Deployment Master Class

The technical deep-dive for migrating your enterprise.
Detailed installation & usage guides for GWMME, DMS, and GCDS.

GWMME Guide DMS Guide GCDS Setup
📋

Phase 1: Migration Strategy

Planning the move from Office 365.

1. Core IT (Phase I)

Duration: 1-2 Weeks

  • Verify Domain ownership in Google Admin Console.
  • Configure GCDS (Google Cloud Directory Sync) to sync users from AD.
  • Set up GSPS (Password Sync) if keeping AD as IdP.
  • Migrate IT staff mailboxes first as a test.

2. Early Adopters (Phase II)

Duration: 2-4 Weeks

  • Select 5-10% of users (Tech-savvy champions).
  • Migrate Mail, Calendar, and Contacts.
  • Test major integrations (Salesforce, Slack, etc.).
  • Gather feedback and refine training materials.

3. Global Go-Live (Phase III)

Duration: Weekend Cutover

  • Update MX Records to point to Google.
  • Execute final data delta migration (catch-up sync).
  • Decommission legacy Exchange servers / O365 licenses.
🏢

GWMME: Enterprise Migration

Google Workspace Migration for Microsoft Exchange.

🛠️ What is GWMME?

GWMME is a client-side utility that runs on a Windows Server. It connects to your source environment (Exchange or O365) via EWS/IMAP and pushes data to Google via API. It handles Email, Calendar, and Contacts.

Step 1: Prerequisites

Machine Requirements

  • Windows Server 2012 r2, 2016, or 2019 (Recommended).
  • 4+ Cores, 8GB+ RAM (Higher for more threads).
  • CRITICAL: Microsoft Outlook (32-bit only) must be installed. This provides the MAPI DLLs needed to read data.

API Authorization

You must create a Google Cloud Project, enable the Gmail API, Calendar API, and Contacts API, and create a Service Account.

Delegate Domain-Wide Authority to the Service Account in Google Admin Console (Security > API Controls > Domain-wide Delegation).

Step 2: Installation & Authorization

Authorizing GWMME

  1. Download GWMME (Official Google link).
  2. Run the installer on your migration server.
  3. Launch GWMME. It will ask for your Client ID (from the Service Account JSON) and user scope.
  4. Scopes required:
    • https://mail.google.com/
    • https://www.google.com/calendar/feeds/
    • https://www.google.com/m8/feeds/

Step 3: Setup & Execution

Preparing the Mapping File

Create a CSV file named user_list.csv matching source to destination. 

SourceEmail,DestinationEmail
john.doe@old-domain.com,john.doe@new-google-domain.com
jane.smith@old-domain.com,jane.smith@new-google-domain.com

Running a Migration

  1. Open GWMME Admin Tool.
  2. Select Migration Source: Exchange/IMAP (Enter Hostname/Admin Credentials).
  3. Select Migration Destination: Google Workspace (Upload Service Account JSON JSON).
  4. Load your user_list.csv.
  5. Select Data Types: Mail, Calendar, Contacts.
  6. Set Date Range (e.g., "Past 1 Year" for initial pass).
  7. Click Migrate.
☁️

DMS: Data Migration Service

The cloud-native migration tool built into Admin Console.

✨ Best for Smaller/Simple Migrations

DMS requires no server setup. It pulls data directly cloud-to-cloud. Ideal for specific user batches or smaller organization sizes.

Step 1: Source Connection

  1. Go to Admin Console > Data > Data Import & Migration.
  2. Click "Set Up Data Migration".
  3. Source: Microsoft Office 365.
  4. Connection Protocol: Auto-select (Recommended).
  5. Authorize: Sign in with a Global Admin account from the O365 tenant to grant access.

Step 2: User Mapping

  1. Click "Add User".
  2. Enter Source Email and Destination Email.
  3. Password: Usually not required if using OAuth/Authorized connection.
  4. Click "Start".
  5. Bulk Upload: You can upload a CSV to start multiple users at once.
CSV Headers: Source Email, Dictionary Email, Source Password (Optional)
🔄

GCDS: Identity Sync

Syncing Active Directory users & groups.

GCDS Configuration Steps

  1. Download & Install: Install on the same machine as your AD or a member server.
  2. Authorize: Use a Super Admin account to authorize the tool.
  3. LDAP Configuration: Point GCDS to your Domain Controller.
    • Host: domain-controller-hostname
    • Port: 389 (Standard) or 636 (SSL - Recommended)
    • User: CN=GCDS,CN=Users,DC=yourcorp,DC=com
  4. Org Unit Mapping: Map AD OUs to Google OUs.
    Example: ou=Staff,dc=corp -> /Staff.
  5. Exclusion Rules: Vital for preventing accidental deletion of cloud-only accounts.
common_exclusions.xml 
<!-- Example GCDS User Exclusion Rule -->
<!-- Prevents GCDS from suspending your break-glass Admin account -->

<exclusionRule>
  <type>USER</type>
  <matchType>EXACT_MATCH</matchType>
  <identifier>admin@yourdomain.com</identifier>
</exclusionRule>
🔐

Secure LDAP

Connecting legacy apps (VPN, Printers) to Google.

Setup Walkthrough

Secure LDAP allows your legacy applications to authenticate users against Google Workspace without Active Directory.


Steps:
  1. Go to Apps > LDAP in Admin Console.
  2. Add a Client (e.g., "Cisco VPN").
  3. Download the generated Certificate (.zip).
  4. Install the certificate on your LDAP client (VPN/Firewall).
  5. Configure client settings:
    • Hostname: ldap.google.com
    • Port: 636 (SSL)
    • Base DN: dc=yourdomain,dc=com

Migration FAQ

Will sync delete my users?

Only if configured incorrectly! Always run GCDS in "Simulate Sync" mode first. Check the logs for proposed deletions before applying changes.

How do I handle shared mailboxes?

In Google Workspace, shared mailboxes are typically converted to Google Groups (Collab Inbox) or Delegated Accounts. Groups are free; Delegated accounts consume a license.

Can I coexist with O365?

Yes. You can set up "Dual Delivery" or "Split Delivery" in Gmail routing settings to allow some users on O365 and others on Google during the transition.