Skip to content
Category: Microsoft 365
2020-07-29

Configuration for the migration from G Suite to Microsoft 365

This article will explain how to configure between G Suite and Microsoft 365 to make the migration of mail data between them.

Create a Google service account

In Chrome, go to the Service Account Developer Page and sign in as a Google user (as the G Suite administrator).

Click create project to create and name a new project for incorporation (e.g. “G Suite migration project”) or click select to select an existing project.

This will open a new window in which the wizard will ask for the following data

Service Account Name (Nombre de Proyecto)
Service Account ID(Organizacion)
Location(Ubicación)

Once the data has been filled in we will click on the create button. On the service account permissions screen, click on “+ Create Service Account“.

We will fill in the data required to set up the service account.

Once the data has been filled in, click on the “Create” button. On the next page we will assign the user the role of reader on the project.

To do this, we will display the combo and choose “Project” and in the submenu “Reader” and then click on the “continue” button.

In the next screen we will put the email address of a G Suite administrator.

When the user data has been filled in we will click on the “Done” button to create the user.

Once the account is created we will click on it to access.

Once on the service account we will do several things. The first is to “enable domain-wide delegation of G Suite” and to do this we must click on the “Edit” button and then on “Show domain-wide delegation“.

When doing so, we have to set up the consent screen and we have to click on “Set up consent screen“.

In the type of user we will choose the option of Internal.

And we’ll click on the “CREATE” button. In the new page we will put the name of the internal application and the support email address, select all the APIs and put the authorized domain.

And we click on the “Save” button. This way we already have the APIs and services created.

Now we’ll need to add the Gmail APIs to do the migration. To do this we’ll need to click ‘Libraries‘.

And we will add the following API’s

Gmail API
API Contacts
Google Calendar API

In the API Library we will look for them.

We will click on the API.

Once inside the API we will click on the button “ENABLE“.

And we will repeat this process with the other API’s.

With the API’s loaded we’ll deploy “Google Cloud Platform” and click on “IAM and Management” and in the sub-menu on “Service Accounts“.

Already in this new screen we can see the users of the Service accounts created.

We will click on our user.

This will display an option to check “Enable delegation across the G Suite domain“.

Once the delegation is marked, we will click on the “Add Key” button to add an access class to the G Suite services.

And we will click on “create Key“.

We’ll choose the “JSON” option.

And we’ll click on the “Create” button.

We will save the “JSON” file and close the window.

Now we will copy the user’s “unique ID” into a File because we will need it later.

Granting access to your Google business space service account

  1. Go to the G Suite Administration Page and log in as a G Suite administrator for your business space.
  2. Click Security, click Advanced Settings, and then click Manage API Client Access.
  3. On behalf of the client, enter the ClientID of the service account you created in the create a Google service account section.
  4. In API scopes, add the required scopes in comma-separated value format, with no spaces between them.

Email (Read/Write/Send)  https://mail.google.com/

Contacts (Read/Write)  https://www.google.com/m8/feeds/

View groups on your domain  https://www.googleapis.com/auth/admin.directory.group.readonly

View and manage the provisioning of users on your domain  https://www.googleapis.com/auth/admin.directory.user

Groups Mail Migration  https://www.googleapis.com/auth/apps.groups.migration

Calendar (Read-Write)  https://www.googleapis.com/auth/calendar

Email (Insert/Import messages)  https://www.googleapis.com/auth/gmail.insert

Email (Manage labels)  https://www.googleapis.com/auth/gmail.labels

https://mail.google.com/,https://www.google.com/m8/feeds/,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/apps.groups.migration,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/gmail.insert,https://www.googleapis.com/auth/gmail.labels,https://www.googleapis.com/auth/gmail.settings.sharing

Copy this line with all the fields:

https://mail.google.com/,https://www.google.com/m8/feeds/,https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/apps.groups.migration,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/gmail.insert,https://www.googleapis.com/auth/gmail.labels,https://www.googleapis.com/auth/gmail.settings.sharing

If the API domains are not correctly specified, the resulting list will not match and the migration process will not be performed later, after the migration batch is started.

After clicking on the authorize button the authorized API’s for the service account will appear.

