G Suite To Office 365 - New Wizard Based Migration

G suite to Office 365 Migration

Microsoft has come up with a new wizard-based migration for G Suite to Office 365. This helps to migrate the Email, Calendar & Contacts without any user intervention. It also helps to maintain staged migration which means a hybrid configuration can be maintained until the migration for all mailboxes is completed.
This article explains the steps involved in migration process

Domain Verification in Office 365

The Custom\Public domain should be verified in Office 365
  • Specify a public domain.
  • Click Use this domain
  • In domain DNS registrar, Create TXT record with the value provided.
  • Click Verify
  • On Activate records page, click Continue
  • Select Skip and do this later
  • Click Continue
Currently G Suite being the active service provider, all the DNS records of primary domain should point to G Suite. Upon completion of migration and at the time of switching over DNS records provided by Office 365 should be created.
  • Click Done
  • Custom domain is successfully verified and made as Default domain for this Office 365 Tenant

Create Google Service Account

In Google Admin Console a new project & service account has to be created.
The project provides a JSON template which is to be used while creating migration batches in Office 365. JSON template also holds the Service account details. The service account holds the admin access to the tenant with which we can migrate the data to Office 365.
  • Login to IAM & Admin page (Developer Page)
  • Click Service Accounts on the left pane.
  • Click Create Project
  • Specify the Project Name
  • Select the Organization & Location.
  • Click Create
The Organization & Location should be the primary domain in G suite, which holds the complete access to the G Suite.
The New Project is created successfully.
  • Click on + Create Service Account
  • Specify Name & ID for the service account.
  • Click Create
  • Service Account created successfully.
  • On service account permissions (Optional) page, click Continue
  • Under Create Key (optional) click Create Key
  • Select JSON and click Create 
  • A JSON file will be downloaded.
Note the download location of the file. This file will be used while creating Migration endpoint in Office 365.
  • Click Done.
  • On the created service account, select Edit action
  • On the Service account details page note the Unique ID.
This Unique ID will be used to grant access for this service account for the Google tenant.
On Service account details page,
  • Click Show Domain-Wide Delegation to expand the section.
  • Click Enable G Suite Domain-Wide Delegation
  • Specify Product Name
  • Click Save
  • Service Account updated successfully.

Enable API usage in your project

Enabling the API usage in the newly created project. These APIs provide access to the Email, Calendar & Contacts.
  • Go to Developer page for API Library

  • Search for Gmail API
  • Click Enable
  • Gmail API is enabled.
  • Search for Google Calendar API
  • Click Enable
  • Google Calendar API is enabled.
  •  Search for Contacts API
  • Click Enable
  • Contacts API enabled

Grant Access to Service Account for Google Tenant

Enabling access for Service Account to the newly created API.
  • Login to G Suite Admin page
  • Navigate to Security - Advanced Settings
  • Click Manage API Client Access
  • In the Client Name Box, specify the Unique ID noted while creating the service account.
  • In API Scopes, add the required scopes in comma-separated format, with no spaces in between.
  • If the API Scopes are entered incorrectly, the resulting list won't match and the migration process will fail later, after you start the migration batch.
  • Click Authorize
Verify that the resulting list shows,
"Email (Read/Write/Send)",
"Calendar (Read-Write)",
"Contacts (Read/Write)", and

Create a sub-domain for mail routing to Office 365

A sub-domain to be created in G Suite. This sub-domain is used for mail routing purpose.

This Sub-domain should be verified in Office 365. Also, MX record for this sub-domain should point to Office 365.

When a few mailboxes are migrated to Office 365, the end users can start using this Office 365 mailbox. They will be able to access the existing data as well as to send & receive emails.

Emails sent by migrated users will be routed to the Internet.
Emails sent to migrated users will first reach G-Suite mailbox where a forwarding address pointing to this subdomain will be assigned.
  • Login to Google Admin center
  • Click Domains
  • Click Manage domains
  • Click Add a domain
The list of existing domains will be displayed in this page.
  • Specify the sub-domain name
  • Click Continue and verify Domain Ownership
Note that the sub-domain should be in the format “o365.primary domain.com”
  • The provided TXT record should be created in the DNS registrar.
  • Click Verify
  • Sub-domain is created & verified successfully.
The new sub-domain will be listed in the Manage Domain Page.
  • Login to Office 365 admin center (Https://portal.office365.com/adminportal )
  • Navigate to Settings - Domains
  • Click Add Domain
  • Specify the Sub-domain created in G Suite admin
  • Since the primary Domain is verified, Sub-domain will be verified without additional TXT record.
  • Click Continue to activate DNS records of Office 365 services
  • Create the specified DNS records in the DNS registrar.
  • Click Continue
The CNAME & TXT records can be skipped as this sub-domain is used only for email flow.
  • The sub-domain will be listed in Office 365 Domains page.

