Hello and welcome to another On Demand Migration video demonstration. My name's Luke, and I'm going to take you through the process of switching a user's mailbox and updating their Outlook profile to utilize the target account after all content has been migrated. One of the easier options for small deployments is simply to go into the File section of the Outlook client and add their target account manually by typing their target email address and inserting their target account password and proceeding through the wizard shown here.
But the main method in this video is deploying the Client Update Agent, which is much better for larger deployments and a seamless user experience. This is an area that some people overlook, because the main responsibility in a migration is to successfully and safely get all the content to the target. However, it's also one of the most important things, because what the end user sees after the migration is complete is also one of the most important factors of determining how successful a migration was.
We'll start with the source user's Outlook client. Our user, Megan Bowen, has many items in her inbox, as well as a full calendar. Megan's user account has been migrated from the source tenant to the target tenant, as well as their mailbox content. This means that Megan is ready to have her mailbox switched over to utilize the target from here on out.
So in the Mailboxes section of the ODM console within the migration project, we select Switch Mailbox. We're presented with a window like this one. You'll notice something advising you to make sure you've already deployed the Client Update Agent in your environment. The Client Update Agent is what updates the user's Outlook profile to point to the target mailbox without them missing a beat.
When you click on the Client Update Agent link, it brings you to another window that gives you the option to download the package. We'll have a closer look at what that package entails. Within the zip file there will be a certificate, an executable, and a Read Me. All of these are essential for the success in this process.
The certificate can be imported to the User Certificate Store through group policy or other methodology. And the ODM client executable can be run via logon script. So both of these things can be done on the administrative side without the end user having to do any sort of manual intervention.
The Read Me is extremely important, as well. It contains the specific command switch that you need to run with the executable when the end user logs in and the logon script is executed. And also contains some very useful usage instructions, such as deploying the certificate to all required computers. Next we're going to download the client and show you how to deploy it for your group policy, as well as the certificate.
So as shown previously, there's a download link. When you go to Switch the Mailbox with an On Demand Migration, it'll download a zipped package with a certificate, an executable, and a Read Me. We've just downloaded this package to our domain controller for the target or destination tenant or domain.
We're logged in as the Domain Administrator, and we go to the Group Policy Management tool. This particular domain is called Quest Demos, so we expand that. And underneath it we'll see a section called Quest Demos Computers. We've right-clicked and created a new policy called ODM Client Update Policy, for example. Then we right-click that policy and click Edit.
Within it you'll see both user and computer configuration. We'll expand computer configuration, then policies, than Windows settings. Then we expand security settings and public key policies. We right-click and select Import, and we see the Certificate Import Wizard. For the first window we click Next,
And then we are asked to select the file name. We select the certificate file that was downloaded. It's in PFX format, so you may have to change the extensions that this is looking for. We will set it with no password. We'll click Next, and we'll click Next again to import it into the Trusted Root Certification Authorities store. Then we'll click Finish, and the import succeeds, and we can enforce this policy.
If there is a specific computer you want to apply this to selectively, you can select it in this window here, simply by typing the name, clicking Check Names, verifying that it's correct, and clicking OK. Now that the certificate will be imported to all computers' Trusted Root Certification Authority store, the next step is to find a way to make the executable and command line run the way we want it to when a user logs on, so their profile updates. You can do this with the logon script, and the easiest way is to create a batch file.
You can do this by creating a new text document, labeling it accordingly, then opening it, then using the command line information from the Read Me. We simply paste it within the batch file script. There are many tutorials out there, how to create a simple batch script, and this is really fairly simple in comparison.
Here you can see the command line info we used from the Read Me file. So we ensured it was pasted in the batch file with quotations around it, along with the full UNC path that we're going to use. UNC path is just like a network share. So you can use a pass to any universally accessible network share, as well.
And we've saved the file as a .bat extension. Now we have to create a logon script policy for the users involved. Since we're targeting a directory user, we'll expand Quest Demo's directory and Users and Groups. And you'll want to right-click on the OU that you know the user resides in the organizational unit, and create a new policy. In this
10:07