addressing for migration to proceed.
In this instance the managedBy attribute has a manager that is not present in Office 365. This creates a property that cannot be recreated in the service.
TEST-PREMIGRATIONO365GROUP
When migrating from an on premises group to an Office 365 group there are different sets of properties to test for. This commandlet allows administrators to test for pre-requisits associated specifically with an on-premises to Office 365 group migration.
Test-PreMigrationO365Group -groupSMTPAddress atestgroup178@domain.com -globalCatalogServer azure-dc-0.home.domain.com -activeDirectoryCredential $cred -activeDirectoryAuthenticationMethod kerberos -exchangeOnlineCredential $cred -azureADCredential $cred -logFolderPath c:\temp
In this instance the group failed the test, and the folder was renamed to reflect failure.
[2/21/2023 7:39:02 PM] – FAILED – renaming directory.
[2/21/2023 7:39:02 PM] – PreReqTest-20230221T1939022343-atestgroup178-FAILED
[2/21/2023 7:39:02 PM] – c:\temp\PreReqCheck\
When reviewing the failure table at the end of the log file the following errors are noted.
[2/21/2023 7:39:01 PM] – +++++
[2/21/2023 7:39:01 PM] – Pre-request checks failed. Please refer to the following list of items that require addressing for migration to proceed.
[2/21/2023 7:39:01 PM] – +++++
[2/21/2023 7:39:01 PM] –
[2/21/2023 7:39:01 PM] – =====
[2/21/2023 7:39:01 PM] – Alias: aTestGroup178
[2/21/2023 7:39:01 PM] – Name: aTestGroup178
[2/21/2023 7:39:01 PM] – PrimarySMTPAddressOrUPN: aTestGroup178@domain.com
[2/21/2023 7:39:01 PM] – RecipientType: group
[2/21/2023 7:39:01 PM] – GroupType: -2147483640
[2/21/2023 7:39:01 PM] – RecipientOrUser: Recipient
[2/21/2023 7:39:01 PM] – ExternalDirectoryObjectID:
[2/21/2023 7:39:01 PM] – OnPremADAttribute: SecurityGroupCheck
[2/21/2023 7:39:01 PM] – DN: CN=aTestGroup178,OU=MigrationTest,OU=DLConversion,DC=home,DC=domain,DC=com
[2/21/2023 7:39:01 PM] – ParentGroupSMTPAddress: atestgroup178@domain.com
[2/21/2023 7:39:01 PM] – isAlreadyMigrated: N/A
[2/21/2023 7:39:01 PM] – isError: True
[2/21/2023 7:39:01 PM] – isErrorMessage: UNIFIED_GROUP_MIGRATION_GROUP_IS_SECURITY_EXCEPTION: To perform an Office 365 Unified Group migration of a mail-enabled security group on premsies the administrator must use -overrideSecurityGroupCheck acknolwedging that permissions may be lost in Office 365 as a result of the migration.
[2/21/2023 7:39:01 PM] – =====
[2/21/2023 7:39:01 PM] – =====
[2/21/2023 7:39:01 PM] – Alias: domainAdmin
[2/21/2023 7:39:01 PM] – Name: domainAdmin
[2/21/2023 7:39:01 PM] – PrimarySMTPAddressOrUPN: domainAdmin@domain.com
[2/21/2023 7:39:01 PM] – RecipientType: user
[2/21/2023 7:39:01 PM] – GroupType:
[2/21/2023 7:39:01 PM] – RecipientOrUser: Recipient
[2/21/2023 7:39:01 PM] – ExternalDirectoryObjectID:
[2/21/2023 7:39:01 PM] – OnPremADAttribute: managedBy
[2/21/2023 7:39:01 PM] – DN: CN=domainAdmin,CN=Users,DC=home,DC=domain,DC=com
[2/21/2023 7:39:01 PM] – ParentGroupSMTPAddress: atestgroup178@domain.com
[2/21/2023 7:39:01 PM] – isAlreadyMigrated: False
[2/21/2023 7:39:01 PM] – isError: True
[2/21/2023 7:39:01 PM] – isErrorMessage: UNIFIED_GROUP_MIGRATION_MANAGER_NOT_MEMBER_EXCEPTION: Office 365 Groups require all owners to be members. ManagedBY is mapped to owners – this manager is not a member of the group. The manage must be removed, use the switch -addManagersAsMembers to add all managers, or manually add this manager as a member.
[2/21/2023 7:39:01 PM] – =====
[2/21/2023 7:39:01 PM] – =====
[2/21/2023 7:39:01 PM] – Alias: Tim
[2/21/2023 7:39:01 PM] – Name: Tim McMichael
[2/21/2023 7:39:01 PM] – PrimarySMTPAddressOrUPN: Tim@domain.com
[2/21/2023 7:39:01 PM] – RecipientType: user
[2/21/2023 7:39:01 PM] – GroupType:
[2/21/2023 7:39:01 PM] – RecipientOrUser: Recipient
[2/21/2023 7:39:01 PM] – ExternalDirectoryObjectID:User_6004ad19-6c4c-4ea5-83a2-7d10afc5e3a1
[2/21/2023 7:39:01 PM] – OnPremADAttribute: msExchBypassModerationLink
[2/21/2023 7:39:01 PM] – DN: CN=Tim McMichael,OU=Users,OU=domain Objects,DC=home,DC=domain,DC=com
[2/21/2023 7:39:01 PM] – ParentGroupSMTPAddress: atestgroup178@domain.com
[2/21/2023 7:39:01 PM] – isAlreadyMigrated: False
[2/21/2023 7:39:01 PM] – isError: True
[2/21/2023 7:39:01 PM] – isErrorMessage: UNIFIED_GROUP_MIGRATION_BYPASS_MODERATION_FROM_SENDERS_OR_MEMBERS_EXCEPTION: Office 365 Unified Groups do not have BypassModerationFromSendersOrMembers. To migrate to an Office 365 Unified Group the bypass moderation from senders or members must be cleared.
[2/21/2023 7:39:01 PM] – =====
In this instance the tests failed, indicating three different exceptions that apply only to Office 365 Group migrations. The first being the source group is a security group, the second that the manager is not a member, and lastly the group has BypassModerationFromSendersOrMembers rights. These are all issues that would prevent successful migration from on-premises to Office 365 Group.
TEST-PREO365GROUPCONVERSION
This test allows the administrator to test the pre-requisites associated with converting a cloud only distribution group to an Office 365 Group. As with migrations from on-premises groups the conversion process tests for the same requirements that the on-premises migration has. This allows administrators to predict the success or failure of a group conversion.
test-preO365GroupConversion -groupSMTPAddress zCloudOnlyMemberOfMailDistribution41@domain.com -exchangeOnlineCredential $cred -azureADCredential $cred -logFolderPath c:\temp -addManagersAsMembers:$TRUE
In this instance there are no pre-requisites that would not allow the conversion to succeed.
[2/21/2023 7:53:51 PM] – Success – renaming directory.
[2/21/2023 7:53:51 PM] – PreReqTest-20230221T1953517076-zCloudOnlyMemberOfMailDistribution41-Success
[2/21/2023 7:53:51 PM] – c:\temp\PreReqCheck\
The test commandlets allow administrators to run pre-requisite checks and test for the probability of migration success or failure without actually running the migration process.