Skip to main content

The BAE Silversky to Office 365 Migration Hinges on One Support Ticket

Nick Ross4 min read

TL;DR

  • BAE Silversky hosted Exchange migrations are simpler than most, and upload speeds are noticeably faster than a typical on-prem Exchange environment.
  • The migration cannot proceed until the admin account has impersonation rights, which on Silversky usually means emailing supportdb@silversky.com with the mailbox-rights command rather than collecting credentials for every user.
  • Smaller Silversky migrations can set mailbox rights manually per user in the Provisor console instead of going through support.
  • Unlike a GoDaddy migration, this is a true MX cutover, so the prestage pass runs first and the MX record only flips once the data is nearly fully moved.
  • Watch for third-party mail filtering connectors such as Symantec or Barracuda, which need matching connectors recreated in Office 365 before the cutover.
BAE Systems logo
Office 365 logo

Of all the hosted Exchange platforms you will migrate customers off of, BAE Silversky is one of the friendlier ones. The migration is straightforward and the upload speeds are far quicker than a typical Exchange environment. The one thing that decides whether the job runs smoothly or stalls is a single permissions step: getting impersonation rights onto your admin account, which on Silversky usually means a support ticket. Get that right and the rest of the BitTitan run is routine.

This is a high-level overview of the migration steps using BitTitan. For the complete step-by-step guide with screenshots, follow this playbook PDF (opens in new tab). The guide is specific to BitTitan, but the same concepts apply with any tool.

Stand up the destination tenant

  • Provision a net-new tenant in Office 365. It is provisioned with the .onmicrosoft.com domain. Purchase it directly or under the CSP model through a distributor.
  • Add and verify the domain. In the 365 Admin Center, go to Setup > Domains > Add Domains, then add the domain and verify with a TXT record.
  • Add users and apply licenses one at a time, by bulk upload via PowerShell, by bulk upload via CSV, or through AD Connect setup (opens in new tab).

To bulk import users with passwords:

text
Import-Csv -Path 'FilePath' | foreach {New-MsolUser -UserPrincipalName $_.UserPrincipalName -FirstName $_.FirstName -LastName $_.LastName -DisplayName $_.DisplayName -Password $_.Password -ForceChangePassword $False}

The step that gates everything: source impersonation rights

The admin account needs impersonation rights on the source mailboxes so a single account can access them all. There are two ways to get there.

Option 1: Manually, in the Provisor console. For smaller migrations, you can set this per user:

  1. Log in to Provisor.
  2. Double-click the user > Packages > highlight Exchange > Edit > click "Launch Mailbox Rights Management" > add the account and grant it Read and Full access.
Silversky Provisor Mailbox Rights Management console

Option 2: Through Silversky support. For larger migrations, email supportdb@silversky.com and have them apply mailbox rights across all mailboxes at once. A template that works:

Hey Team,
Partner:
Customer:
BAE Product: (ex. BAE Systems 2010 Exchange 25GB)
I am performing a migration for this customer. In checking the admin user for BAE, I see that they do not have sufficient permission to impersonate the users mailboxes (This avoids us having to get creds for each user). We just need to run this powershell script for the admin user for this account:
Can you please run this command for the account:
Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -User
Please let me know if you have any additional questions.

Upgrade software on workstations. If applicable, install the latest Office 365 software on all user workstations.

Set up a BitTitan account

Push the Outlook reconfiguration agent

BitTitan includes a tool called Deployment Pro that reconfigures Outlook profiles after the migration. You can push it out through GPO or by email.

BitTitan Deployment Pro device list showing registered agents and heartbeat status
BitTitan Deployment Pro agent matching users to devices

Prepare the migration endpoints

  • Set up source and destination endpoints in the BitTitan portal. Find the source endpoint under "Find My Service Provider" > "Silversky." The destination is Office 365. Provide admin credentials.
  • Autodiscover users. Clean up the user list as needed and remediate UPN issues by clicking the pencil icon next to a user.
  • Verify credentials. This tells you whether there are errors. The most typical errors are insufficient impersonation rights or wrong admin credentials. A successful check shows "Completed Verification."
  • Subscribe users. Select all users, click the last icon on the top toolbar (three lines), and choose "Apply User Migration Bundle." It takes 3 to 5 minutes to propagate.

Prestage, then plan the MX cutover

Unlike a GoDaddy migration, this is a true MX cutover. Move the bulk of the data first, then flip the record.

  • Run a prestage pass bringing mail from the Exchange server to Office 365. This brings over the bulk of the data before the MX cutover. Set it prior to 60 days. Any user whose status changes to "Failed" is almost 100% due to a server timeout. Simply re-run those users.
BitTitan prestage migration pass progress
  • Define the MX cutover time to 365. Preferably during non-business hours. Go to 365 Admin Center > Setup > Domains to find the MX record you will need to change. The format follows: Domain-com.mail.protection.outlook.com. Take note of any third-party connectors for email filtering such as Symantec or Barracuda. Look up the steps for creating connectors in 365; these providers usually have step-by-step guides you can find easily.

Full pass and MX cutover

  • Run a full pass to bring over the remaining mail, calendars, contacts, notes, and rules. This should not take long as long as the prestage pass completed. Once the full pass completes, run up to 10 delta passes to collect residual mail.
  • Switch the MX records. Point the records at 365. Do not green-light this step if there is still a lot of data to move over. Test inbound and outbound mail flow.

Post-migration cleanup

  • Confirm the DMA agent ran successfully. DMA status goes into "Completed" after successful authentication by the end user. Any user who fails authentication three times goes into an "error" status. Reschedule those users and make sure they have the correct 365 password.
BitTitan DMA agent completion status per user

Frequently asked questions

Do I need credentials for every Silversky mailbox?

No. The point of setting impersonation rights on the admin account is to avoid collecting credentials for each user. On Silversky, support runs Get-Mailbox -ResultSize Unlimited | Add-MailboxPermission -AccessRights FullAccess -User so one admin account can access every mailbox.

Can I set the impersonation rights myself?

For smaller migrations, yes. In the Provisor console, double-click the user, go to Packages, highlight Exchange, click Edit, then Launch Mailbox Rights Management, add the account and grant it Read and Full access. For larger migrations, have Silversky support apply it across all mailboxes at once.

When do I switch the MX records?

After the full pass completes and the data is nearly all moved. Do not switch MX if there is still a lot of data outstanding. Point the records at Office 365 during non-business hours and test inbound and outbound mail flow immediately.

What about my email filtering provider?

Take note of any third-party connectors for email filtering such as Symantec or Barracuda before cutover. You will need to recreate matching connectors in Office 365. These providers usually publish step-by-step guides.

Harden the tenant the moment mail lands

Once the cutover is done, the security posture is yours to own. CloudCapsule checks 250+ controls across every tenant you manage in about 60 seconds each, turning a fresh migration into a documented baseline.

Run a free scan
Nick Ross

Written by

Nick Ross

CEO · Microsoft MVP · Founder, T-Minus 365

Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.

Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.

Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.

Keep reading