Planning for the Migration of Users and Groups
Start course
1h 10m

Microsoft 365 represents a combination of Office 365, Windows 10 and Enterprise Mobility offerings – providing the most complete set of SaaS technologies that Microsoft has to offer. With Microsoft 365, organizations can deploy a complete solution encompassing both devices and applications, along with applying security and compliance policies to protect the entire suite.

This course will help you as you plan your migration of users and data to Microsoft 365, including planning your identity and authentication solution, and the on-premises infrastructure needed to support your migration. We’ll also help you understand and identify your business requirements and use cases, to help drive your decision-making process when planning to transition your infrastructure to the Microsoft cloud. We’ll spend some time focusing on networking and discuss some of the networking decisions that need to be made to ensure an optimal migration experience, as well as the best experience for your users after migration.

This course will also help you to identify which data needs to be migrated to the cloud, and what the best migration method will be based on your scenario – we’re also going to cover the different types of user identities, how your users will authenticate, and how that’s going to affect your migration planning.

In addition to talking about these different components, we’re also going to run through a few demos – showing you some of the practical steps involved, along with some tips and tricks we’ve picked up along the way. 

Learning Objectives

By the end of this course, you should be able to:

  • Plan a Microsoft 365 Implementation, including the supporting infrastructure
  • Plan your identity and authentication solution, both on-premises and in the cloud
  • Identify your users, data, and mailboxes to be migrated to Microsoft 365
  • Plan the migration of your groups and user data to Microsoft 365

Intended Audience

This course is intended for people who:

  • Want to become a Microsoft 365 administrator
  • Are preparing to take the Microsoft’s MS-100 exam 


To get the most from this course, you should have a general understanding of networking & server administration as well as IT fundamentals such as DNS, Active Directory and PowerShell.


Now that we've covered some of the basic concepts you need to keep in mind for planning your Microsoft 365 implementation let's talk about the logical next step, migration. There are several different starting points for migrating your users and data to Microsoft 365, whether it's Exchange Online, One Drive for Business, Teams, SharePoint, Yammer, et cetera. 

Each one of these services is going to require a different migration approach and have some different considerations for each one. Overall though the principles are the same, so we'll focus less on the individual components and more on how you'd plan for the migration of your users and data into the Microsoft 365 service that you're configuring. 

Let's start out by talking about our identities, migrating on-prem users and groups. Now we've already spent a bit of time talking about this in the identity section of this course, so there's only a few more things to cover off in this section. 

To recap quickly, migrating your users and groups to Office 365 means either creating them directly in the portal, or synchronizing them up using AAD Connect. Remember that as long as synchronization is running your source of authority remains in Active Directory on premises, and it is only tenants without synchronization that have their source of authority in Azure Active Directory. 

How this affects you is simple but often misunderstood. This means that once you are synchronizing your directories, you are not able to edit those objects in the cloud. This can have unintended side effects on your user experience, especially if you have folks who are used to managing their own distribution groups in Outlook. As soon as synchronization is enabled, and that user's mailbox is moved to Exchange Online they'll be unable to manage that distribution group since they are now in the cloud, and the distribution group's source of authority is back on premises. If you're in this scenario and you need to allow your users to edit groups that they own, you need to delete the group on premises and recreate it as a cloud only group in Office 365. This puts both the user and the group in the same source of authority allowing the user to edit their groups again. When considering this move though, it's important to think of your long-term strategy. 

Is your goal to remain in a hybrid management for the foreseeable future, managing your identities on premises and letting them sync up into Azure AD? If this is the case, you now begin to split the management of your groups where some groups are managed in Active Directory and the other groups are managed in Office 365. This might not be a problem for you, especially if you plan to let users manage their cloud groups and IT manages the groups that are still on-prem. It's just something to keep in mind as you go. 

You can't really move groups back and forth. Each time you change the source of authority you need to delete the group in one location and recreate it in the other. If you still have mailboxes on premises remember that you need to create a contact object for the group on-prem, so that mail will still route to the cloud correctly. For users, just remember that if you have directory synchronization in place, you'll need to manage the creation, deletion, and editing of user attributes on premises, and let those changes synchronize to Azure Active Directory.

About the Author

Jeremy Dahl is a Senior Technology Consultant who has spent the last 8 years focusing on Microsoft 365 technologies and has been an Office 365 MVP for the last 6 years. Jeremy is a self-proclaimed cloud addict who architects technology solutions that combine cloud technologies with on-premises solutions, allowing organizations to make the most of their existing infrastructure while still taking full advantage of the agility and scalability of what the cloud has to offer.

Jeremy can be found blogging about Microsoft 365 technologies on his website,, and evangelizing the Microsoft cloud on Twitter.