Creating EndPoint for G Suite Migration with Exchange Online with PowerShell

Create a migration endpoint in Office 365

  1. Connect to the service with remote PowerShell. See connect to Exchange Online PowerShell for more information.
  2. Find the super administrator’s email address within the G Suite environment. This email address will be used to test connectivity between G Suite and Office 365. The following steps use “admin123” as an example.
  3. Execute the following command
$User = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $User -Authentication Basic -AllowRedirection

Import-PSSession $Session

$MigrationServerAvailability =Test-MigrationServerAvailability -Gmail -ServiceAccountKeyFileData $([system.IO.File]::ReadAllBytes("D:\\Tc\\DOC\\guite-microsoft-365-e214211466b4.json")) -EmailAddress desarrollo@contoso.org

IF($MigrationServerAvailability.Result -eq "Success")
{
Write-Host "`n`t`tThe G Suite Configuration is CORRECT" -ForegroundColor Green
$MigrationServerAvailability
Write-Host "`n`t`tWeare going to create a Endpoint Migration on Microsoft 365" -ForegroundColor Green
New-MigrationEndpoint -Gmail -ServiceAccountKeyFileData $([System.IO.File]::ReadAllBytes("D:\\TC\\DOC\\guite-microsoft-365-e214211466b4.json")) -EmailAddress desarrollo@contoso.org -Name GSuiteEndPoint_DOC
}

4. If the configuration is correct when you execute these commands you will get a result like this.

PS C:\Users\Eduardo> $User = Get-Credential

$Session = New-PSSession -ConfigurationName
Microsoft.Exchange -ConnectionUri
https://outlook.office365.com/powershell-liveid/ -Credential $User
-Authentication Basic -AllowRedirection

Import-PSSession
$Session

cmdlet
Get-Credential en la posición 1 de la canalización de comandos

Proporcione
valores para los parámetros siguientes:

ADVERTENCIA:
Algunos nombres de comando importados del módulo 'tmp_2o5yz50o.4r3' incluyen verbos no aprobados que podrían dificultar su reconocimiento. Para encontrar los comandos con verbos no aprobados, vuelva a ejecutar el comando Import-Module con el parámetro Verbose. Para obtener una lista de verbos aprobados, escriba Get-Verb.ModuleType Version   
Name                               
ExportedCommands

Script    
1.0        tmp_2o5yz50o.4r3                   
{Add-AvailabilityAddressSpace, Add-DistributionGroupMember,
Add-MailboxFolderPermission, Add-MailboxLocation...}

PS C:\Users\Eduardo>
Test-MigrationServerAvailability -Gmail -ServiceAccountKeyFileData
$([system.IO.File]::ReadAllBytes("D:\\Tc\\DOC\\guite-microsoft-365-e214211466b4.json"))
-EmailAddress desarrollo@contoso.com

RunspaceId     
: 910fa491-d739-4c41-91ff-0eaebca6dc3f

Result         
: Success    

Message        
:               
SupportsCutover : False     

ErrorDetail    
:             

TestedEndpoint 
: g-suite-microsot-365@guite-microsoft-365.iam.gserviceaccount.com

IsValid         : True

Identity        :

ObjectState     : New 

5. If it is executed correctly, execute the following command:

New-MigrationEndpoint -Gmail -ServiceAccountKeyFileData $([System.IO.File]::ReadAllBytes("D:\\TC\\Gmail\\semiotic-patrol-280007-79c1abd24535.json")) -EmailAddress desarrollo@contoso.com -Name GSuiteEndPoint 

6. after running the command you should receive a response similar to

New-MigrationEndpoint
-Gmail -ServiceAccountKeyFileData
$([System.IO.File]::ReadAllBytes("D:\\TC\\DOC\\guite-microsoft-365-e214211466b4.json"))
-EmailAddress desarrollo@contoso.com -Name GSuiteEndPoint_DOC 

Identity           EndpointType RemoteServer
--------           ------------ ------------

GSuiteEndPoint_DOC
Gmail 

We can now verify in the Exchange Online management console that the migration end has been created.

The complete endpoint generation script can be downloaded here.

Verificación de procesos Limpio

If you want us to help your business or company contact us at info@aleson-itc.com or call us at +34 962 681 242