Create Domain Alias

A Domain Alias is to be created in GSuite Admin for Mail flow during the migration process.
A forwarding address will be created for all user accounts in Office 365. This ensures that, when a migrated user in Office 365 send email to non-migrated in G-Suite Office 365 will route the email with the help of this Domain Alias.
  • Login to Google Admin center
  • Click Domains
  • Click Manage domains
  • The list of existing domains will be displayed.
  • Click Add a domain alias
  • Specify the Domain Alias.
  • Click Continue and Verify Domain Ownership
Note that the sub-domain should be in the format “gsuite.primary domain.com”
  • The provided TXT record should be created in the DNS registrar.
  • Click Verify
  • Domain Alias Created and verified successfully.
  • The list of Domains will be displayed in Manage Domains Page.
  • Note that the MX record for the Domain Alias should be created in DNS registrar pointing to G-Suite.
  • MX record details can be found in the Manage Domain Page of G Suite tenant.
  • Now, all the User account in G Suite will have secondary alias as username@gsuite.domain.com
  • The Domain Alias should be verified in the Office 365 Tenant. Follow the steps performed for adding Sub-domain.
Note that Activation Records should be skipped for Domain Alias. As it will be used only for forwarding emails.
  • Login to Exchange Admin Center
  • Navigate to Mail Flow - Accepted Domains
  • Double click on the Domain Alias
  • Select Internal Relay.
  • Click Save.

Provision users in O365

Once the G Suite environment has been properly configured, you can complete your migration in the Exchange admin center or through the Exchange Online PowerShell.
Before proceeding with either method, make sure that Mail Users (In Office 365) have been provisioned for every user in the organization who will be migrated (either now or eventually). If any users aren't provisioned, provision them using the instructions in Manage mail users.
It is recommend that the primary address (sometimes referred to as the "User Id") for each user be at the primary domain (such as "user1@domain.com"). Typically, this means that the primary email address should match between O365 and G Suite. If any user is provisioned with a different domain for their primary address, then that user should at least have a proxy address at the primary domain. Each user should have their ExternalEmailAddress point to the user in their G Suite routing domain ("user1@gsuite.domain.com"). The users should also have a proxy address that will be used for routing to their Office 365 routing domain (such as "user1@o365.domain.com").

 Start a G Suite migration batch with the Exchange admin center (EAC)

  • Click the dropdown icon next to +
  • Click Migrate to Exchange Online
  • Select G Suite (Gmail) migration.
  • Click Next
  • Browser and Select the Batch file (CSV file)
  • Click Next.
Create a CSV file containing the set of all of the users you want to migrate. You will need its filename below. The allowed headers are,
  • EmailAddress (required). Contains the primary email address for an existing Office 365 mailbox.
  • Username (optional). Contains the Gmail primary email address, if it differs from EmailAddress.
  • Specify the G Suite Super Admin Email address.
  • Click Next.
  • Specify the Batch Name
  • Specify the Target Delivery Domain (o365.domain.com)
  • Specify an Email Account to receive the Migration Batch Status information over email.
  • Select the Preferred option to start the Batch as Automatic.
  • Select the preferred option to end the batch as Manual.
  • Click New
As soon as the migration is initiated, the Mail User object will be converted to User Mailbox in Office 365. The ExternalEmailAddress of the Mail User object will be converted as Forwarding Address of the User Mailbox.
  • The Migration batch is initiated successfully.
After the batch status changes from Syncing to Synced, you can complete the batch.
To Complete the batch, select Batch and then you can see Complete this migration batch option in the right pane. The batch status will then be Completed.
At the time of Completion, the differential data will be synchronized.
Upon Successful migration of all user mailboxes, the MX record for the primary domain can be switched to Office 365. The Sub-Domain and the Alias-domain can be deleted.