LAST UPDATED: 04-18-2024
- MANDATORY MUST DO FIRST -
(ENABLE GOOGLE APIS FOR MIGRATION)
1. Create a project via Microsoft Migration Wizard
2. https://console.cloud.google.com
3. Choose project from top dropdown. Mine was projectnamemrhn for example.
4. APIs & Services - Library
5. Search for and enable the below
Gmail API
Google Calendar API
Google People API
Contacts API
Admin SDK API
- ALTERNATIVE SOLUTIONS THAT MAY HELP BELOW -
(HOW TO SOLVE - SERVICE ACCOUNT KEY CREATION IS DISABLED)
SOURCE: https://stackoverflow.com/questions/78161775/organisational-policy-permissions-google-cloud-for-microsoft-migration
With a Workspace super admin, login to https://console.cloud.google.com.
Make sure you're working in the root org.
- Select IAM and admin.
- In IAM on left-hand menu, edit permissions for organization.
- Add Organization Policy Administrator and save.
- Go to Organization policies in left-hand menu.
- Search for 'Disable service account key creation'.
- Edit policy, set Enforcement to Off and save.
- Change workspace from root org to the project the 365 wizard created. Mine was called projectnamempij.
- In IAM and admin, go to Service accounts in left-hand menu.
- In the 3 dots menu besides the service account, select Manage keys.
- When in service account, Add key -> Create new key.
- The json file is created and downloaded.
- Create a new endpoint in Exchange Online and use the downloaded json
Office 365 Migration Wizard - Google Workspace (GSUITE) to Office 365
(GOOGLE PREP)
1.) Go to https://console.developers.google.com/
2.) Expand the hamburger menu in the upper left-hand corner.
3.) Navigate to Select IAM & Admin > Manage Resources
5.) Select the organization resource. i.e. cognetic.com
6.) In the right-hand pane, under the Permissions tab, select "Add Principal".
Enter your Google Migration admin email login.
7.) Add roles: Project Creator and Create Service Accounts.
8.) Select Save.
9.) Wait approx 15 minutes for permissions to update.
(OFFICE 365 PREP)
1.) Start the Office 365 Migration Wizard
2.) Login with Google admin email account above.
3.) Export the .json file and save.
4.) Pause this Office365 wizard, and grant the newly created client ID permission to Google, per the below steps.
(GRANT NEWLY CREATE PROJECT CLIENT ID PERMISSIONS)
1.) admin.google.com
2.) Security > Access and data control > API Controls
3.) In the Domain wide delegation pane, select Manage Domain Wide Delegation.
4.) Click Add new.
5.) In the Client ID field, enter the service account's Client ID from the Office365 exported .json file.
6.) In the OAuth scopes (comma-delimited) field, enter the below list of scopes
https://mail.google.com/https://www.googleapis.com/auth/contactshttps://www.googleapis.com/auth/calendarhttps://www.googleapis.com/auth/gmail.settings.sharing
7.) Grant APIs via APIs & Services > Library
Note: Make sure you have the Office 365 project selected in the project dropdown at the top.
- Gmail API
- Google Calendar API
- Contacts API
- Google People API
8.) Wait approx 15 minutes for permissions to update.
9.) Return to the Office365 Migration Wizard.
(OFFICE 365 MIGRATION WIZARD - CONTINUTED)
1.) Import CSV file of users to migrate (see attached sample .csv).
2.) Complete the wizard
(MIGRATION STATUS OPTIONS)
Stop migration: Stop the migration of mailboxes. After the batch is stopped, the status is changed to Stopped.
Resume migration: Resume the running of a migration batch that was paused and has a status of Stopped. If there are errors for a migration batch, you can restart it with this command, and Microsoft 365 or Office 365 will attempt to migrate the mailboxes that failed.
Edit Batch: Edit an existing migration batch. You can change the finalization semantics of batches that support finalization. You can also change the migration endpoint used for the migration batch.
Approve Migration Batch: For a batch scored as Poor, approving the migration allows you to complete all migrations in the batch with a score of Perfect, Good, or Investigate, but will not approve any migration in the batch with a score of Poor. If the migration fails with a grade of Poor, you cannot force the migration to succeed.
Finalize Migration Batch: Each mailbox in the migration batch runs a final incremental synchronization. Configures the user's Microsoft Outlook profile to point to the new target domain. Converts the source mailbox to a mail-enabled user in the source domain.
Delete: Delete a migration batch after you verify that all mailboxes in the migration batch have been successfully migrated. Verify also that mail is being routed directly to cloud-based mailboxes after you've configured your MX record to point to Microsoft 365 or Office 365. When you delete a migration batch, Microsoft 365 or Office 365 cleans up any records related to the migration batch and removes it from the list.
- -
Sources:
https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority