The process of moving a domain from one tenant to another can be a complex task. Hence, in this article, we are going to cover the complete steps required to move the domain between Office 365 tenants without any hassle.
How to Move Domain to Another Tenant in Office 365?
There are several steps in completing the task:
- Step 1. Move the mailboxes of the users to the destination tenant.
- Step 2. Remove the domain that the source tenant has to migrate.
- Step 3. Add that domain to the destination tenant.
- Step 4. Migrate the data from the destination tenant to domain.
Preparing for the Migration
Before starting the migration process, there is a multi-step preparation process. The process is as follows:
- The user needs to make sure there is enough space on the destination domain for the data. The storage limit for a primary mailbox is 50GB, if the data in the source mailbox is more than that, the user might need additional licenses.
- Admin accounts the source tenant and destination tenant. They are needed to move Office 365 domain to another tenant.
- A list of user mailboxes has to be generated for migration
- A CSV file is generated for user mapping after the list is generated.
- Note: the least value of Time To Live (TTL) on the MX record of the primary domain. The value of TTL is 86400 seconds, but for the migration process, it will be set as 3600 seconds. The lowest value of TTL to transfer the most recent data.
- The inflow of emails has to be stopped by changing the MX record value of the source tenant.
- Before transferring Office 365 mailbox to another account, all the objects need to be erased from the primary mail domain in the source tenant.
- End users are to be trained for the use of Office 365 post-migration.
Sadly, Microsoft does not provide a direct way to move Office 365 domain to another tenant.
Steps to move Office 365 domain to another tenant
Here are the steps you can follow to move the Office 365 domain to another tenant:
Step 1. Disabling the ADFS Federation
This only applies to the tenants with equal to or more than one domain using identity federation. All the federation domains must be reverted to managed domains. You will need to connect to the Office 365 tenant using PowerShell command “Connect-MsolService” You can then verify the domains that tare federated by running the “Get-MsolDomain” command.
Set the ADFS context to the name of your server which will be the actual FQDN of the ADFS server.
You can now convert each of your federated domains to a single domain. You can skip the user conversion as it is not required and decreases the amount of time to run the command:
If it is completed successfully, all the domains should be listed as managed. Now, users can no longer login with their credentials if syncronisation of passwords is not enabled.
Step 2. Disable Synchronisation of Azure Active Directory.
When all the domains are managed domains, you can disable the directory synchronisation. Run the following command using PowerShell:
“Set-MsolDirSyncEnabled -EnableDirSync $false“
Now, directory synchronisation can be turned off, or you can uninstall Azure AD Connect.
Step 3. Changing all UPN to the .onmicrosoft Domain
When the identity synchronisation is disabled, all the users should revert to in cloud users. If you try to log back in to the tenant, then the status column must have disappeared completely. All attributes, however, are left unchanged.
In order to remove your domain, you need to make sure that the domain is no longer in use by any of the users. You can run the following script:
You will need to update the primary SMTP address in case you have distributed groups. In order to do this, first login to Exchange Online Powershell and then run the command given below:
Step 4. Remove Dependency if There are Any
Once every user have UPN set to .onmicrosoft.com domain, you should remove any email address that uses one of your domains. You will need to perform this cleanup on resources, users, and all the groups. To find the users who have their email addresses matching the domain, run the following command:
Since we changed, all the users UPN, the primary SMTP addresses have now shifted to .onmicrosoft.com domain. All the remaining addresses are secondary email addresses. You can remove the aliases using the script given below:
$i=0
foreach ($user in $users) {
foreach ($email in $user.emailaddresses){
if ($email -ne “SMTP:”+$user.PrimarySmtpAddress){
Set-Mailbox -Identity $user.name -EmailAddresses @{Remove=$email}
}
}
$i++
Write-host $user.primarysmtpaddress “has been processed” $i”/”$users.count
}”
Now you can remove all the aliases from all the distribution groups by pasting the following script:
$i=0
foreach ($group in $groupss) {
foreach ($email in $group.emailaddresses){
if ($email -ne “SMTP:”+$group.PrimarySmtpAddress){
Set-DistributionGroup -Identity $group.name -EmailAddresses @{Remove=$email}
}
}
$i++
Write-host $group.primarysmtpaddress “has been processed” $i”/”$groups.count
}
Now that you have removed all the dependencies, you can remove verified domains and move Office 365 domain to another tenant.
Conclusion
Office 365 has become one of the most popular organisation due to its productivity suite. There may sometimes arise a situation where users may need to move the Office 365 domain to another tenant. This can be due to mergers, acquisitions, or any kind of rebranding that a company might be going through. The process to move Office 365 domain to another tenant can be a complex process. By the help of this article, you will be able to perform this process with ease